CentOS

Is there any patches released for the Meltdown and spectre security flaws - CVE-2017-5754 CVE-2017-5753 CVE-2017-5715. I just want to update only the patches for the fixes. Can you provide the patch details here pls.

Here:

https://access.redhat.com/errata/RHSA-2018:0012
https://access.redhat.com/errata/RHSA-2018:0007
https://access.redhat.com/errata/RHSA-2018:0014

Last kernel, linux-firmware and microcode_ctl updates,

I just want to update only the patches for the fixes.

Please don't get into the habit of doing that as it will end up with an unmaintained and badly patched system. The patches we release are only tested with all previous patches applied. Do not cherry pick which things you put on and which you do not.

Also , keep in mind that kernel live patching won't do the trick for these 2.

Hi,

on centos 7 server,

when uname -r shows 3.10.0-693.11.6.el7.x86_64,

is it the newest safe kernel version ?


thanks

mtaa wrote:Hi,

on centos 7 server,

when uname -r shows 3.10.0-693.11.6.el7.x86_64,

is it the newest safe kernel version ?


thanks

yes,

The security issue should be fixed by the host and also is suggested to update Centos 7 ?
The fix on Centos 7 has already be released?

Thanks for the help.

Hi All,

Is there an official statement/documentation that 3.10.0-693.11.6.el7.x86_64 is NOT VULNERABLE from Meltdown and Spectre?

Replying to the above two messages: Please read https://access.redhat.com/errata/RHSA-2018:0007 (both tabs) to learn that kernel-3.10.0-693.11.6.el7 fixes these issues. This kernel has already been released for CentOS 7.

Having trouble installing updates, I use a custom repo that rsyncs from uwaterloo mirror. When using yum update it reports there are no available updates, but the package for the new kernel exists. Tried copying the uwaterloo repodata, then recreating my own after that failed. Is this kernel required to use manually installation of rpm?