[CentOS] CentOS-announce Digest, Vol 155, Issue 1
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CESA-2018:0007 Important CentOS 7 kernel Security Update (Karanbir Singh) 2. CESA-2018:0012 Important CentOS 7 microcode_ctl Security Update (Karanbir Singh) 3. CESA-2018:0014 Important CentOS 7 linux-firmware Security Update (Karanbir Singh) 4. [Infra] - planned outage : All services (Fabian Arrotin) 5. CESA-2018:0013 Important CentOS 6 microcode_ctl Security Update (Johnny Hughes) 6. CESA-2018:0008 Important CentOS 6 kernel Security Update (Johnny Hughes) 7. CESA-RHSA-2018:0024 Important CentOS 6 qemu-kvm Security Update (Johnny Hughes) 8. CESA-2018:0030 Important CentOS 6 libvirt Security Update (Johnny Hughes) 9. CESA-2018:0029 Important CentOS 7 libvirt Security Update (Johnny Hughes) 10. CESA-2018:0023 Important CentOS 7 qemu-kvmSecurity Update (Johnny Hughes) -- Message: 1 Date: Thu, 4 Jan 2018 11:36:27 + From: Karanbir Singh To: CentOS Announcements List Subject: [CentOS-announce] CESA-2018:0007 Important CentOS 7 kernel SecurityUpdate Message-ID: Content-Type: text/plain; charset=utf-8 CentOS Errata and Security Advisory 2018:0007 Important Upstream details at : https://access.redhat.com/errata/RHSA-2018:0007 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 320ab3bd00bd1f051c69f65f2d4cd6ab64585f977d9cd7a52e64e8f8147894fc kernel-3.10.0-693.11.6.el7.x86_64.rpm 0eefdec5447d3ed2781f30d093e22f4654e8af201e1e8058a57876d1baf2ee64 kernel-abi-whitelists-3.10.0-693.11.6.el7.noarch.rpm 5137d0db8632342edfb355ce5bb0a4b4b80d5ffd4b9950bb8dcfcd78e4b8a9dc kernel-debug-3.10.0-693.11.6.el7.x86_64.rpm 882a6522bdafaa697173ff7adedd2cd6ceee5c4a6aa0cd1cb4cf042789420c78 kernel-debug-devel-3.10.0-693.11.6.el7.x86_64.rpm 9c0d7753c649d68cd25b212ee573cec37dc2211891444224e502128fcffdf301 kernel-devel-3.10.0-693.11.6.el7.x86_64.rpm d2005d6a85f2ddd627290dd4cd4d2084215ef45cd8b3f66077b68fe2b0cce61e kernel-doc-3.10.0-693.11.6.el7.noarch.rpm 34d8682b2df1e47c9675f913fbfb129420cce219beaf7985c607a69ccdb3e064 kernel-headers-3.10.0-693.11.6.el7.x86_64.rpm fd3eaf598546bcb502e5e7293d0301b48774c9358dd320b7e53bd042dfae7094 kernel-tools-3.10.0-693.11.6.el7.x86_64.rpm 3c53034adc4c942a02f1dd72f0adf688f558867caf086b5b239169262b75f570 kernel-tools-libs-3.10.0-693.11.6.el7.x86_64.rpm 91153ae59d0acf585201b9a5b453ed8e6504651bf114e3c21c725ce42c8675c5 kernel-tools-libs-devel-3.10.0-693.11.6.el7.x86_64.rpm 8ef1d6c1ef77af60bbb680fa58b1d15f7901c21220c7e5db05ed56f7b17c perf-3.10.0-693.11.6.el7.x86_64.rpm b1f7bf92063bce0cec6286845686bc6ef96db126bdaa8987703b21a736a1a509 python-perf-3.10.0-693.11.6.el7.x86_64.rpm Source: b7756ceda51a35942e03d553f0ec6049ba2520c89e0d66e8e2cdae88f6db0d6a kernel-3.10.0-693.11.6.el7.src.rpm Note: 1) This is a widespread issue with potentially huge impact, we appreciate any help in spreading the word around so maximum number of users are able to find out, and patch their systems. 2) Upstream is curating information around this issue at https://access.redhat.com/security/vulnerabilities/speculativeexecution - information on that page would be helpful for most people on CentOS Linux as well. 3) Please reach out to us at #centos on irc.freenode.net for any feedback, comments, questions or concerns. -- Karanbir Singh, Project Lead, The CentOS Project +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS GnuPG Key : http://www.karan.org/publickey.asc -- Message: 2 Date: Thu, 4 Jan 2018 11:40:52 + From: Karanbir Singh To: CentOS Announcements List Subject: [CentOS-announce] CESA-2018:0012 Important CentOS 7 microcode_ctl Security Update Message-ID: Content-Type: text/plain; charset=utf-8 CentOS Errata and Security Advisory 2018:0012 Important Upstream details at : https://access.redhat.com/errata/RHSA-2018:0012 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: ccb96b47da6ce420c39a38d09e57adcc7ab3696c721d081fee94298f19fc6cab microcode_ctl-2.1-22.2.el7.x86_64.rpm Source: 589fe27443e43fd6549f56e39968cf515d1cd2448dc922bf0cc980fc651f880d microcode_ctl-2.1-22.2.el7.src.rpm -- Karanbir Singh, Project Lead, The CentOS Project +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS GnuPG Key : http://www.
