CentOS

RH announced a fix in new kernel kernel-2.6.32-696.18.7.el6.x86_64.rpm

https://access.redhat.com/errata/RHSA-2018:0008

However it is still unavailable in CentOS repo, right?

Package kernel-2.6.32-696.16.1.el6.x86_64 already installed and latest version

Patches for this were released late last night by Redhat for RHEL. CentOS has to rebuild those from source (and debrand them) and then test the resulting packages to make sure they function. I would expect a release sooner rather than later.

I'm a little confused - I'm running Centos 6 and my kernel version is 2.6.32-042stab120.16. But all the references to the meltdown kernel fix say the new kernel version is kernel-2.6.32-696. I guess i must be using an old kernel, but how do I update to make sure my kernel is protected? Yum says no packages marked for update.

Thanks

What is the typical turn around time for Centos to release updates for a critical vulnerability like this?

Where can I track the release of these patches? Where will it be announced?

Patches for CentOS 7 were released and pushed to the mirror network at around 11:00 UTC today.

Patches for CentOS 6 were released and pushed to the mirror network at around 21:00 UTC today.

Turnaround for these patches was about average I'd guess. The CentOS 7 updates were built overnight and then pushed in the morning. CentOS 6 updates came out from RH slightly later and were in the queue to be built after the el7 ones.

mace07I'm afraid that is not a CentOS system and you need to talk to your hoster about any update for that. The "stab" string in the kernel version number shows that it's an openvz container and not a real system at all.

For CentOS 6 the updated packages (so far) for this are kernel, libvirt, qemu-kvm and microcode_ctl.

After running "yum update" and rebooting, how do we verify if the patch was applied?

What if you need to remain on a specific release? Will installing the security packages only satisfy the advisory notice?

The following command shows the current running kernel: uname -a

What if you need to remain on a specific release? Will installing the security packages only satisfy the advisory notice?

CentOS doesn't allow you to do that. Once a new point release comes out, the previous one is deprecated and receives no more updates. The update _is_ the new release. There is also no security metadata in the CentOS yum repos so you cannot use yum-plugin-security.