Page 2 of 6

Re: Meltdown and Spectre

Posted: 2018/01/06 13:00:58
by dapinna
Me too, like mace07, I have a CentOS (v. 6.9) with Kernel 2.6.32-042stab120.16 .

It's a VPS so that "stab" could be due to that.
What I know is that the Virtualization system is Virtuozzo and the Web Server is managed through Plesk 17.5.3 Update #35

Also I can not find recent updates with Yum Update

Re: Meltdown and Spectre

Posted: 2018/01/06 14:30:06
by TrevorH
Your system is not CentOS, it's an openvz container and the kernel is not managed by you, it's controlled by the host system on which you are running. To update the kernel you need to talk to the hoster who controls the host machine.

Re: Meltdown and Spectre

Posted: 2018/01/06 15:51:32
by dapinna
TrevorH wrote:Your system is not CentOS, it's an openvz container and the kernel is not managed by you, it's controlled by the host system on which you are running. To update the kernel you need to talk to the hoster who controls the host machine.
Thanks TrevorH :-)

I opened a ticket with my Hosting to know the kernel update and also the explanations on the Operating System, since in my panel it shows me "CentOS 6.9 (Final)"

Re: Meltdown and Spectre

Posted: 2018/01/07 03:08:51
by mtaa
Hi,

on my centos 6 server,

when uname -r shows 2.6.32-696.18.7.el6.x86_64 ,

does it mean i had apply the newest safe kernel ?

thanks

Re: Meltdown and Spectre

Posted: 2018/01/08 14:55:40
by progenic
mtaa wrote:Hi,

on my centos 6 server,

when uname -r shows 2.6.32-696.18.7.el6.x86_64 ,

does it mean i had apply the newest safe kernel ?

thanks
As you can see in the first post, or here ( https://lists.centos.org/pipermail/cent ... 22701.html ), you are running the latest released kernel for your CentOS version (kernel-2.6.32-696.18.7.el6.x86_64), so you are protected from Meltdown and Spectre.

Re: Meltdown and Spectre

Posted: 2018/01/08 16:05:55
by xiaohm
Thanks for making the fix available.

Will CentOS upgrade the kernel, xen and libvirt under xen4centos to have the fix?

Regards,
Tom

Re: Meltdown and Spectre

Posted: 2018/01/09 05:50:26
by awsadminz
mace07 wrote:I'm a little confused - I'm running Centos 6 and my kernel version is 2.6.32-042stab120.16. But all the references to the meltdown kernel fix say the new kernel version is kernel-2.6.32-696. I guess i must be using an old kernel, but how do I update to make sure my kernel is protected? Yum says no packages marked for update.

Thanks
Seems like you are using OpenVZ VPS. in this case, the Host has to be patched.

Re: Meltdown and Spectre

Posted: 2018/01/09 13:13:52
by chandranjoy
To verify the spectre/meltdown vulnerability:

1. Download this script.
2. Run it.
chmod 755 /tmp/spectre-meltdown-checker.sh && sh /tmp/spectre-meltdown-checker.sh
3. Results will be like as enclosed if system is still has the vulnerability and not patched.
https://prnt.sc/hy14be

Re: Meltdown and Spectre

Posted: 2018/01/09 15:14:38
by invis1988
Hello,

I am running a custom patch server which syncs to uwaterloo mirror. The update package was downloaded and is contained in the repo. Just incase my script failed I manually ran createrepo --update to make sure it 5is recognized. When using uname -r I still have 5.2, and when I run yum update it states "no packages marked for update". Just wondering if there is another way I am supposed to update the kernel in this case, if not I will continue to troubleshoot my repo..

Thanks

Re: Meltdown and Spectre

Posted: 2018/01/09 15:53:21
by rafaelweingartner
I just applied the update. My kernel version is 3.10.0-693.11.6.el7.x86_64 now.
I then proceeded testing with the following code: https://gist.github.com/Badel2/ba8826e6 ... d098d98d27

I was expecting the code to stop working, since it refers to specter (CVE-2017-5753), which is supposed to be fixed by this security update.
Am I testing the wrong problem here?