subject:"\[ovirt\-users\] Re\: \[ovirt\-announce\] CVE\-2018\-3639 \- Important \- oVirt \- Speculative Store Bypass"

[ovirt-users] Re: [ovirt-announce] CVE-2018-3639 - Important - oVirt - Speculative Store Bypass

2018-05-29 Thread Nathanaël Blanchet


I'm not able to do such a thing but it is quite good to know it is feasible!

Was nice to meet you at San Francisco summit :)

Le 28/05/2018 à 19:56, Yaniv Kaul a écrit :



On Mon, May 28, 2018 at 3:40 PM, Nathanaël Blanchet > wrote:


XP has reached is end of life in may 14 and Microsoft decided to
release an exceptionnal update because of a critical leak last
year... so all is possible when it is about criticity!


All is indeed possible. We always welcome contribution to the oVirt 
project, and you can send patches that backport the 4.2 patches to 4.1 
and build it.

Y.

https://www.microsoft.com/en-us/download/details.aspx?id=18770



Le 28/05/2018 à 14:23, Sandro Bonazzola a écrit :



2018-05-28 14:07 GMT+02:00 Nathanaël Blanchet mailto:blanc...@abes.fr>>:

Hello,

Will a 4.1.9.x security update be released for those who
can't migrate to 4.2.3.7 for any reasons?

No. oVirt 4.1 reached end of life with 4.1.9
https://lists.ovirt.org/pipermail/announce/2018-January/000383.html

Please consider updating to 4.2 as soon as practical / possible.


Le 23/05/2018 à 16:57, Sandro Bonazzola a écrit :

As you may have already heard, an industry-wide issue was
found in the way many modern microprocessor designs have
implemented speculative execution of Load & Store instructions.
This issue is well described by CVE-2018-3639 announce
available at
https://access.redhat.com/security/cve/cve-2018-3639
.

oVirt team has released right now an update of ovirt-engine
to version 4.2.3.7 which add support for SSBD CPUs in order
to mitigate the security issue.

If you are running oVirt on Red Hat Enterprise Linux, please
apply updates described in
https://access.redhat.com/security/cve/cve-2018-3639
.

If you are running oVirt on CentOS Linux please apply
updated described by:
CESA-2018:1629 Important CentOS 7 kernel Security Update


CESA-2018:1632 Important CentOS 7 libvirt Security

Update
CESA-2018:1649 Important CentOS 7 java-1.8.0-openjdk
Security

Update
CESA-2018:1648 Important CentOS 7 java-1.7.0-openjdk
Security

Update

An update for qemu-kvm-ev has been also tagged for release
and announced with
CESA-2018:1655 Important: qemu-kvm-ev security update

but due to some issues in CentOS release process for Virt
SIG content, it is not yet available on mirrors.
We are working with CentOS community to get the packages
signed and published as soon as possible.
In the meanwhile you can still get the update package by
enabling the test repository
https://buildlogs.centos.org/centos/7/virt/x86_64/kvm-common/

on your systems or manually installing the package from the
repository.

If you're running oVirt on a different Linux distribution,
please check with your vendor for available updates.

Please note that to fully mitigate this vulnerability,
system administrators must apply both hardware “microcode”
updates and software patches that enable new functionality.
At this time, microprocessor microcode will be delivered by
the individual manufacturers.

The oVirt team recommends end users and systems
administrator to apply any available updates as soon as
practical.

Thanks,
-- 


SANDRO BONAZZOLA

ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG
VIRTUALIZATION R

Red Hat EMEA 

sbona...@redhat.com 

  




___
Announce mailing list --annou...@ovirt.org 
To unsubscribe send an email toannounce-le...@ovirt.org 



-- 
Nathanaël Blanchet


Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala

[ovirt-users] Re: [ovirt-announce] CVE-2018-3639 - Important - oVirt - Speculative Store Bypass

2018-05-28 Thread Yaniv Kaul

On Mon, May 28, 2018 at 3:40 PM, Nathanaël Blanchet 
wrote:

> XP has reached is end of life in may 14 and Microsoft decided to release
> an exceptionnal update because of a critical leak last year... so all is
> possible when it is about criticity!
>

All is indeed possible. We always welcome contribution to the oVirt
project, and you can send patches that backport the 4.2 patches to 4.1 and
build it.
Y.

> https://www.microsoft.com/en-us/download/details.aspx?id=18770
>
> Le 28/05/2018 à 14:23, Sandro Bonazzola a écrit :
>
>
>
> 2018-05-28 14:07 GMT+02:00 Nathanaël Blanchet :
>
>> Hello,
>>
>> Will a 4.1.9.x security update be released for those who can't migrate to
>> 4.2.3.7 for any reasons?
>>
> No. oVirt 4.1 reached end of life with 4.1.9 https://lists.ovirt.org/
> pipermail/announce/2018-January/000383.html
> Please consider updating to 4.2 as soon as practical / possible.
>
>
>
>>
>> Le 23/05/2018 à 16:57, Sandro Bonazzola a écrit :
>>
>> As you may have already heard, an industry-wide issue was found in the
>> way many modern microprocessor designs have implemented speculative
>> execution of Load & Store instructions.
>> This issue is well described by CVE-2018-3639 announce available at
>> https://access.redhat.com/security/cve/cve-2018-3639.
>>
>> oVirt team has released right now an update of ovirt-engine to version
>> 4.2.3.7 which add support for SSBD CPUs in order to mitigate the security
>> issue.
>>
>> If you are running oVirt on Red Hat Enterprise Linux, please apply
>> updates described in https://access.redhat.com/security/cve/cve-2018-3639
>> .
>>
>> If you are running oVirt on CentOS Linux please apply updated described
>> by:
>> CESA-2018:1629 Important CentOS 7 kernel Security Update
>> 
>>
>> CESA-2018:1632 Important CentOS 7 libvirt Security Update
>> 
>> CESA-2018:1649 Important CentOS 7 java-1.8.0-openjdk Security Update
>> 
>>
>> CESA-2018:1648 Important CentOS 7 java-1.7.0-openjdk Security Update
>> 
>>
>>
>> An update for qemu-kvm-ev has been also tagged for release and announced
>> with
>> CESA-2018:1655 Important: qemu-kvm-ev security update
>> 
>> but due to some issues in CentOS release process for Virt SIG content, it
>> is not yet available on mirrors.
>> We are working with CentOS community to get the packages signed and
>> published as soon as possible.
>> In the meanwhile you can still get the update package by enabling the
>> test repository https://buildlogs.centos.org/centos/7/virt/x86_64
>> /kvm-common/ on your systems or manually installing the package from the
>> repository.
>>
>> If you're running oVirt on a different Linux distribution, please check
>> with your vendor for available updates.
>>
>> Please note that to fully mitigate this vulnerability, system
>> administrators must apply both hardware “microcode” updates and software
>> patches that enable new functionality.
>> At this time, microprocessor microcode will be delivered by the
>> individual manufacturers.
>>
>> The oVirt team recommends end users and systems administrator to apply
>> any available updates as soon as practical.
>>
>> Thanks,
>> --
>>
>> SANDRO BONAZZOLA
>>
>> ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R
>>
>> Red Hat EMEA 
>>
>> sbona...@redhat.com
>> 
>> 
>>
>>
>> ___
>> Announce mailing list -- annou...@ovirt.org
>> To unsubscribe send an email to announce-le...@ovirt.org
>>
>>
>> --
>> Nathanaël Blanchet
>>
>> Supervision réseau
>> Pôle Infrastrutures Informatiques227 avenue Professeur-Jean-Louis-Viala 
>> 
>> 34193 MONTPELLIER CEDEX 5
>> Tél. 33 (0)4 67 54 84 55
>> Fax  33 (0)4 67 54 84 14blanc...@abes.fr
>>
>>
>
>
> --
>
> SANDRO BONAZZOLA
>
> ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R
>
> Red Hat EMEA 
>
> sbona...@redhat.com
> 
> 
>
>
> --
> Nathanaël Blanchet
>
> Supervision réseau
> Pôle Infrastrutures Informatiques
> 227 avenue Professeur-Jean-Louis-Viala
> 34193 MONTPELLIER CEDEX 5 
> Tél. 33 (0)4 67 54 84 55
> Fax  33 (0)4 67 54 84 14blanc...@abes.fr
>
>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-
> guidelines/
> List Archives:

[ovirt-users] Re: [ovirt-announce] CVE-2018-3639 - Important - oVirt - Speculative Store Bypass

2018-05-28 Thread Nathanaël Blanchet

XP has reached is end of life in may 14 and Microsoft decided to release 
an exceptionnal update because of a critical leak last year... so all is 
possible when it is about criticity!


https://www.microsoft.com/en-us/download/details.aspx?id=18770


Le 28/05/2018 à 14:23, Sandro Bonazzola a écrit :



2018-05-28 14:07 GMT+02:00 Nathanaël Blanchet >:


Hello,

Will a 4.1.9.x security update be released for those who can't
migrate to 4.2.3.7 for any reasons?

No. oVirt 4.1 reached end of life with 4.1.9 
https://lists.ovirt.org/pipermail/announce/2018-January/000383.html

Please consider updating to 4.2 as soon as practical / possible.


