Hi, On Mon, January 8, 2018 9:44 am, Yaniv Kaul wrote: > On Mon, Jan 8, 2018 at 4:27 PM, Marktvk <mark...@xs4all.nl> wrote: > >> Hello Correct. >> >> But i can not do this for a reason. I hope ovirt will bring a kvm >> upgrade >> for 4.0 the security issue at this moment with CPU's ( intel) >> > > You could upgrade your CPU firmware and get up-to-date packages, but what > about the new CPU types for the guests? > There are no plans to backport the patch for them[1] to 4.0 (though I > assume you could patch your own engine with it!). > Y. > > [1] https://gerrit.ovirt.org/#/c/85998/
I've been only minimally following this discussion as I've had other things on my plate, but I'm in a similar situation here -- I'm running 4.0 (on EL7.3) on a single host and would rather not upgrade my ovirt infrastructure to 4.1/4.2 just to get the security fixes for these CPU bugs. I don't mind upgrading my host (or engine) to el7.4, provided I can continue to use ovirt 4.0 But I don't understand what "new CPU types" would be here, or even why they would be required, to fix these security issues. Perhaps I need a more basic primer about what actually needs to be patched to fix an ovirt system against these speculative execution bugs. Obviously the host systems need to be patched, and KVM most likely needs to be patched. But do I then need to patch each of my guests? Do I need to reconfigure anything else? Is there a minimalist "how to" here? -derek > >> I believe you most upgrade to 4.1 first, and then to 4.2. >> >> >> >> On Jan 8, 2018 6:00 AM, "Marktvk" <mark...@xs4all.nl> wrote: >> >> Hello, >> >> >> We have now running ovirt 4.0 for a specif reason we can not upgrade to >> the new version. >> >> If possible for 1 time to upgrade qemu-kvm to the new version for the >> fix with processors today ? >> >> >> I hope so. >> >> >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> >> >> >> >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> >> > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
