Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

2018-01-16 Thread Derek Atkins
Hi, I upgraded to EL7.4 / oVirt 4.1.8 last night. I must say it was easier than expected, so kudos to all the devs. I did have a few hiccups along the way, mostly of my own making. The one main hiccup is that the ovirt-40-dependencies package links to a CentOS repo that no longer exists, and that

Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

2018-01-15 Thread Derek Atkins
Thanks. I guess that means I need to upgrade both OS and Ovirt simultaneously. And if I recall correctly I need to upgrade my hosted engine first and then upgrade the host? (This is a single-host hosted-engine setup). I've never actually upgraded an ovirt release beyond point releases (I

Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

2018-01-15 Thread Yaniv Kaul
On Mon, Jan 15, 2018 at 6:28 PM, Derek Atkins wrote: > Thanks. > > I guess it still boils down to updating to 7.4. :( > > In the short term, will Ovirt 4.0 continue to run in 7.4? Or MUST I > We don't know, but I would assume NO. Every minor release of EL required some small

Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

2018-01-15 Thread Derek Atkins
Thanks. I guess it still boils down to updating to 7.4. :( In the short term, will Ovirt 4.0 continue to run in 7.4? Or MUST I upgrade both the OS and ovirt simultaneously? My time is very short over the next few weeks (I'm moving) so I'd like to get as much bang for the buck with as little

Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

2018-01-15 Thread Arman Khalatyan
If you see that after the update of your OS dmesg shows RED alert in the spectra check script in the second position then you should follow the intel's read.me. As in readme described on Centos 7.4: rsync -Pa intel-ucode /lib/firmware/ On the recent kernels(>2.6.xx) the dd method does not work,

Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

2018-01-15 Thread Derek Atkins
Arman, Thanks for the info... And sorry for taking so long to reply. It's been a busy weekend. First, thank you for the links. Useful information. However, could you define "recent"? My system is from Q3 2016. Is that considered recent enough to not need a bios updte? My /proc/cpuinfo

Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

2018-01-11 Thread Yaniv Kaul
On Thu, Jan 11, 2018 at 5:32 PM, Derek Atkins wrote: > Hi, > > On Thu, January 11, 2018 9:53 am, Yaniv Kaul wrote: > > > No one likes downtime but I suspect this is one of those serious > > vulnerabilities that you really really must be protected against. > > That being said,

Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

2018-01-11 Thread Arman Khalatyan
if you have recent supermicro you dont need to update the bios, Some tests: Crack test: https://github.com/IAIK/meltdown Check test: https://github.com/speed47/spectre-meltdown-checker the intel microcodes you can find here:

Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

2018-01-11 Thread Derek Atkins
Hi, On Thu, January 11, 2018 9:53 am, Yaniv Kaul wrote: > No one likes downtime but I suspect this is one of those serious > vulnerabilities that you really really must be protected against. > That being said, before planning downtime, check your HW vendor for > firmware or Intel for microcode

Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

2018-01-11 Thread Yaniv Kaul
On Thu, Jan 11, 2018 at 4:33 PM, Derek Atkins wrote: > Yaniv Kaul writes: > > > On Mon, Jan 8, 2018 at 7:32 PM, Derek Atkins wrote: > > > > Michal Skrivanek writes: > > > > > > If there are

Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

2018-01-11 Thread Derek Atkins
Yaniv Kaul writes: > On Mon, Jan 8, 2018 at 7:32 PM, Derek Atkins wrote: > > Michal Skrivanek writes: > > >             > If there are Patches nessessary will there also be updates > for > >             ovirt

Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

2018-01-08 Thread Yaniv Kaul
On Mon, Jan 8, 2018 at 7:32 PM, Derek Atkins wrote: > Michal Skrivanek writes: > > > > If there are Patches nessessary will there also be updates > for > > ovirt 4.1 or > > > only 4.2? > > > > 4.1 will be covered

Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

2018-01-08 Thread Derek Atkins
Michal Skrivanek writes: > > If there are Patches nessessary will there also be updates for > ovirt 4.1 or > > only 4.2? > > 4.1 will be covered What about 4.0? Or will that not be covered because it depends on 7.3, which also

Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

2018-01-04 Thread Michal Skrivanek
> On 4 Jan 2018, at 22:16, Sandro Bonazzola wrote: > > > > 2018-01-04 17:21 GMT+01:00 Yaniv Kaul >: > > > On Thu, Jan 4, 2018 at 12:31 PM, Barak Korren > wrote: > On 4

Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

2018-01-04 Thread Sandro Bonazzola
2018-01-04 17:21 GMT+01:00 Yaniv Kaul : > > > On Thu, Jan 4, 2018 at 12:31 PM, Barak Korren wrote: > >> On 4 January 2018 at 09:24, Marcel Hanke wrote: >> > Hi, >> > besides the kernel and microcode updates are there also updates of

Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

2018-01-04 Thread Yaniv Kaul
On Thu, Jan 4, 2018 at 12:31 PM, Barak Korren wrote: > On 4 January 2018 at 09:24, Marcel Hanke wrote: > > Hi, > > besides the kernel and microcode updates are there also updates of ovirt- > > engine and vdsm nessessary and if so, is there a timeline

Re: [ovirt-users] Are Ovirt updates nessessary after CVE-2017-5754 CVE-2017-5753 CVE-2017-5715

2018-01-04 Thread Barak Korren
On 4 January 2018 at 09:24, Marcel Hanke wrote: > Hi, > besides the kernel and microcode updates are there also updates of ovirt- > engine and vdsm nessessary and if so, is there a timeline when the patches can > be expected? > If there are Patches nessessary will there