Meltdown and Spectre
Meltdown and Spectre
RH announced a fix in new kernel kernel-2.6.32-696.18.7.el6.x86_64.rpm
https://access.redhat.com/errata/RHSA-2018:0008
However it is still unavailable in CentOS repo, right?
Package kernel-2.6.32-696.16.1.el6.x86_64 already installed and latest version
https://access.redhat.com/errata/RHSA-2018:0008
However it is still unavailable in CentOS repo, right?
Package kernel-2.6.32-696.16.1.el6.x86_64 already installed and latest version
Re: Meltdown and Spectre
Patches for this were released late last night by Redhat for RHEL. CentOS has to rebuild those from source (and debrand them) and then test the resulting packages to make sure they function. I would expect a release sooner rather than later.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Meltdown and Spectre
I'm a little confused - I'm running Centos 6 and my kernel version is 2.6.32-042stab120.16. But all the references to the meltdown kernel fix say the new kernel version is kernel-2.6.32-696. I guess i must be using an old kernel, but how do I update to make sure my kernel is protected? Yum says no packages marked for update.
Thanks
Thanks
-
- Posts: 1
- Joined: 2018/01/04 20:48:26
Re: Meltdown and Spectre
What is the typical turn around time for Centos to release updates for a critical vulnerability like this?
-
- Posts: 1
- Joined: 2018/01/04 23:11:45
Re: Meltdown and Spectre
Where can I track the release of these patches? Where will it be announced?
Re: Meltdown and Spectre
Patches for CentOS 7 were released and pushed to the mirror network at around 11:00 UTC today.
Patches for CentOS 6 were released and pushed to the mirror network at around 21:00 UTC today.
Turnaround for these patches was about average I'd guess. The CentOS 7 updates were built overnight and then pushed in the morning. CentOS 6 updates came out from RH slightly later and were in the queue to be built after the el7 ones.
mace07I'm afraid that is not a CentOS system and you need to talk to your hoster about any update for that. The "stab" string in the kernel version number shows that it's an openvz container and not a real system at all.
For CentOS 6 the updated packages (so far) for this are kernel, libvirt, qemu-kvm and microcode_ctl.
Patches for CentOS 6 were released and pushed to the mirror network at around 21:00 UTC today.
Turnaround for these patches was about average I'd guess. The CentOS 7 updates were built overnight and then pushed in the morning. CentOS 6 updates came out from RH slightly later and were in the queue to be built after the el7 ones.
mace07I'm afraid that is not a CentOS system and you need to talk to your hoster about any update for that. The "stab" string in the kernel version number shows that it's an openvz container and not a real system at all.
For CentOS 6 the updated packages (so far) for this are kernel, libvirt, qemu-kvm and microcode_ctl.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Meltdown and Spectre
After running "yum update" and rebooting, how do we verify if the patch was applied?
Re: Meltdown and Spectre
What if you need to remain on a specific release? Will installing the security packages only satisfy the advisory notice?
Re: Meltdown and Spectre
The following command shows the current running kernel: uname -a
Re: Meltdown and Spectre
CentOS doesn't allow you to do that. Once a new point release comes out, the previous one is deprecated and receives no more updates. The update _is_ the new release. There is also no security metadata in the CentOS yum repos so you cannot use yum-plugin-security.What if you need to remain on a specific release? Will installing the security packages only satisfy the advisory notice?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke