[BlueOnyx:21641] Aventurin{e} 6108R & BlueOnyx: Sceptre / Meltdown and Kernels

Michael Stauber mstauber at blueonyx.it
Fri Jan 5 20:46:26 -05 2018 

Hi all,

As you all might be aware from the news of the last few days: Major
flaws have been uncovered in Intel CPUs and to some degree also in CPUs
from other manufacturers such as AMD.

All OS vendors and maintainers have rushed to kick Updates out of the
door that address these vulnerabilities. By this time CentOS and
Scientific Linux kernel updates are out.

Please make sure that your BlueOnyx servers are fully updated and *also*
make sure that they are now actually running the latest kernel. This
might require a reboot so that the updated kernel installed via the last
YUM update gets put into effect.

You can check this way which kernel you are currently running and what
the latest kernel used upon boot is:

Current Kernel:

uname -r

Newest installed Kernel:

cat /boot/grub/grub.conf|grep title


Aventurin{e} 6108R:
====================

Parallels is giving the EL7 kernel a higher priority than the EL6
kernel. And neither of them is (so far) available to the public. Which
is far from being ideal.

However: A third party has taken the latest OpenVZ EL6 kernel
(2.6.32-042stab126.2) and has patched it with the security updates from
the RedHat 2.6.32-696-18.7 kernel.

I took the SRPM of that third party OpenVZ kernel, examined it and the
patches and although I am no kernel expert I think this might be OK. At
least until the time that OpenVZ releases an official OpenVZ 6 kernel
that fixes the issues in a way that they deem best.

I am running several nodes with the new kernel myself and so far I
encountered no problems aside from the expected performance impact that
all of these fixes introduce.

The fixed (unofficial) OpenVZ 6 kernel for Aventurin{e} 6108R is now in
the OS-Updates YUM repository and has the version number
2.6.32-042stab126.666. The latest "bad" kernel (with the security flaws)
is named 2.6.32-042stab126.2.

As noted above: After the updated Kernel has been installed via "yum
update" you do need to reboot in order for the new kernel to be put into
effect.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list