kernel security updates for MDS/Zombieload & co.

Support for security such as Firewalls and securing linux
Post Reply
kilian
Posts: 14
Joined: 2015/05/27 01:05:56

kernel security updates for MDS/Zombieload & co.

Post by kilian » 2019/05/15 15:17:15

Hi there!

With the recent release of RHEL8 GA and the ongoing CentOS 8 building process (https://wiki.centos.org/About/Building_8), I'd like to know if we'll see kernel security updates for CentOS 7.x for the newly announced Intel CPU security vulnerabilities.

Red Hat released a number of kernel and microcode updates yesterday:
* https://access.redhat.com/errata/RHSA-2019:1168: kernel-3.10.0-957.12.2.el7
* https://access.redhat.com/errata/RHEA-2019:1210: microcode_ctl-2.1-47.2.el7_6

and they don't seem to have made their way to the CentOS updates repo yet. So I'm wondering if it's just a matter of time, or if they won't be provided at all.

Thanks!

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: kernel security updates for MDS/Zombieload & co.

Post by TrevorH » 2019/05/15 15:53:23

They only came out yesterday!

Yes, they're building and pending release. Soon.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

kilian
Posts: 14
Joined: 2015/05/27 01:05:56

Re: kernel security updates for MDS/Zombieload & co.

Post by kilian » 2019/05/15 16:30:34

Thanks for clarifying!

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: kernel security updates for MDS/Zombieload & co.

Post by TrevorH » 2019/05/15 16:35:01

Announcements have gone out, packages are pushed, mirrors are updating. If you don't see anything new soon then try yum clean all as it only refreshes every 6 hours by default.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

kilian
Posts: 14
Joined: 2015/05/27 01:05:56

Re: kernel security updates for MDS/Zombieload & co.

Post by kilian » 2019/05/15 17:55:16

Awesome, thanks!

Nay
Posts: 1
Joined: 2019/05/21 02:36:30

Re: kernel security updates for MDS/Zombieload & co.

Post by Nay » 2019/05/21 04:04:07

Hi

May I know where and how to download patches to fix Intel MDS vulnerabilities?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: kernel security updates for MDS/Zombieload & co.

Post by TrevorH » 2019/05/21 06:11:53

yum update
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply