Yes, kernel has right version. To mitigate spectre, please follow https://help.virtuozzo.com/customer/portal/articles/2914675 And to mitigate spectre attacks from KVM VMs, please check that qemu-kvm-vz and libvirt packages are also updated.
-----Original Message----- From: Jehan Procaccia [mailto:jehan.procac...@it-sudparis.eu] Sent: Wednesday, January 10, 2018 22:59 To: Konstantin Bukharov <b...@virtuozzo.com>; OpenVZ users <users@openvz.org>; Vasiliy Averin <v...@virtuozzo.com> Subject: Re: [Users] X86_BUG_CPU_INSECURE you were right, waiting overnight for mirrors to get updated, now I do have an kernel update # uname -a Linux 3.10.0-693.11.6.vz7.40.4 #1 SMP Fri Jan 5 21:20:16 MSK 2018 x86_64 x86_64 x86_64 GNU/Linux # rpm -q --changelog vzkernel-3.10.0-693.11.6.vz7.40.4.x86_64 | more * sam. janv. 06 2018 Konstantin Khorenko <khore...@virtuozzo.com> [3.10.0-693.11.6.vz7.40.4] - vznetstat: Convert some kmalloc()/kfree() to __vmalloc()/vfree() (Kirill Tkhai) [PSBM-79502] - vznetstat: Add protection to venet_acct_set_classes() (Kirill Tkhai) - ms/mm/mempolicy: Add cond_resched() in queue_pages_pte_range() (Andrey Ryabinin) [PSBM-79273] - ms/sctp: do not peel off an assoc from one netns to another one (Xin Long) [PSBM-79325] - ve: fix container stopped state check (Stanislav Kinsburskiy) [PSBM-78078] ... no CVE mentioned , but I guess that these changes are related to meltdown and spectre !? Thanks Le 09/01/2018 à 21:51, Konstantin Bukharov a écrit : > Hello Jehan, > > Looks reasonable for me. > Your FR mirrors for openvz-os & openvz-updates are just not in sync with out > last update. > > Best regards, > Konstantin > > PS. You could see list of required packages by URL provided by Vasiliy below: > https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/repoview/ > > > -----Original Message----- > From: Jehan Procaccia [mailto:jehan.procac...@it-sudparis.eu] > Sent: Tuesday, January 9, 2018 23:43 > To: OpenVZ users <users@openvz.org>; Konstantin Bukharov > <b...@virtuozzo.com>; Vasiliy Averin <v...@virtuozzo.com> > Subject: Re: [Users] X86_BUG_CPU_INSECURE > > here is my repolist -v , let me know if I miss some repos ? > > thanks > > # yum repolist -v > Loading "fastestmirror" plugin > Loading "langpacks" plugin > Loading "openvz" plugin > Loading "priorities" plugin > Loading "product-id" plugin > Loading "refresh-packagekit" plugin > Loading "rhsm-auto-add-pools" plugin > Loading "search-disabled-repos" plugin > Not loading "subscription-manager" plugin, as it is disabled > Loading "vzlinux" plugin > Adding en_US.UTF-8 to language list > Config time: 0.069 > Yum version: 3.4.3 > Trying to discover and attach new pools > Loading mirror speeds from cached hostfile > * openvz-os: ftp.lip6.fr > * openvz-updates: ftp.lip6.fr > Setting up Package Sacks > --> anaconda-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base > excluded (priority) > --> anaconda-core-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base > excluded (priority) > --> anaconda-dracut-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base > excluded (priority) > --> anaconda-gui-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base > excluded (priority) > --> anaconda-tui-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base > excluded (priority) > --> anaconda-widgets-21.48.22.121-3.vl7.x86_64 from > virtuozzolinux-base excluded (priority) > --> anaconda-widgets-devel-21.48.22.121-3.vl7.x86_64 from > virtuozzolinux-base excluded (priority) > --> crit-2.3-2.vl7.x86_64 from virtuozzolinux-base excluded (priority) > --> criu-2.3-2.vl7.x86_64 from