Spectre and meltdown patches

Support for security such as Firewalls and securing linux
Post Reply
timcenty
Posts: 16
Joined: 2018/04/10 16:25:21

Spectre and meltdown patches

Post by timcenty » 2018/05/15 04:03:28

Hi,

Does anyone know a link where one can find the proper patches and info for Centos 7x to mitigate the Spectre and Meltdown vulns?
Also looking for info if we want to roll back the changes.

Thanks

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Spectre and meltdown patches

Post by TrevorH » 2018/05/15 06:40:55

Meltdown/spectre fixes were first included in the CentOS 7 kernel as of kernel-3.10.0-693.11.6.el7.x86_64 and are in all subsequent kernels up to the latest which is currently kernel-3.10.0-862.2.3.el7.x86_64

See https://access.redhat.com/security/vuln ... eexecution for details and https://www.redhat.com/en/blog/what-are ... -need-know for an overview of the problems. Kernel/libvirt/qemu-kvm updates are now released, run `yum update`. New microcode MUST be downloaded from hardware vendors though this is not necessarily recommended.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

timcenty
Posts: 16
Joined: 2018/04/10 16:25:21

Re: Spectre and meltdown patches

Post by timcenty » 2018/05/17 03:35:46

Thank you! It looks like the guests running CentOS will have to be patched as well.

sanjeevcentos
Posts: 1
Joined: 2018/05/29 08:46:48

Re: Spectre and meltdown patches

Post by sanjeevcentos » 2018/05/29 11:40:27

My Centos (HP-DL360G9) 7.3 has Kernel version as 3.10.0-514.6.2.el7.x86_64.
Can you please suggest Spectre and Meltdown patches for this Kernel?
Please do share the official links to download the patches..

Thanks!

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Spectre and meltdown patches

Post by TrevorH » 2018/05/29 11:56:07

7.3 is unsupported and will never get any more updates. You need to yum update to 7.5 to get current and get all available fixes. The current latest kernel is 3.10.0-862.3.2.el7. You are about 18 months out of date.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply