2018-05-24 13:38 GMT+02:00 Karanbir Singh <kbsingh at redhat.com>: > On 24/05/18 11:53, Karanbir Singh wrote: > > On 24/05/18 11:18, Sandro Bonazzola wrote: > >> > >> > >> 2018-05-24 3:18 GMT+02:00 Karanbir Singh <kbsingh at redhat.com > >> <mailto:kbsingh at redhat.com>>: > >> > >> On 23/05/18 06:56, Sandro Bonazzola wrote: > >> > CentOS Errata and Security Advisory 2018:1655 Important > >> > > >> > Upstream details at: https://access.redhat.com/ > errata/RHSA-2018:1655 > >> <https://access.redhat.com/errata/RHSA-2018:1655> > >> > > >> > This is the qemu-kvm-ev side of the CVE-2018-3639 mitigation. > >> > > >> > qemu-kvm-ev-2.10.0-21.el7_5.3.1 > >> > <http://cbs.centos.org/koji/buildinfo?buildID=22813 > >> <http://cbs.centos.org/koji/buildinfo?buildID=22813>> has been > >> tagged for > >> > release yesterday morning and should land on mirrors this morning. > >> > Johnny, Brian, Karanbir, please cross check it's being published, > I > >> > would have expected it to be already on mirrors. > >> > > >> > Thanks, > >> > -- > >> > > >> > SANDRO BONAZZOLA > >> > > >> > ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION > R&D > >> > > >> > Red Hat EMEA <https://www.redhat.com/> > >> > > >> > sbonazzo at redhat.com <mailto:sbonazzo at redhat.com> > >> <mailto:sbonazzo at redhat.com <mailto:sbonazzo at redhat.com>> > >> > > >> > <https://red.ht/sig> > >> > <https://redhat.com/summit> > >> > > >> > >> With all the noise around this specific package, i went and looked > and > >> its in the queue for push, should be in the packages for Thu 24th > >> > >> > >> Looks like it's not yet published. > >> Also altarch is still broken https://bugs.centos.org/view.php?id=14835 > >> > >> > >> > >> > >> > > > > yeah, this is down to how the various arch bits were pushed out of sync; > > we got cut both ways, either if we do x86_64 on its own or we dont, > > > > i am working on sig content right now, so let me go look at this as well > > > > > > the sign runs are now running cleanly for altarch as well, it looks like > the mirrors caught up in sync with those in the last day or so. its > going to run for a bit though, I'll keep an eye on things. > > w.r.t the CVE note - just want to point out that I've been told that > lacking the vendor supplied microcode this fix's in this code do not > really help much. And there is no vendor microcode as yet. Is that an > accurate state of play ? > AFAIK Intel released a beta microcode to OEMs so individual hardware vendors should be providing it through their support pages after testing with their hardware. > > > -- > Karanbir Singh <kbsingh at redhat.com> | London, UK > Project Lead, The CentOS Project > Consulting Engineer, https://openshift.io/ > > -- SANDRO BONAZZOLA ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R&D Red Hat EMEA <https://www.redhat.com/> sbonazzo at redhat.com <https://red.ht/sig> <https://redhat.com/summit> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20180524/708191b0/attachment-0004.html>