On Thu, Jan 11, 2018 at 4:33 PM, Derek Atkins <derek@ihtfp.com> wrote:
Yaniv Kaul <ykaul@redhat.com> writes:

> On Mon, Jan 8, 2018 at 7:32 PM, Derek Atkins <warlord@mit.edu> wrote:
>
>     Michal Skrivanek <michal.skrivanek@redhat.com> writes:
>
>     >             > If there are Patches nessessary will there also be updates
>     for
>     >             ovirt 4.1 or
>     >             > only 4.2?
>     >
>     > 4.1 will be covered
>
>     What about 4.0?  Or will that not be covered because it depends on 7.3,
>     which also isn't covered??
>
> It will not be covered because we have 4.1 and 4.2 out, both of which we take
> care of.

I was afraid of that.  So I will need to upgrade to at least 7.4/4.1 to
get this fixed.   I'll need to find some time to do that.  :(

My users don't like having downtime..  and this is a single-host system.

No one likes downtime but I suspect this is one of those serious vulnerabilities that you really really must be protected against.
That being said, before planning downtime, check your HW vendor for firmware or Intel for microcode for the host first.
Without it, there's not a lot of protection anyway. 
Note that there are 4 steps you need to take to be fully protected: CPU, hypervisor, guests and guest CPU type - plan ahead!
Y.


> Y.

-derek

--
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant