<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 4 Jan 2018, at 22:16, Sandro Bonazzola <<a href="mailto:sbonazzo@redhat.com" class="">sbonazzo@redhat.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><br class=""><div class="gmail_extra"><br class=""><div class="gmail_quote">2018-01-04 17:21 GMT+01:00 Yaniv Kaul <span dir="ltr" class=""><<a href="mailto:ykaul@redhat.com" target="_blank" class="">ykaul@redhat.com</a>></span>:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class=""><br class=""><div class="gmail_extra"><br class=""><div class="gmail_quote"><span class="">On Thu, Jan 4, 2018 at 12:31 PM, Barak Korren <span dir="ltr" class=""><<a href="mailto:bkorren@redhat.com" target="_blank" class="">bkorren@redhat.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="m_438005550949541432gmail-">On 4 January 2018 at 09:24, Marcel Hanke <<a href="mailto:marcel.hanke@1und1.de" target="_blank" class="">marcel.hanke@1und1.de</a>> wrote:<br class="">
> Hi,<br class="">
> besides the kernel and microcode updates are there also updates of ovirt-<br class="">
> engine and vdsm nessessary and if so, is there a timeline when the patches can<br class="">
> be expected?<br class=""></span></blockquote></span></div></div></div></blockquote></div></div></div></div></blockquote><div><br class=""></div>yes there are</div><div>right after the base OS is completely covered</div><div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class=""><div class="gmail_extra"><div class="gmail_quote"><span class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="m_438005550949541432gmail-">
> If there are Patches nessessary will there also be updates for ovirt 4.1 or<br class="">
> only 4.2?<br class=""></span></blockquote></span></div></div></div></blockquote></div></div></div></div></blockquote><div><br class=""></div>4.1 will be covered</div><div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class=""><div class="gmail_extra"><div class="gmail_quote"><span class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="m_438005550949541432gmail-">
<br class="">
</span>Looking at the relevant Red Hat announcement:<br class="">
<a href="https://access.redhat.com/security/vulnerabilities/speculativeexecution" rel="noreferrer" target="_blank" class="">https://access.redhat.com/secu<wbr class="">rity/vulnerabilities/speculati<wbr class="">veexecution</a><br class="">
<br class="">
It seems that no packages that are derived directly from oVirt were updated.<br class=""></blockquote></span></div></div></div></blockquote></div></div></div></div></blockquote><div><br class=""></div>they are, the page is updating as it progresses</div><div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class=""><div class="gmail_extra"><div class="gmail_quote"><span class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
You can see qemu-kvm-rhev there, which is quemu-kvm-ev in CentOS -<br class="">
that used to be distributed by oVirt, but these days its is shipped as<br class="">
part of the CentOS VirtSIG repo.<br class="">
<br class="">
AFAIK none of those components were released on CentOS yet, so if<br class="">
you're running oVirt on CentOS you'll need to wait.<br class=""></blockquote><div class=""><br class=""></div></span><div class="">CentOS kernel, microcode_ctl and linux-firmware have been released.</div><div class="">See [1] for example. I'm sure others will follow.</div><div class="">Y.</div><div class=""><br class=""></div><div class="">[1] <a href="https://lists.centos.org/pipermail/centos-announce/2018-January/022696.html" target="_blank" class="">https://lists.centos.org/<wbr class="">pipermail/centos-announce/<wbr class="">2018-January/022696.html</a></div><span class=""><div class=""> </div></span></div></div></div></blockquote><div class=""><br class=""></div><div class="">qemu-kvm-ev has also been tagged for release, will be in next batch or earlier if I can find kbsing for manually push it.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class=""><div class="gmail_extra"><div class="gmail_quote"><span class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br class="">
I suppose oVirt packages and install scripts will be updated over the<br class="">
next few days to require the newer packages, but you do not need to<br class="">
wait for those updates to patch your systems, you can probably patch<br class="">
as soon as the updates are made available.<br class=""></blockquote></span></div></div></div></blockquote></div></div></div></div></blockquote><div><br class=""></div>I suggest to start with the kernel</div><div>But please do read up on the various variants and mitigations. You may not necessarily need all of them</div><div>Also, you may lack the right firmware/microcode updates from your CPU vendor at the moment. Red Hat's microcode package only contains those which were released by Intel/AMD so far.</div><div><br class=""></div><div>Thanks,</div><div>michal</div><div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class=""><div class="gmail_extra"><div class="gmail_quote"><span class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br class="">
Once updates are available, a new node and engine-apppliance images<br class="">
will probably also be built and released.<br class="">
<br class="">
Please note that the above as mostly a rough estimate based on my<br class="">
familiarity with the processes involved, I am not directly affiliated<br class="">
with any of the teams handling the response to these CVEs.<br class="">
<span class="m_438005550949541432gmail-HOEnZb"><font color="#888888" class=""><br class="">
--<br class="">
Barak Korren<br class="">
RHV DevOps team , RHCE, RHCi<br class="">
Red Hat EMEA<br class="">
<a href="http://redhat.com/" rel="noreferrer" target="_blank" class="">redhat.com</a> | TRIED. TESTED. TRUSTED. | <a href="http://redhat.com/trusted" rel="noreferrer" target="_blank" class="">redhat.com/trusted</a><br class="">
</font></span><div class="m_438005550949541432gmail-HOEnZb"><div class="m_438005550949541432gmail-h5">______________________________<wbr class="">_________________<br class="">
Users mailing list<br class="">
<a href="mailto:Users@ovirt.org" target="_blank" class="">Users@ovirt.org</a><br class="">
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank" class="">http://lists.ovirt.org/mailman<wbr class="">/listinfo/users</a><br class="">
</div></div></blockquote></span></div><br class=""></div></div>
<br class="">______________________________<wbr class="">_________________<br class="">
Users mailing list<br class="">
<a href="mailto:Users@ovirt.org" class="">Users@ovirt.org</a><br class="">
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank" class="">http://lists.ovirt.org/<wbr class="">mailman/listinfo/users</a><br class="">
<br class=""></blockquote></div><br class=""><br clear="all" class=""><div class=""><br class=""></div>-- <br class=""><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div style="font-family: overpass, sans-serif; font-weight: bold; margin: 0px; padding: 0px; font-size: 14px; text-transform: uppercase;" class=""><span class="">SANDRO</span> <span class="">BONAZZOLA</span></div><p style="font-family: overpass, sans-serif; font-size: 10px; margin: 0px 0px 4px; text-transform: uppercase;" class=""><span class="">ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R&D</span></p><div style="font-family: overpass, sans-serif; margin: 0px; font-size: 10px; color: rgb(153, 153, 153);" class=""><a href="https://www.redhat.com/" style="color:rgb(0,136,206);margin:0px" target="_blank" class="">Red Hat <span class="">EMEA</span></a></div><table border="0" style="font-family: overpass, sans-serif; font-size: inherit;" class=""><tbody class=""><tr class=""><td width="100px" class=""><a href="https://red.ht/sig" target="_blank" class=""><img src="https://www.redhat.com/profiles/rh/themes/redhatdotcom/img/logo-red-hat-black.png" width="90" height="auto" class=""></a></td><td style="font-size:10px" class=""><div class=""><a href="https://redhat.com/trusted" style="color:rgb(204,0,0);font-weight:bold" target="_blank" class="">TRIED. TESTED. TRUSTED.</a></div></td></tr></tbody></table><br class=""></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div></div>
_______________________________________________<br class="">Users mailing list<br class=""><a href="mailto:Users@ovirt.org" class="">Users@ovirt.org</a><br class="">http://lists.ovirt.org/mailman/listinfo/users<br class=""></div></blockquote></div><br class=""></body></html>