Hi, On Mon, January 8, 2018 9:44 am, Yaniv Kaul wrote: > On Mon, Jan 8, 2018 at 4:27 PM, Marktvk <[email protected]> wrote: > >> Hello Correct. >> >> But i can not do this for a reason. I hope ovirt will bring a kvm >> upgrade >> for 4.0 the security issue at this moment with CPU's ( intel) >> > > You could upgrade your CPU firmware and get up-to-date packages, but what > about the new CPU types for the guests? > There are no plans to backport the patch for them[1] to 4.0 (though I > assume you could patch your own engine with it!). > Y. > > [1] https://gerrit.ovirt.org/#/c/85998/
I've been only minimally following this discussion as I've had other things on my plate, but I'm in a similar situation here -- I'm running 4.0 (on EL7.3) on a single host and would rather not upgrade my ovirt infrastructure to 4.1/4.2 just to get the security fixes for these CPU bugs. I don't mind upgrading my host (or engine) to el7.4, provided I can continue to use ovirt 4.0 But I don't understand what "new CPU types" would be here, or even why they would be required, to fix these security issues. Perhaps I need a more basic primer about what actually needs to be patched to fix an ovirt system against these speculative execution bugs. Obviously the host systems need to be patched, and KVM most likely needs to be patched. But do I then need to patch each of my guests? Do I need to reconfigure anything else? Is there a minimalist "how to" here? -derek > >> I believe you most upgrade to 4.1 first, and then to 4.2. >> >> >> >> On Jan 8, 2018 6:00 AM, "Marktvk" <[email protected]> wrote: >> >> Hello, >> >> >> We have now running ovirt 4.0 for a specif reason we can not upgrade to >> the new version. >> >> If possible for 1 time to upgrade qemu-kvm to the new version for the >> fix with processors today ? >> >> >> I hope so. >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.ovirt.org/mailman/listinfo/users >> >> >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.ovirt.org/mailman/listinfo/users >> >> > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users > -- Derek Atkins 617-623-3745 [email protected] www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
