Re: [CentOS-virt] CESA-2018:1655 Important: qemu-kvm-ev security update

[Sandro Bonazzola]

2018-05-24 3:18 GMT+02:00 Karanbir Singh :

> On 23/05/18 06:56, Sandro Bonazzola wrote:
> > CentOS Errata and Security Advisory 2018:1655 Important
> >
> > Upstream details at: https://access.redhat.com/errata/RHSA-2018:1655
> >
> > This is the qemu-kvm-ev side of the CVE-2018-3639 mitigation.
> >
> > qemu-kvm-ev-2.10.0-21.el7_5.3.1
> >  has been tagged for
> > release yesterday morning and should land on mirrors this morning.
> > Johnny, Brian, Karanbir, please cross check it's being published, I
> > would have expected it to be already on mirrors.
> >
> > Thanks,
> > --
> >
> > SANDRO BONAZZOLA
> >
> > ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R
> >
> > Red Hat EMEA 
> >
> > sbona...@redhat.com 
> >
> > 
> > 
> >
>
> With all the noise around this specific package, i went and looked and
> its in the queue for push, should be in the packages for Thu 24th
>

Looks like it's not yet published.
Also altarch is still broken https://bugs.centos.org/view.php?id=14835





>
>
> --
> Karanbir Singh  | London, UK
> Project Lead, The CentOS Project
> Consulting Engineer, https://openshift.io/
>
>


-- 

SANDRO BONAZZOLA

ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R

Red Hat EMEA 

sbona...@redhat.com


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] CESA-2018:1655 Important: qemu-kvm-ev security update

[Sandro Bonazzola]

2018-05-24 13:38 GMT+02:00 Karanbir Singh :

> On 24/05/18 11:53, Karanbir Singh wrote:
> > On 24/05/18 11:18, Sandro Bonazzola wrote:
> >>
> >>
> >> 2018-05-24 3:18 GMT+02:00 Karanbir Singh  >> >:
> >>
> >> On 23/05/18 06:56, Sandro Bonazzola wrote:
> >> > CentOS Errata and Security Advisory 2018:1655 Important
> >> >
> >> > Upstream details at: https://access.redhat.com/
> errata/RHSA-2018:1655
> >> 
> >> >
> >> > This is the qemu-kvm-ev side of the CVE-2018-3639 mitigation.
> >> >
> >> > qemu-kvm-ev-2.10.0-21.el7_5.3.1
> >> >  >> > has been
> >> tagged for
> >> > release yesterday morning and should land on mirrors this morning.
> >> > Johnny, Brian, Karanbir, please cross check it's being published,
> I
> >> > would have expected it to be already on mirrors.
> >> >
> >> > Thanks,
> >> > --
> >> >
> >> > SANDRO BONAZZOLA
> >> >
> >> > ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION
> R
> >> >
> >> > Red Hat EMEA 
> >> >
> >> > sbona...@redhat.com 
> >> >
> >> >
> >> > 
> >> > 
> >> >
> >>
> >> With all the noise around this specific package, i went and looked
> and
> >> its in the queue for push, should be in the packages for Thu 24th
> >>
> >>
> >> Looks like it's not yet published.
> >> Also altarch is still broken https://bugs.centos.org/view.php?id=14835
> >>
> >>
> >>
> >>
> >>
> >
> > yeah, this is down to how the various arch bits were pushed out of sync;
> > we got cut both ways, either if we do x86_64 on its own or we dont,
> >
> > i am working on sig content right now, so let me go look at this as well
> >
> >
>
> the sign runs are now running cleanly for altarch as well, it looks like
> the mirrors caught up in sync with those in the last day or so. its
> going to run for a bit though, I'll keep an eye on things.
>
> w.r.t the CVE note - just want to point out that I've been told that
> lacking the vendor supplied microcode this fix's in this code do not
> really help much. And there is no vendor microcode as yet. Is that an
> accurate state of play ?
>

AFAIK Intel released a beta microcode to OEMs so individual hardware
vendors should be providing it through their support pages after testing
with their hardware.



>
>
> --
> Karanbir Singh  | London, UK
> Project Lead, The CentOS Project
> Consulting Engineer, https://openshift.io/
>
>


-- 

SANDRO BONAZZOLA

ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R

Red Hat EMEA 

sbona...@redhat.com


___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt