similar to: Xen 4.4 Immediate EOL

On 01/19/2018 06:17 AM, Pasi K?rkk?inen wrote: > On Thu, Jan 18, 2018 at 11:48:35AM -0600, Kevin Stange wrote: >> Hi, >> > > Hi, > >> I am very sorry to do this on short notice, but obviously Meltdown and >> Spectre are a lot more than anyone was really expecting to come down the >> pipeline. Xen 4.4 has been EOL upstream for about a year now and I

On Thu, Jan 18, 2018 at 11:48:35AM -0600, Kevin Stange wrote: > Hi, > Hi, > I am very sorry to do this on short notice, but obviously Meltdown and > Spectre are a lot more than anyone was really expecting to come down the > pipeline. Xen 4.4 has been EOL upstream for about a year now and I have > personally been reviewing and backporting patches based on the 4.5 > versions

By now, we're sure most everyone have heard of the Meltdown and Spectre attacks. If not, head over to https://meltdownattack.com/ and get an overview. Additional technical details are available from Google Project Zero. https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html The FreeBSD Security Team was notified of the issue in late December and received a

By now, we're sure most everyone have heard of the Meltdown and Spectre attacks. If not, head over to https://meltdownattack.com/ and get an overview. Additional technical details are available from Google Project Zero. https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html The FreeBSD Security Team was notified of the issue in late December and received a

On 01/18/2018 11:48 AM, Kevin Stange wrote: > Hi, > > I am very sorry to do this on short notice, but obviously Meltdown and > Spectre are a lot more than anyone was really expecting to come down the > pipeline. Xen 4.4 has been EOL upstream for about a year now and I have > personally been reviewing and backporting patches based on the 4.5 > versions made available

Hi all! I'm running an up-to-date Centos-7 on an AMD Vishera 6300, 6 core CPU. I note that when I run the redhat script to test for spectre & meltdown I get this result for variant 2: Variant #2 (Spectre): Vulnerable CVE-2017-5715 - speculative execution branch target injection - Kernel with mitigation patches: OK - HW support / updated microcode: NO - IBRS: Not disabled on

On 01/18/2018 09:56 AM, Kevin Stange wrote: > Apparently I failed to do proper due diligence before making this > recommendation. The Xen 4.4 repo does not have vixen build because of a > dependency upon grub2 which isn't available under CentOS 6. Your best > bet would be to use Vixen for PV domains, so if you think that's > something you want to do, we need some

On Tue, Jan 23, 2018 at 4:50 PM, Nathan March <nathan at gt.net> wrote: > Hi, > > > Hmm.. isn't this the ldisc bug that was discussed a few months ago on > this > list, > > and a patch was applied to virt-sig kernel aswell? > > > > Call trace looks similar.. > > Good memory! I'd forgotten about that despite being the one who ran into >

On Mon, Dec 2, 2019 at 5:08 PM Kevin Stange <kevin at steadfast.net> wrote: > By supporting only even numbered releases as is the case now, it has not > been possible to do hot migration based upgrades which means that we > have to do full reboots of our entire environment every so often. Right > now we're running on Xen 4.8 and transitioning to 4.12 directly. We >

Hi folks, Firstly; apologies in advance for what is a head wrecker of keeping on top of the speculative mitigations and also if this is a duplicate email; my first copy didn't seem to make it into the archive. Also a disclaimer that I may have misunderstood elements of the below but please bear with me. I write this hoping to find out a bit more about the state of the relevant kernel

How about kernel-lt and kernel-ml? Mike On 01/04/2018 05:41 PM, Warren Young wrote: > On Jan 4, 2018, at 12:18 PM, Walter H. <walter.h at mathemainzel.info> wrote: >> will there be updates for these CVEs for CentOS 6? > Red Hat hasn?t released them all yet. Quoting Christopher Robinson in the thread for this here: > > https://access.redhat.com/errata/RHSA-2018:0007

Hello, Are XSA-289 and XSA-274/CVE-2018-14678 fixed with Xen recent 4.8, 4.10 and kernel 4.9.177 packages ? Thank you

I've built & tagged packages for CentOS 6 and 7 4.6.6-9, with XPTI "stage 1" Meltdown mitigation. This will allow 64-bit PV guests to run safely (with a few caveats), but incurs a fairly significant slowdown for 64-bit PV guests on Intel boxes (including domain 0). If you prefer using Vixen / Comet, you can turn it off by adding 'xpti=0' to your Xen command-line.

Xen 4.4.4 along with kernel 4.9.44 containing patches for XSAs (226 - 230) from August 15th are now available in centos-virt-testing. If possible, please test and provide feedback here so we can move these to release soon. XSA-228 did not affect Xen 4.4 XSA-229 only applies to the kernel XSA-235 disclosed today only affects ARM and isn't going to be added to these packages. Thanks. --

Hi Johnny, Thank you for your reply. It seems to me that my message may have came around as offensive but that was not my intend. I have basic understanding how things work and when I said CentOS I actually meant Red Hat and all its derivatives. I asked CentOS community because that's the community I'm member of. Not to say that CentOS is not secure or anything like that. Anyway,

On 03/16/2017 04:22 PM, Kevin Stange wrote: >> I still can't rest assured the NIC issue is fixed, but no 4.4 or 4.9 >> server has yet had a NIC issue, with some being up almost a full month. >> It looks promising! (I'm knocking on all the wood everywhere, though.) > > I'm ready to call this conclusive. The problems I was having across the > board seemed to

On Tue, Jan 23, 2018 at 06:20:39PM -0600, Kevin Stange wrote: > On 01/23/2018 05:57 PM, Karl Johnson wrote: > > > > > > On Tue, Jan 23, 2018 at 4:50 PM, Nathan March <nathan at gt.net > > <mailto:nathan at gt.net>> wrote: > > > > Hi, > > > > > Hmm.. isn't this the ldisc bug that was discussed a few months ago on this

On Tue, Jan 24, 2017 at 09:29:39PM +0800, -=X.L.O.R.D=- wrote: > Kevin Stange, > It can be either kernel or update the NIC driver or firmware of the NIC > card. Hope that helps! > > Xlord > -----Original Message----- > From: CentOS-virt [mailto:centos-virt-bounces at centos.org] On Behalf Of Kevin > Stange > Sent: Tuesday, January 24, 2017 1:04 AM > To: centos-virt

On 11/02/17 06:29, Kevin Stange wrote: > On 01/30/2017 06:41 PM, Kevin Stange wrote: >> On 01/30/2017 06:12 PM, Adi Pircalabu wrote: >>> On 31/01/17 10:49, Kevin Stange wrote: >>>> You said 3.x kernels specifically. The kernel on Xen Made Easy now is a >>>> 4.4 kernel. Any chance you have tested with that one? >>> >>> Not yet, however

I have a clean install, fully updated CentOS 6 32-bit. When I run the Red Hat detection script: https://access.redhat.com/sites/default/files/spectre-meltdown--a79614b.sh it finds that the system is vulnerable. Is this false positive or there is no patches for CentOS 6 32-bit systems? Thank you, -- Peter