<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jan 4, 2018 at 12:31 PM, Barak Korren <span dir="ltr"><<a href="mailto:bkorren@redhat.com" target="_blank">bkorren@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-">On 4 January 2018 at 09:24, Marcel Hanke <<a href="mailto:marcel.hanke@1und1.de">marcel.hanke@1und1.de</a>> wrote:<br>
> Hi,<br>
> besides the kernel and microcode updates are there also updates of ovirt-<br>
> engine and vdsm nessessary and if so, is there a timeline when the patches can<br>
> be expected?<br>
> If there are Patches nessessary will there also be updates for ovirt 4.1 or<br>
> only 4.2?<br>
<br>
</span>Looking at the relevant Red Hat announcement:<br>
<a href="https://access.redhat.com/security/vulnerabilities/speculativeexecution" rel="noreferrer" target="_blank">https://access.redhat.com/<wbr>security/vulnerabilities/<wbr>speculativeexecution</a><br>
<br>
It seems that no packages that are derived directly from oVirt were updated.<br>
You can see qemu-kvm-rhev there, which is quemu-kvm-ev in CentOS -<br>
that used to be distributed by oVirt, but these days its is shipped as<br>
part of the CentOS VirtSIG repo.<br>
<br>
AFAIK none of those components were released on CentOS yet, so if<br>
you're running oVirt on CentOS you'll need to wait.<br></blockquote><div><br></div><div>CentOS kernel, microcode_ctl and linux-firmware have been released.</div><div>See [1] for example. I'm sure others will follow.</div><div>Y.</div><div><br></div><div>[1] <a href="https://lists.centos.org/pipermail/centos-announce/2018-January/022696.html">https://lists.centos.org/pipermail/centos-announce/2018-January/022696.html</a></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
I suppose oVirt packages and install scripts will be updated over the<br>
next few days to require the newer packages, but you do not need to<br>
wait for those updates to patch your systems, you can probably patch<br>
as soon as the updates are made available.<br>
<br>
Once updates are available, a new node and engine-apppliance images<br>
will probably also be built and released.<br>
<br>
Please note that the above as mostly a rough estimate based on my<br>
familiarity with the processes involved, I am not directly affiliated<br>
with any of the teams handling the response to these CVEs.<br>
<span class="gmail-HOEnZb"><font color="#888888"><br>
--<br>
Barak Korren<br>
RHV DevOps team , RHCE, RHCi<br>
Red Hat EMEA<br>
<a href="http://redhat.com" rel="noreferrer" target="_blank">redhat.com</a> | TRIED. TESTED. TRUSTED. | <a href="http://redhat.com/trusted" rel="noreferrer" target="_blank">redhat.com/trusted</a><br>
</font></span><div class="gmail-HOEnZb"><div class="gmail-h5">______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
</div></div></blockquote></div><br></div></div>