[ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715
Yaniv Kaul
ykaul at redhat.com
Thu Jan 11 14:53:09 UTC 2018
On Thu, Jan 11, 2018 at 4:33 PM, Derek Atkins <derek at ihtfp.com> wrote:
> Yaniv Kaul <ykaul at redhat.com> writes:
>
> > On Mon, Jan 8, 2018 at 7:32 PM, Derek Atkins <warlord at mit.edu> wrote:
> >
> > Michal Skrivanek <michal.skrivanek at redhat.com> writes:
> >
> > > > If there are Patches nessessary will there also be
> updates
> > for
> > > ovirt 4.1 or
> > > > only 4.2?
> > >
> > > 4.1 will be covered
> >
> > What about 4.0? Or will that not be covered because it depends on
> 7.3,
> > which also isn't covered??
> >
> > It will not be covered because we have 4.1 and 4.2 out, both of which we
> take
> > care of.
>
> I was afraid of that. So I will need to upgrade to at least 7.4/4.1 to
> get this fixed. I'll need to find some time to do that. :(
>
> My users don't like having downtime.. and this is a single-host system.
>
No one likes downtime but I suspect this is one of those serious
vulnerabilities that you really really must be protected against.
That being said, before planning downtime, check your HW vendor for
firmware or Intel for microcode for the host first.
Without it, there's not a lot of protection anyway.
Note that there are 4 steps you need to take to be fully protected: CPU,
hypervisor, guests and guest CPU type - plan ahead!
Y.
> > Y.
>
> -derek
>
> --
> Derek Atkins 617-623-3745
> derek at ihtfp.com www.ihtfp.com
> Computer and Internet Security Consultant
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20180111/51c0492a/attachment.html>
More information about the Users
mailing list