virtuozzolinux-base excluded (priority) > --> ipxe-bootimgs-20170123-1.git4e85b27.vl7.1.noarch from > virtuozzolinux-base excluded (priority) > --> ipxe-roms-20170123-1.git4e85b27.vl7.1.noarch from > virtuozzolinux-base excluded (priority) > --> ipxe-roms-qemu-20170123-1.git4e85b27.vl7.1.noarch from > virtuozzolinux-base excluded (priority) > --> 1:libguestfs-1.28.1-1.55.vl7.7.x86_64 from virtuozzolinux-base > excluded (priority) > --> 1:libguestfs-bash-completion-1.28.1-1.55.vl7.7.noarch from > virtuozzolinux-base excluded (priority) > --> 1:libguestfs-devel-1.28.1-1.55.vl7.7.x86_64 from > virtuozzolinux-base excluded (priority) > --> 1:libguestfs-gobject-1.28.1-1.55.vl7.7.x86_64 from > virtuozzolinux-base excluded (priority) > --> 1:libguestfs-gobject-devel-1.28.1-1.55.vl7.7.x86_64 from > virtuozzolinux-base excluded (priority) > --> 1:libguestfs-gobject-doc-1.28.1-1.55.vl7.7.noarch from > virtuozzolinux-base excluded (priority) > --> 1:libguestfs-java-1.28.1-1.55.vl7.7.x86_64 from > virtuozzolinux-base excluded (priority) > --> 1:libguestfs-java-devel-1.28.1-1.55.vl7.7.x86_64 from > virtuozzolinux-base excluded (priority) > --> 1:libguestfs-javadoc-1.28.1-1.55.vl7.7.noarch from > virtuozzolinux-base excluded (priority) > --> 1:libguestfs-man-pages-ja-1.28.1-1.55.vl7.7.noarch from > virtuozzolinux-base excluded (priority) > --> 1:libguestfs-man-pages-uk-1.28.1-1.55.vl7.7.noarch from > virtuozzolinux-base excluded (priority) > --> 1:libguestfs-tools-1.28.1-1.55.vl7.7.noarch from > virtuozzolinux-base excluded (priority) > --> 1:libguestfs-tools-c-1.28.1-1.55.vl7.7.x86_64 from > virtuozzolinux-base excluded (priority) > --> libvirt-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base excluded > (priority) > --> libvirt-client-2.0.0-10.vl7.5.i686 from virtuozzolinux-base > excluded (priority) > --> libvirt-client-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base > excluded (priority) > --> libvirt-daemon-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base > excluded (priority) > --> libvirt-daemon-config-network-2.0.0-10.vl7.5.x86_64 from > virtuozzolinux-base excluded (priority) > --> libvirt-daemon-config-nwfilter-2.0.0-10.vl7.5.x86_64 from > virtuozzolinux-base excluded (priority) > --> libvirt-daemon-driver-interface-2.0.0-10.vl7.5.x86_64 from > virtuozzolinux-base excluded (priority) > --> libvirt-daemon-driver-lxc-2.0.0-10.vl7.5.x86_64 from > virtuozzolinux-base excluded (priority) > --> libvirt-daemon-driver-network-2.0.0-10.vl7.5.x86_64 from > virtuozzolinux-base excluded (priority) > --> libvirt-daemon-driver-nodedev-2.0.0-10.vl7.5.x86_64 from > virtuozzolinux-base excluded (priority) > --> libvirt-daemon-driver-nwfilter-2.0.0-10.vl7.5.x86_64 from > virtuozzolinux-base excluded (priority) > --> libvirt-daemon-driver-qemu-2.0.0-10.vl7.5.x86_64 from > virtuozzolinux-base excluded (priority) > --> libvirt-daemon-driver-secret-2.0.0-10.vl7.5.x86_64 from > virtuozzolinux-base excluded (priority) > --> libvirt-daemon-driver-storage-2.0.0-10.vl7.5.x86_64 from > virtuozzolinux-base excluded (priority) > --> libvirt-daemon-kvm-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base > excluded (priority) > --> libvirt-daemon-lxc-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base > excluded (priority) > --> libvirt-devel-2.0.0-10.vl7.5.i686 from virtuozzolinux-base > excluded (priority) > --> libvirt-devel-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base > excluded (priority) > --> libvirt-docs-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base > excluded (priority) > --> libvirt-lock-sanlock-2.0.0-10.vl7.5.x86_64 from > virtuozzolinux-base excluded (priority) > --> libvirt-login-shell-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base > excluded (priority) > --> libvirt-nss-2.0.0-10.vl7.5.i686 from virtuozzolinux-base excluded > (priority) > --> libvirt-nss-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base > excluded (priority) > --> libvirt-python-1.2.17-2.vl7.x86_64 from virtuozzolinux-base > excluded (priority) > --> 1:lua-guestfs-1.28.1-1.55.vl7.7.x86_64 from virtuozzolinux-base > excluded (priority) > --> 1:ocaml-libguestfs-1.28.1-1.55.vl7.7.x86_64 from > virtuozzolinux-base excluded (priority) > --> 1:ocaml-libguestfs-devel-1.28.1-1.55.vl7.7.x86_64 from > virtuozzolinux-base excluded (priority) > --> 1:perl-Sys-Guestfs-1.28.1-1.55.vl7.7.x86_64 from > virtuozzolinux-base excluded (priority) > --> ploop-7.0.88-1.vz7.x86_64 from virtuozzolinux-base excluded (priority) > --> ploop-devel-7.0.88-1.vz7.x86_64 from virtuozzolinux-base excluded > (priority) > --> ploop-lib-7.0.88-1.vz7.x86_64 from virtuozzolinux-base excluded > (priority) > --> pykickstart-1.99.66.12-1.vl7.noarch from virtuozzolinux-base > excluded (priority) > --> 1:python-blivet-0.61.15.65-1.vl7.2.noarch from virtuozzolinux-base > excluded (priority) > --> python-criu-2.3-2.vl7.x86_64 from virtuozzolinux-base excluded > (priority) > --> 1:python-libguestfs-1.28.1-1.55.vl7.7.x86_64 from > virtuozzolinux-base excluded (priority) > --> python-ploop-7.0.88-1.vz7.x86_64 from virtuozzolinux-base excluded > (priority) > --> python-subprocess32-3.2.6-5.vl7.3.x86_64 from virtuozzolinux-base > excluded (priority) > --> 1:qt-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded (priority) > --> 1:qt-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded (priority) > --> 1:qt-assistant-4.8.5-15.vl7.x86_64 from virtuozzolinux-base > excluded (priority) > --> 1:qt-config-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded > (priority) > --> 1:qt-demos-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded > (priority) > --> 1:qt-devel-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded > (priority) > --> 1:qt-devel-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded > (priority) > --> 1:qt-devel-private-4.8.5-15.vl7.noarch from virtuozzolinux-base > excluded (priority) > --> 1:qt-doc-4.8.5-15.vl7.noarch from virtuozzolinux-base excluded > (priority) > --> 1:qt-examples-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded > (priority) > --> 1:qt-examples-4.8.5-15.vl7.x86_64 from virtuozzolinux-base > excluded (priority) > --> 1:qt-mysql-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded > (priority) > --> 1:qt-mysql-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded > (priority) > --> 1:qt-odbc-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded > (priority) > --> 1:qt-odbc-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded > (priority) > --> 1:qt-postgresql-4.8.5-15.vl7.i686 from virtuozzolinux-base > excluded (priority) > --> 1:qt-postgresql-4.8.5-15.vl7.x86_64 from virtuozzolinux-base > excluded (priority) > --> 1:qt-qdbusviewer-4.8.5-15.vl7.x86_64 from virtuozzolinux-base > excluded (priority) > --> 1:qt-qvfb-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded > (priority) > --> 1:qt-x11-4.8.5-15.vl7.i686 from virtuozzolinux-base excluded > (priority) > --> 1:qt-x11-4.8.5-15.vl7.x86_64 from virtuozzolinux-base excluded > (priority) > --> readykernel-scan-0.8-1.vl7.noarch from virtuozzolinux-base > excluded (priority) > --> rsync-3.0.9-18.vl7.x86_64 from virtuozzolinux-base excluded (priority) > --> 1:ruby-libguestfs-1.28.1-1.55.vl7.7.x86_64 from > virtuozzolinux-base excluded (priority) > --> seabios-bin-1.8.2-2.vl7.2.noarch from virtuozzolinux-base excluded > (priority) > --> seavgabios-bin-1.8.2-2.vl7.2.noarch from virtuozzolinux-base > excluded (priority) > --> virt-install-1.3.0-1.vl7.noarch from virtuozzolinux-base excluded > (priority) > --> virt-manager-1.3.0-1.vl7.noarch from virtuozzolinux-base excluded > (priority) > --> virt-manager-common-1.3.0-1.vl7.noarch from virtuozzolinux-base > excluded (priority) > --> 1:virt-v2v-1.28.1-1.55.vl7.7.x86_64 from virtuozzolinux-base > excluded (priority) > --> vzkernel-3.10.0-514.26.1.vz7.33.22.x86_64 from virtuozzolinux-base > excluded (priority) > --> vzkernel-debug-3.10.0-514.26.1.vz7.33.22.x86_64 from > virtuozzolinux-base excluded (priority) > --> vzkernel-debug-devel-3.10.0-514.26.1.vz7.33.22.x86_64 from > virtuozzolinux-base excluded (priority) > --> vzkernel-devel-3.10.0-514.26.1.vz7.33.22.x86_64 from > virtuozzolinux-base excluded (priority) > --> vzkernel-headers-3.10.0-514.26.1.vz7.33.22.x86_64 from > virtuozzolinux-base excluded (priority) > 97 packages excluded due to repository priority protections > pkgsack time: 0.763 > Repo-id : dell-system-update_dependent/7/x86_64 > Repo-name : dell-system-update_dependent > Repo-revision: 1513237536 > Repo-updated : Thu Dec 14 08:45:38 2017 > Repo-pkgs : 57 > Repo-size : 168 M > Repo-mirrors : > http://linux.dell.com/repo/hardware/latest/mirrors.cgi?osname=el7&basearch=x86_64&native=1 > Repo-baseurl : > http://linux.dell.com/repo/hardware/latest/os_dependent/RHEL7_64/ > Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:02 2018) > Filter : read-only:present > Repo-filename: /etc/yum.repos.d/dell-system-update.repo > > Repo-id : dell-system-update_independent > Repo-name : dell-system-update_independent > Repo-revision: 1513237394 > Repo-updated : Thu Dec 14 08:45:09 2017 > Repo-pkgs : 582 > Repo-size : 11 G > Repo-baseurl : http://linux.dell.com/repo/hardware/latest/os_independent/ > Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018) > Filter : read-only:present > Repo-exclude : dell-system-update*.i386 > Repo-filename: /etc/yum.repos.d/dell-system-update.repo > > Repo-id : openvz-os > Repo-name : OpenVZ > Repo-revision: 1510848403 > Repo-tags : binary-x86_64 > Repo-distro-tags: [cpe:/o:openvzproject:vz:7]: > Repo-updated : Thu Nov 16 17:06:54 2017 > Repo-pkgs : 197 > Repo-size : 766 M > Repo-mirrors : > http://download.openvz.org/virtuozzo/mirrorlists/7.0/releases-os.mirrorlist > Repo-baseurl : > http://ftp.lip6.fr/pub/linux/distributions/openvz/virtuozzo/releases/7.0/x86_64/os/ > (95 more) > Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018) > Filter : read-only:present > Repo-filename: /etc/yum.repos.d/openvz.repo > > Repo-id : openvz-updates > Repo-name : OpenVZ Updates > Repo-revision: 1510921548 > Repo-tags : binary-x86_64 > Repo-distro-tags: [cpe:/o:openvzproject:vz:7]: > Repo-updated : Fri Nov 17 13:25:48 2017 > Repo-pkgs : 0 > Repo-size : 0 > Repo-mirrors : > http://download.openvz.org/virtuozzo/mirrorlists/7.0/updates-os.mirrorlist > Repo-baseurl : > http://ftp.lip6.fr/pub/linux/distributions/openvz/virtuozzo/updates/7.0/x86_64/os/ > (95 more) > Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018) > Filter : read-only:present > Repo-filename: /etc/yum.repos.d/openvz.repo > > Repo-id : virtuozzolinux-base > Repo-name : VirtuozzoLinux Base > Repo-revision: 1515444338 > Repo-tags : binary-x86_64 > Repo-distro-tags: [cpe:/o:virtuozzoproject:vzlinux:7]: > Repo-updated : Mon Jan 8 21:47:34 2018 > Repo-pkgs : 10,119 > Repo-size : 8.0 G > Repo-mirrors : http://repo.virtuozzo.com/vzlinux/mirrorlist/mirrors-7-os > Repo-baseurl : http://repo.virtuozzo.com/vzlinux/7/x86_64/os/ > Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018) > Filter : read-only:present > Repo-excluded: 98 > Repo-filename: /etc/yum.repos.d/vzlinux.repo > > Repo-id : virtuozzolinux-factory > Repo-name : VirtuozzoLinux Factory > Repo-revision: 1510932596 > Repo-updated : Fri Nov 17 16:29:58 2017 > Repo-pkgs : 0 > Repo-size : 0 > Repo-mirrors : > http://repo.virtuozzo.com/vzlinux/mirrorlist/mirrors-7-factory > Repo-baseurl : http://repo.virtuozzo.com/vzlinux/7/x86_64/factory/ > Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018) > Filter : read-only:present > Repo-filename: /etc/yum.repos.d/vzlinux.repo > > Repo-id : virtuozzolinux-factory-debuginfo > Repo-name : VirtuozzoLinux Factory debug packages > Repo-revision: 1510932602 > Repo-updated : Fri Nov 17 16:30:03 2017 > Repo-pkgs : 0 > Repo-size : 0 > Repo-mirrors : > http://repo.virtuozzo.com/vzlinux/mirrorlist/mirrors-7-factory-debug > Repo-baseurl : http://repo.virtuozzo.com/vzlinux/7/x86_64/factory-debug/ > Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018) > Filter : read-only:present > Repo-filename: /etc/yum.repos.d/vzlinux.repo > > Repo-id : virtuozzolinux-updates > Repo-name : VirtuozzoLinux Updates > Repo-revision: 1510932674 > Repo-updated : Fri Nov 17 16:31:15 2017 > Repo-pkgs : 0 > Repo-size : 0 > Repo-mirrors : > http://repo.virtuozzo.com/vzlinux/mirrorlist/mirrors-7-updates > Repo-baseurl : http://repo.virtuozzo.com/vzlinux/7/x86_64/updates/ > Repo-expire : 21,600 second(s) (last: Tue Jan 9 19:42:03 2018) > Filter : read-only:present > Repo-filename: /etc/yum.repos.d/vzlinux.repo > > repolist: 10,955 > > > Le 09/01/2018 à 20:45, Konstantin Bukharov a écrit : >> Hello Jehan, >> >> Could you provide output from your system for the next command: >> yum repolist -v >> >> From your letter it seems that you have only 'Virtuozzo Linux' >> repositories configured and none for 'Virtuozzo' (aka OpenVZ). >> >> Best regards, >> Konstantin >> >> >> -----Original Message----- >> From: users-boun...@openvz.org [mailto:users-boun...@openvz.org] On Behalf >> Of Jehan Procaccia >> Sent: Tuesday, January 9, 2018 21:54 >> To: OpenVZ users <users@openvz.org>; Vasiliy Averin <v...@virtuozzo.com> >> Subject: Re: [Users] X86_BUG_CPU_INSECURE >> >> Does this concern "free/not-licenced" virtuozzo 7 ? >> I don't beneficiate of "ready-kernel" in that case, did you issued an >> exeptionnal out of cycle (3 mouths) updates ? >> >> here's my situation that is not clear : >> >> # cat /etc/redhat-release >> Virtuozzo Linux release 7.4 >> >> # uname -a >> Linux myserver.domain.fr 3.10.0-693.1.1.vz7.37.30 #1 SMP Wed Nov 15 >> 20:42:09 MSK 2017 x86_64 x86_64 x86_64 GNU/Linux >> >> when I issued a yum update I got kmod packages , are these a meltdown >> & spectre patches ? >> Mise à jour : >> kmod x86_64 20-15.vl7.6 >> virtuozzolinux-base 120 k >> kmod-libs x86_64 20-15.vl7.6 >> virtuozzolinux-base 50 k >> >> not sure regarding changelogs dates : >> >> # rpm -q --changelog kmod-20-15.vl7.6.x86_64 | more >> * jeu. nov. 16 2017 Yauheni Kaliuta <ykali...