Re: [CentOS] CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754
I have released everything for CentOS-6 that has been released upstream in RHEL source code. I will continue to do so when they release new sources. NOTE: We will NOT be releasing anything for CentOS versions before CentOS-6 (ie, CentOS-2.1, 3.x, 4.x, 5.x releases in vault that are past EOL will not get updates) CentOS-6 and CentOS-7 will continue to get updates based on the specific version of RHEL source code released. Thanks, Johnny Hughes On 01/04/2018 04:41 PM, Warren Young wrote: > On Jan 4, 2018, at 12:18 PM, Walter H. wrote: >> >> will there be updates for these CVEs for CentOS 6? > > Red Hat hasn’t released them all yet. Quoting Christopher Robinson in the > thread for this here: > > https://access.redhat.com/errata/RHSA-2018:0007 > > "We will be pushing errata out as soon as they have passed our QA team's > testing. The more modern versions were easier to backport patches from > upstream, and as you progress backwards the fixes change from a backporting > exercise into a complete rewrite. We expect all packages for RHEL7 to be > available shortly, with RHEL6 following closely behind.” > > Robinson’s reply then goes into other ramifications which don’t impact CentOS > for one reason or another, except insofar as CentOS’s speed in responding to > this is gated in large part by Red Hat’s ability to respond. > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754
> On Jan 5, 2018, at 9:02 AM, Johnny Hughes wrote: > > I have released everything for CentOS-6 that has been released upstream > in RHEL source code. > > I will continue to do so when they release new sources. > > NOTE: We will NOT be releasing anything for CentOS versions before > CentOS-6 (ie, CentOS-2.1, 3.x, 4.x, 5.x releases in vault that are past > EOL will not get updates) > > CentOS-6 and CentOS-7 will continue to get updates based on the specific > version of RHEL source code released. > Thanks, > Johnny Hughes Thanks - do you know if anything else is expected to be released soon for CentOS 6 or 7? Noam ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Intel Flaw
How does the latest Intel flaw relate to CentOS 6.x systems that run under VirtualBox hosted on Windows 7 computers? Given the virtual machine degree of separation from the hardware, can this issue actually be detected and exploited in the operating systems that run virtually? If there is a slow down associated with the fix, how much might it impact the virtual systems? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Intel Flaw
-Original Message- From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Chris Olson Subject: [CentOS] Intel Flaw >How does the latest Intel flaw relate to CentOS 6.x systems that run under >VirtualBox > hosted on Windows 7 computers? My computer is an much older AMD Athlon X2-250, 3.0ghz dual core, 02-2012 Windows 10 Pro (15063.850) I just manually patched my system w/ the security only update from Microsoft. Used the Pass Mark CPU test... Before patch 1626, 1323 after patch or an 18.6% loss in speed. Looking for a better test utility for Linux, but on my tested Linux boxen, doesn't seem to be any change But I'm using sysbench. Probably not the best utility in this case. Regards, Richard Zimmerman River Bend Hose Specialty, Inc. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Intel Flaw
On 5 January 2018 at 12:53, Chris Olson wrote: > How does the latest Intel flaw relate to CentOS 6.x systems > that run under VirtualBox hosted on Windows 7 computers? Given > the virtual machine degree of separation from the hardware, can Supposedly a virtual machine can detect and leak out in various ways. Both Xen and qemu are working through patches to deal with this. Other virtual software vendors are probably working on this also. I am not sure why the patches to the operating system do not stop this but it seems to do with how the modern CPU does virtualization which makes the Windows 7 patches not applicable. > this issue actually be detected and exploited in the operating > systems that run virtually? If there is a slow down associated > with the fix, how much might it impact the virtual systems? > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- Stephen J Smoogen. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