Le 23/05/2018 à 16:57, Sandro Bonazzola a écrit :

As you may have already heard, an industry-wide issue was found
in the way many modern microprocessor designs have implemented
speculative execution of Load & Store instructions.
This issue is well described by CVE-2018-3639 announce available
at https://access.redhat.com/security/cve/cve-2018-3639
.

oVirt team has released right now an update of ovirt-engine to
version 4.2.3.7 which add support for SSBD CPUs in order to
mitigate the security issue.

If you are running oVirt on Red Hat Enterprise Linux, please
apply updates described in
https://access.redhat.com/security/cve/cve-2018-3639
.

If you are running oVirt on CentOS Linux please apply updated
described by:
CESA-2018:1629 Important CentOS 7 kernel Security Update

CESA-2018:1632 Important CentOS 7 libvirt Security

Update
CESA-2018:1649 Important CentOS 7 java-1.8.0-openjdk Security

Update
CESA-2018:1648 Important CentOS 7 java-1.7.0-openjdk Security

Update

An update for qemu-kvm-ev has been also tagged for release and
announced with
CESA-2018:1655 Important: qemu-kvm-ev security update

but due to some issues in CentOS release process for Virt SIG
content, it is not yet available on mirrors.
We are working with CentOS community to get the packages signed
and published as soon as possible.
In the meanwhile you can still get the update package by enabling
the test repository
https://buildlogs.centos.org/centos/7/virt/x86_64/kvm-common/

on your systems or manually installing the package from the
repository.

If you're running oVirt on a different Linux distribution, please
check with your vendor for available updates.

Please note that to fully mitigate this vulnerability, system
administrators must apply both hardware “microcode” updates and
software patches that enable new functionality.
At this time, microprocessor microcode will be delivered by the
individual manufacturers.

The oVirt team recommends end users and systems administrator to
apply any available updates as soon as practical.

Thanks,
-- 


SANDRO BONAZZOLA

ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R

Red Hat EMEA 

sbona...@redhat.com 

  




___
Announce mailing list --annou...@ovirt.org 
To unsubscribe send an email toannounce-le...@ovirt.org 



-- 
Nathanaël Blanchet


Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala


34193 MONTPELLIER CEDEX 5   
Tél. 33 (0)4 67 54 84 55
Fax  33 (0)4 67 54 84 14
blanc...@abes.fr   





--

SANDRO BONAZZOLA

ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R

Red Hat EMEA 

sbona...@redhat.com 

  




--
Nathanaël Blanchet

Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5   
Tél. 33 (0)4 67 54 84 55
Fax  33 (0)4 67 54 84 14
blanc...@abes.fr

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of

[ovirt-users] Re: [ovirt-announce] CVE-2018-3639 - Important - oVirt - Speculative Store Bypass

2018-05-28 Thread Sandro Bonazzola

2018-05-28 14:07 GMT+02:00 Nathanaël Blanchet :

> Hello,
>
> Will a 4.1.9.x security update be released for those who can't migrate to
> 4.2.3.7 for any reasons?
>
No. oVirt 4.1 reached end of life with 4.1.9
https://lists.ovirt.org/pipermail/announce/2018-January/000383.html
Please consider updating to 4.2 as soon as practical / possible.



>
> Le 23/05/2018 à 16:57, Sandro Bonazzola a écrit :
>
> As you may have already heard, an industry-wide issue was found in the way
> many modern microprocessor designs have implemented speculative execution
> of Load & Store instructions.
> This issue is well described by CVE-2018-3639 announce available at
> https://access.redhat.com/security/cve/cve-2018-3639.
>
> oVirt team has released right now an update of ovirt-engine to version
> 4.2.3.7 which add support for SSBD CPUs in order to mitigate the security
> issue.
>
> If you are running oVirt on Red Hat Enterprise Linux, please apply updates
> described in https://access.redhat.com/security/cve/cve-2018-3639.
>
> If you are running oVirt on CentOS Linux please apply updated described by:
> CESA-2018:1629 Important CentOS 7 kernel Security Update
> 
> CESA-2018:1632 Important CentOS 7 libvirt Security Update
> 
> CESA-2018:1649 Important CentOS 7 java-1.8.0-openjdk Security Update
> 
> CESA-2018:1648 Important CentOS 7 java-1.7.0-openjdk Security Update
> 
>
> An update for qemu-kvm-ev has been also tagged for release and announced
> with
> CESA-2018:1655 Important: qemu-kvm-ev security update
> 
> but due to some issues in CentOS release process for Virt SIG content, it
> is not yet available on mirrors.
> We are working with CentOS community to get the packages signed and
> published as soon as possible.
> In the meanwhile you can still get the update package by enabling the test
> repository https://buildlogs.centos.org/centos/7/virt/x86_64/kvm-common/
> on your systems or manually installing the package from the repository.
>
> If you're running oVirt on a different Linux distribution, please check
> with your vendor for available updates.
>
> Please note that to fully mitigate this vulnerability, system
> administrators must apply both hardware “microcode” updates and software
> patches that enable new functionality.
> At this time, microprocessor microcode will be delivered by the individual
> manufacturers.
>
> The oVirt team recommends end users and systems administrator to apply any
> available updates as soon as practical.
>
> Thanks,
> --
>
> SANDRO BONAZZOLA
>
> ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R
>
> Red Hat EMEA 
>
> sbona...@redhat.com
> 
> 
>
>
> ___
> Announce mailing list -- annou...@ovirt.org
> To unsubscribe send an email to announce-le...@ovirt.org
>
>
> --
> Nathanaël Blanchet
>
> Supervision réseau
> Pôle Infrastrutures Informatiques227 avenue Professeur-Jean-Louis-Viala 
> 
> 34193 MONTPELLIER CEDEX 5 
> Tél. 33 (0)4 67 54 84 55
> Fax  33 (0)4 67 54 84 14blanc...@abes.fr
>
>


-- 

SANDRO BONAZZOLA

ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R

Red Hat EMEA 

sbona...@redhat.com


___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/KUDMMZG2R2BVL75XXKDLWIIHU53PNFW3/

[ovirt-users] Re: [ovirt-announce] CVE-2018-3639 - Important - oVirt - Speculative Store Bypass

2018-05-28 Thread Nathanaël Blanchet


Hello,

Will a 4.1.9.x security update be released for those who can't migrate 
to 4.2.3.7 for any reasons?



Le 23/05/2018 à 16:57, Sandro Bonazzola a écrit :
As you may have already heard, an industry-wide issue was found in the 
way many modern microprocessor designs have implemented speculative 
execution of Load & Store instructions.
This issue is well described by CVE-2018-3639 announce available at 
https://access.redhat.com/security/cve/cve-2018-3639.


oVirt team has released right now an update of ovirt-engine to version 
4.2.3.7 which add support for SSBD CPUs in order to mitigate the 
security issue.


If you are running oVirt on Red Hat Enterprise Linux, please apply 
updates described in https://access.redhat.com/security/cve/cve-2018-3639.


If you are running oVirt on CentOS Linux please apply updated 
described by:
CESA-2018:1629 Important CentOS 7 kernel Security Update 

CESA-2018:1632 Important CentOS 7 libvirt Security 
Update
CESA-2018:1649 Important CentOS 7 java-1.8.0-openjdk Security 
Update
CESA-2018:1648 Important CentOS 7 java-1.7.0-openjdk Security 
Update


An update for qemu-kvm-ev has been also tagged for release and 
announced with
CESA-2018:1655 Important: qemu-kvm-ev security update 

but due to some issues in CentOS release process for Virt SIG content, 
it is not yet available on mirrors.
We are working with CentOS community to get the packages signed and 
published as soon as possible.
In the meanwhile you can still get the update package by enabling the 
test repository 
https://buildlogs.centos.org/centos/7/virt/x86_64/kvm-common/ on your 
systems or manually installing the package from the repository.


If you're running oVirt on a different Linux distribution, please 
check with your vendor for available updates.


Please note that to fully mitigate this vulnerability, system 
administrators must apply both hardware “microcode” updates and 
software patches that enable new functionality.
At this time, microprocessor microcode will be delivered by the 
individual manufacturers.


The oVirt team recommends end users and systems administrator to apply 
any available updates as soon as practical.


Thanks,
--

SANDRO BONAZZOLA

ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R

Red Hat EMEA 

sbona...@redhat.com 

  




___
Announce mailing list -- annou...@ovirt.org
To unsubscribe send an email to announce-le...@ovirt.org


--
Nathanaël Blanchet

Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5   
Tél. 33 (0)4 67 54 84 55
Fax  33 (0)4 67 54 84 14
blanc...@abes.fr

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RRPZTT7O64XHU4P5UXOYFNEHTO4WVZNC/

[ovirt-users] Re: [ovirt-announce] CVE-2018-3639 - Important - oVirt - Speculative Store Bypass

[ovirt-users] Re: [ovirt-announce] CVE-2018-3639 - Important - oVirt - Speculative Store Bypass

[ovirt-users] Re: [ovirt-announce] CVE-2018-3639 - Important - oVirt - Speculative Store Bypass

[ovirt-users] Re: [ovirt-announce] CVE-2018-3639 - Important - oVirt - Speculative Store Bypass

[ovirt-users] Re: [ovirt-announce] CVE-2018-3639 - Important - oVirt - Speculative Store Bypass

5 matches

Site Navigation

Mail list logo

Footer information