@redhat.com> - 20-15.el7_4.6 >> - Backport external directories support. >> Related: rhbz#1511943. >> ... >> >> thanks for your precisions . >> >> regards . >> >> >> Le 09/01/2018 à 10:22, Vasily Averin a écrit : >>> OpenVZ7 update was released. >>> >>> It includes new kenrel, criu, qemu-kvm and libvirt. >>> >>> https://download.openvz.org/virtuozzo/releases/openvz-7.0.6-509/ >>> https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/repoview/ >>> >>> Thank you, >>> Vasily Averin >>> >>> On 2018-01-06 14:40, Vasily Averin wrote: >>>> We have released fixed RHEL6-based kernel, >>>> please update your nodes to 2.6.32-042stab127.2 kernel >>>> >>>> Thank you, >>>> Vasily Averin >>>> >>>> On 2018-01-04 06:03, Alex Kobets wrote: >>>>> Hi, >>>>> >>>>> >>>>> Virtuozzo will release the kernel with fix asap. >>>>> >>>>> We have it under testing right now >>>>> >>>>> >>>>> Thank you, >>>>> >>>>> Alex >>>>> >>>>> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ >>>>> *From:* users-boun...@openvz.org <users-boun...@openvz.org> on behalf of >>>>> Hristo Benev <f...@abv.bg> >>>>> *Sent:* Wednesday, January 3, 2018 6:39:10 PM >>>>> *To:* zoo...@gmail.com; OpenVZ users >>>>> *Subject:* Re: [Users] X86_BUG_CPU_INSECURE >>>>> >>>>>> -------- Оригинално писмо -------- >>>>>> От: Benjamin Henrion zoo...@gmail.com >>>>>> Относно: [Users] X86_BUG_CPU_INSECURE >>>>>> До: "OpenVZ users list. This is THE list you need." <users@openvz.org> >>>>>> Изпратено на: 03.01.2018 03:02 >>>>>> Hi, >>>>>> >>>>>> Just reading this: >>>>>> >>>>>> https://amp.reddit.com/r/sysadmin/comments/7nl8r0/intel_bug_incoming/ >>>>>> >>>>>> Xen seems to have a pending patch to be release this week, but people >>>>>> are speculating now that you could bypass the entire isolation process >>>>>> provided by any hypervisor. >>>>>> >>>>>> Wait and see how this will be exploited, but you can be sure there >>>>>> will be exploits soon in the wild. >>>>>> >>>>>> The patch for software mitigation seems to be big and performance >>>>>> impacting. >>>>>> >>>>>> But that would probably mean that containers can be bypassed. >>>>>> >>>>>> Wait and see, >>>>>> >>>>>> -- >>>>>> Benjamin Henrion (zoobab) >>>>>> Email: zoobab at gmail.com >>>>>> Mobile: +32-484-566109 >>>>>> Web: http://www.zoobab.com >>>>>> FFII.org Brussels >>>>>> "In July 2005, after several failed attempts to legalise software >>>>>> patents in Europe, the patent establishment changed its strategy. >>>>>> Instead of explicitly seeking to sanction the patentability of >>>>>> software, they are now seeking to create a central European patent >>>>>> court, which would establish and enforce patentability rules in their >>>>>> favor, without any possibility of correction by competing courts or >>>>>> democratically elected legislators." >>>>>> _______________________________________________ >>>>>> Users mailing list >>>>>> Users@openvz.org >>>>>> https://lists.openvz.org/mailman/listinfo/users >>>>> https://spectreattack.com >>>>> >>>>> States that OpenVZ might be affected. >>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users@openvz.org >>>>> https://lists.openvz.org/mailman/listinfo/users >>>>> >>>>> >>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users@openvz.org >>>>> https://lists.openvz.org/mailman/listinfo/users >>>>> >>>> _______________________________________________ >>>> Users mailing list >>>> Users@openvz.org >>>> https://lists.openvz.org/mailman/listinfo/users >>>> >>> _______________________________________________ >>> Users mailing list >>> Users@openvz.org >>> https://lists.openvz.org/mailman/listinfo/users >> >> >> _______________________________________________ >> Users mailing list >> Users@openvz.org >> https://lists.openvz.org/mailman/listinfo/users >> >> _______________________________________________ >> Users mailing list >> Users@openvz.org >> https://lists.openvz.org/mailman/listinfo/users > > _______________________________________________ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users
