XP has reached is end of life in may 14 and Microsoft decided to release
an exceptionnal update because of a critical leak last year... so all is
possible when it is about criticity!
https://www.microsoft.com/en-us/download/details.aspx?id=18770
Le 28/05/2018 à 14:23, Sandro Bonazzola a écrit :
2018-05-28 14:07 GMT+02:00 Nathanaël Blanchet <blanc...@abes.fr
<mailto:blanc...@abes.fr>>:
Hello,
Will a 4.1.9.x security update be released for those who can't
migrate to 4.2.3.7 for any reasons?
No. oVirt 4.1 reached end of life with 4.1.9
https://lists.ovirt.org/pipermail/announce/2018-January/000383.html
Please consider updating to 4.2 as soon as practical / possible.
Le 23/05/2018 à 16:57, Sandro Bonazzola a écrit :
As you may have already heard, an industry-wide issue was found
in the way many modern microprocessor designs have implemented
speculative execution of Load & Store instructions.
This issue is well described by CVE-2018-3639 announce available
at https://access.redhat.com/security/cve/cve-2018-3639
<https://access.redhat.com/security/cve/cve-2018-3639>.
oVirt team has released right now an update of ovirt-engine to
version 4.2.3.7 which add support for SSBD CPUs in order to
mitigate the security issue.
If you are running oVirt on Red Hat Enterprise Linux, please
apply updates described in
https://access.redhat.com/security/cve/cve-2018-3639
<https://access.redhat.com/security/cve/cve-2018-3639>.
If you are running oVirt on CentOS Linux please apply updated
described by:
CESA-2018:1629 Important CentOS 7 kernel Security Update
<https://lists.centos.org/pipermail/centos-announce/2018-May/022843.html>
CESA-2018:1632 Important CentOS 7 libvirt Security
Update<https://lists.centos.org/pipermail/centos-announce/2018-May/022840.html>
CESA-2018:1649 Important CentOS 7 java-1.8.0-openjdk Security
Update<https://lists.centos.org/pipermail/centos-announce/2018-May/022839.html>
CESA-2018:1648 Important CentOS 7 java-1.7.0-openjdk Security
Update<https://lists.centos.org/pipermail/centos-announce/2018-May/022838.html>
An update for qemu-kvm-ev has been also tagged for release and
announced with
CESA-2018:1655 Important: qemu-kvm-ev security update
<https://lists.centos.org/pipermail/centos-virt/2018-May/005804.html>
but due to some issues in CentOS release process for Virt SIG
content, it is not yet available on mirrors.
We are working with CentOS community to get the packages signed
and published as soon as possible.
In the meanwhile you can still get the update package by enabling
the test repository
https://buildlogs.centos.org/centos/7/virt/x86_64/kvm-common/
<https://buildlogs.centos.org/centos/7/virt/x86_64/kvm-common/>
on your systems or manually installing the package from the
repository.
If you're running oVirt on a different Linux distribution, please
check with your vendor for available updates.
Please note that to fully mitigate this vulnerability, system
administrators must apply both hardware “microcode” updates and
software patches that enable new functionality.
At this time, microprocessor microcode will be delivered by the
individual manufacturers.
The oVirt team recommends end users and systems administrator to
apply any available updates as soon as practical.
Thanks,
--
SANDRO BONAZZOLA
ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R&D
Red Hat EMEA <https://www.redhat.com/>
sbona...@redhat.com <mailto:sbona...@redhat.com>
<https://red.ht/sig>
<https://redhat.com/summit>
_______________________________________________
Announce mailing list --annou...@ovirt.org <mailto:annou...@ovirt.org>
To unsubscribe send an email toannounce-le...@ovirt.org
<mailto:announce-le...@ovirt.org>
--
Nathanaël Blanchet
Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
<https://maps.google.com/?q=227+avenue+Professeur-Jean-Louis-Viala&entry=gmail&source=g>
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanc...@abes.fr <mailto:blanc...@abes.fr>
--
SANDRO BONAZZOLA
ASSOCIATE MANAGER, SOFTWARE ENGINEERING, EMEA ENG VIRTUALIZATION R&D
Red Hat EMEA <https://www.redhat.com/>
sbona...@redhat.com <mailto:sbona...@redhat.com>
<https://red.ht/sig>
<https://redhat.com/summit>
--
Nathanaël Blanchet
Supervision réseau
Pôle Infrastrutures Informatiques
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanc...@abes.fr
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JU2IA6ZZAVZVVWSYCF3RL62S2KMQVEXJ/