Hi,
Does anyone know a link where one can find the proper patches and info for Centos 7x to mitigate the Spectre and Meltdown vulns?
Also looking for info if we want to roll back the changes.
Thanks
Spectre and meltdown patches
Re: Spectre and meltdown patches
Meltdown/spectre fixes were first included in the CentOS 7 kernel as of kernel-3.10.0-693.11.6.el7.x86_64 and are in all subsequent kernels up to the latest which is currently kernel-3.10.0-862.2.3.el7.x86_64
See https://access.redhat.com/security/vuln ... eexecution for details and https://www.redhat.com/en/blog/what-are ... -need-know for an overview of the problems. Kernel/libvirt/qemu-kvm updates are now released, run `yum update`. New microcode MUST be downloaded from hardware vendors though this is not necessarily recommended.
See https://access.redhat.com/security/vuln ... eexecution for details and https://www.redhat.com/en/blog/what-are ... -need-know for an overview of the problems. Kernel/libvirt/qemu-kvm updates are now released, run `yum update`. New microcode MUST be downloaded from hardware vendors though this is not necessarily recommended.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Spectre and meltdown patches
Thank you! It looks like the guests running CentOS will have to be patched as well.
-
- Posts: 1
- Joined: 2018/05/29 08:46:48
Re: Spectre and meltdown patches
My Centos (HP-DL360G9) 7.3 has Kernel version as 3.10.0-514.6.2.el7.x86_64.
Can you please suggest Spectre and Meltdown patches for this Kernel?
Please do share the official links to download the patches..
Thanks!
Can you please suggest Spectre and Meltdown patches for this Kernel?
Please do share the official links to download the patches..
Thanks!
Re: Spectre and meltdown patches
7.3 is unsupported and will never get any more updates. You need to yum update to 7.5 to get current and get all available fixes. The current latest kernel is 3.10.0-862.3.2.el7. You are about 18 months out of date.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke