Meltdown and Spectre

Support for security such as Firewalls and securing linux
dapinna
Posts: 2
Joined: 2018/01/06 12:40:57

Re: Meltdown and Spectre

Post by dapinna » 2018/01/06 13:00:58

Me too, like mace07, I have a CentOS (v. 6.9) with Kernel 2.6.32-042stab120.16 .

It's a VPS so that "stab" could be due to that.
What I know is that the Virtualization system is Virtuozzo and the Web Server is managed through Plesk 17.5.3 Update #35

Also I can not find recent updates with Yum Update

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Meltdown and Spectre

Post by TrevorH » 2018/01/06 14:30:06

Your system is not CentOS, it's an openvz container and the kernel is not managed by you, it's controlled by the host system on which you are running. To update the kernel you need to talk to the hoster who controls the host machine.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

dapinna
Posts: 2
Joined: 2018/01/06 12:40:57

Re: Meltdown and Spectre

Post by dapinna » 2018/01/06 15:51:32

TrevorH wrote:Your system is not CentOS, it's an openvz container and the kernel is not managed by you, it's controlled by the host system on which you are running. To update the kernel you need to talk to the hoster who controls the host machine.
Thanks TrevorH :-)

I opened a ticket with my Hosting to know the kernel update and also the explanations on the Operating System, since in my panel it shows me "CentOS 6.9 (Final)"

mtaa
Posts: 8
Joined: 2011/09/18 21:37:33

Re: Meltdown and Spectre

Post by mtaa » 2018/01/07 03:08:51

Hi,

on my centos 6 server,

when uname -r shows 2.6.32-696.18.7.el6.x86_64 ,

does it mean i had apply the newest safe kernel ?

thanks

User avatar
progenic
Posts: 1
Joined: 2018/01/08 14:52:21

Re: Meltdown and Spectre

Post by progenic » 2018/01/08 14:55:40

mtaa wrote:Hi,

on my centos 6 server,

when uname -r shows 2.6.32-696.18.7.el6.x86_64 ,

does it mean i had apply the newest safe kernel ?

thanks
As you can see in the first post, or here ( https://lists.centos.org/pipermail/cent ... 22701.html ), you are running the latest released kernel for your CentOS version (kernel-2.6.32-696.18.7.el6.x86_64), so you are protected from Meltdown and Spectre.

xiaohm
Posts: 1
Joined: 2018/01/08 16:01:46

Re: Meltdown and Spectre

Post by xiaohm » 2018/01/08 16:05:55

Thanks for making the fix available.

Will CentOS upgrade the kernel, xen and libvirt under xen4centos to have the fix?

Regards,
Tom

awsadminz
Posts: 1
Joined: 2018/01/09 05:43:08
Contact:

Re: Meltdown and Spectre

Post by awsadminz » 2018/01/09 05:50:26

mace07 wrote:I'm a little confused - I'm running Centos 6 and my kernel version is 2.6.32-042stab120.16. But all the references to the meltdown kernel fix say the new kernel version is kernel-2.6.32-696. I guess i must be using an old kernel, but how do I update to make sure my kernel is protected? Yum says no packages marked for update.

Thanks
Seems like you are using OpenVZ VPS. in this case, the Host has to be patched.

chandranjoy
Posts: 1
Joined: 2018/01/09 13:08:51

Re: Meltdown and Spectre

Post by chandranjoy » 2018/01/09 13:13:52

To verify the spectre/meltdown vulnerability:

1. Download this script.
2. Run it.
chmod 755 /tmp/spectre-meltdown-checker.sh && sh /tmp/spectre-meltdown-checker.sh
3. Results will be like as enclosed if system is still has the vulnerability and not patched.
https://prnt.sc/hy14be

invis1988
Posts: 2
Joined: 2018/01/09 15:11:23

Re: Meltdown and Spectre

Post by invis1988 » 2018/01/09 15:14:38

Hello,

I am running a custom patch server which syncs to uwaterloo mirror. The update package was downloaded and is contained in the repo. Just incase my script failed I manually ran createrepo --update to make sure it 5is recognized. When using uname -r I still have 5.2, and when I run yum update it states "no packages marked for update". Just wondering if there is another way I am supposed to update the kernel in this case, if not I will continue to troubleshoot my repo..

Thanks

rafaelweingartner
Posts: 2
Joined: 2018/01/09 15:48:23

Re: Meltdown and Spectre

Post by rafaelweingartner » 2018/01/09 15:53:21

I just applied the update. My kernel version is 3.10.0-693.11.6.el7.x86_64 now.
I then proceeded testing with the following code: https://gist.github.com/Badel2/ba8826e6 ... d098d98d27

I was expecting the code to stop working, since it refers to specter (CVE-2017-5753), which is supposed to be fixed by this security update.
Am I testing the wrong problem here?

Post Reply