Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715
On Thu, Jan 11, 2018 at 4:33 PM, Derek Atkins <derek(a)ihtfp.com> wrote:
Yaniv Kaul <ykaul(a)redhat.com> writes:
> On Mon, Jan 8, 2018 at 7:32 PM, Derek Atkins <warlord(a)mit.edu> wrote:
>
> Michal Skrivanek <michal.skrivanek(a)redhat.com> writes:
>
> > > If there are Patches nessessary will there also be
updates
> for
> > ovirt 4.1 or
> > > only 4.2?
> >
> > 4.1 will be covered
>
> What about 4.0? Or will that not be covered because it depends on
7.3,
> which also isn't covered??
>
> It will not be covered because we have 4.1 and 4.2 out, both of which we
take
> care of.
I was afraid of that. So I will need to upgrade to at least 7.4/4.1 to
get this fixed. I'll need to find some time to do that. :(
My users don't like having downtime.. and this is a single-host system.
No one likes downtime but I suspect this is one of those serious
vulnerabilities that you really really must be protected against.
That being said, before planning downtime, check your HW vendor for
firmware or Intel for microcode for the host first.
Without it, there's not a lot of protection anyway.
Note that there are 4 steps you need to take to be fully protected: CPU,
hypervisor, guests and guest CPU type - plan ahead!
Y.
> Y.
-derek
--
Derek Atkins 617-623-3745
derek(a)ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
Attachments:
- attachment.html (text/html — 2.6 KB)