[ovirt-users] Re: [ovirt-announce] CVE-2018-3639 - Important - oVirt - Speculative Store Bypass

On Mon, May 28, 2018 at 3:40 PM, Nathanaël Blanchet <blanchet(a)abes.fr <mailto:blanchet@abes.fr>> wrote: XP has reached is end of life in may 14 and Microsoft decided to release an exceptionnal update because of a critical leak last year... so all is possible when it is about criticity! All is indeed possible. We always welcome contribution to the oVirt project, and you can send patches that backport the 4.2 patches to 4.1 and build it. Y. https://www.microsoft.com/en-us/download/details.aspx?id=18770 <https://www.microsoft.com/en-us/download/details.aspx?id=18770> Le 28/05/2018 à 14:23, Sandro Bonazzola a écrit : > > > 2018-05-28 14:07 GMT+02:00 Nathanaël Blanchet <blanchet(a)abes.fr > <mailto:blanchet@abes.fr>>: > > Hello, > > Will a 4.1.9.x security update be released for those who > can't migrate to 4.2.3.7 for any reasons? > > No. oVirt 4.1 reached end of life with 4.1.9 > https://lists.ovirt.org/pipermail/announce/2018-January/000383.html > <https://lists.ovirt.org/pipermail/announce/2018-January/000383.html> > Please consider updating to 4.2 as soon as practical / possible. > > > Le 23/05/2018 à 16:57, Sandro Bonazzola a écrit : >> As you may have already heard, an industry-wide issue was >> found in the way many modern microprocessor designs have >> implemented speculative execution of Load & Store instructions. >> This issue is well described by CVE-2018-3639 announce >> available at >> https://access.redhat.com/security/cve/cve-2018-3639 >> <https://access.redhat.com/security/cve/cve-2018-3639>;. >> >> oVirt team has released right now an update of ovirt-engine >> to version 4.2.3.7 which add support for SSBD CPUs in order >> to mitigate the security issue. >> >> If you are running oVirt on Red Hat Enterprise Linux, please >> apply updates described in >> https://access.redhat.com/security/cve/cve-2018-3639 >> <https://access.redhat.com/security/cve/cve-2018-3639>;. >> >> If you are running oVirt on CentOS Linux please apply >> updated described by: >> CESA-2018:1629 Important CentOS 7 kernel Security Update >> <https://lists.centos.org/pipermail/centos-announce/2018-May/022843.html> >> CESA-2018:1632 Important CentOS 7 libvirt Security >> Update<https://lists.centos.org/pipermail/centos-announce/2018-May/022... >> CESA-2018:1649 Important CentOS 7 java-1.8.0-openjdk >> Security >> Update<https://lists.centos.org/pipermail/centos-announce/2018-May/022... >> CESA-2018:1648 Important CentOS 7 java-1.7.0-openjdk >> Security >> Update<https://lists.centos.org/pipermail/centos-announce/2018-May/022... >> >> An update for qemu-kvm-ev has been also tagged for release >> and announced with >> CESA-2018:1655 Important: qemu-kvm-ev security update >> <https://lists.centos.org/pipermail/centos-virt/2018-May/005804.html> >> but due to some issues in CentOS release process for Virt >> SIG content, it is not yet available on mirrors. >> We are working with CentOS community to get the packages >> signed and published as soon as possible. >> In the meanwhile you can still get the update package by >> enabling the test repository >> https://buildlogs.centos.org/centos/7/virt/x86_64/kvm-common/ >> <https://buildlogs.centos.org/centos/7/virt/x86_64/kvm-common/> >> on your systems or manually installing the package from the >> repository. >> >> If you're running oVirt on a different Linux distribution, >> please check with your vendor for available updates. >> >> Please note that to fully mitigate this vulnerability, >> system administrators must apply both hardware “microcode” >> updates and software patches that enable new functionality. >> At this time, microprocessor microcode will be delivered by >> the individual manufacturers. >> >> The oVirt team recommends end users and systems >> administrator to apply any available updates as soon as >> practical. >> >> Thanks, >> -- >> >> SANDRO BONAZZOLA >> >> ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG >> VIRTUALIZATION R&D >> >> Red Hat EMEA <https://www.redhat.com/> >> >> sbonazzo(a)redhat.com <mailto:sbonazzo@redhat.com> >> >> <https://red.ht/sig> >> <https://redhat.com/summit> >> >> >> >> _______________________________________________ >> Announce mailing list --announce(a)ovirt.org <mailto:announce@ovirt.org> >> To unsubscribe send an email toannounce-leave(a)ovirt.org <mailto:announce-leave@ovirt.org> > > -- > Nathanaël Blanchet > > Supervision réseau > Pôle Infrastrutures Informatiques > 227 avenue Professeur-Jean-Louis-Viala > <https://maps.google.com/?q=227+avenue+Professeur-Jean-Louis-Viala&ent... > 34193 MONTPELLIER CEDEX 5 > Tél. 33 (0)4 67 54 84 55 > Fax 33 (0)4 67 54 84 14 > blanchet(a)abes.fr <mailto:blanchet@abes.fr> > > > > > -- > > SANDRO BONAZZOLA > > ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R&D > > Red Hat EMEA <https://www.redhat.com/> > > sbonazzo(a)redhat.com <mailto:sbonazzo@redhat.com> > > <https://red.ht/sig> > <https://redhat.com/summit> > -- Nathanaël Blanchet Supervision réseau Pôle Infrastrutures Informatiques 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet(a)abes.fr <mailto:blanchet@abes.fr> _______________________________________________ Users mailing list -- users(a)ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave(a)ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ <https://www.ovirt.org/site/privacy-policy/> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/JU2IA6ZZAVZ... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/JU2IA6ZZAVZ...