Linux Kernel - CVE-2017-5754 , CVE-2017-5753 , CVE-2017-5715

Erulezz

Verified User
Joined
Sep 14, 2015
Messages
435
Location
Arnhem, NL
A good way to start the new year;) I'm curious to see if there are any performance issues after the patch. Going to do a benchmark soon. Seems macOS is already patched in 10.13.2 and there aren't any issues because of a feature called PCID..
 

wattie

Verified User
Joined
May 31, 2008
Messages
995
Location
Bulgaria
It's for Intel processors released for past 10 years. Sadly it's a MUST update since the issue is very serious.
 

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
1,747
Location
London UK
What gets me, it's been around for 10 years, yet, "researchers" thought of testing out their theories just recently? :confused:
 

wattie

Verified User
Joined
May 31, 2008
Messages
995
Location
Bulgaria
Benchmarks were released after the Microsoft patch from today. It looks like desktop computers won't be affected much. The issue will be mainly for servers running with lots of IO.

Also AMD & ARM:)
AMD is not affected by Meltdown which is the big security concern now. As for Spectre - yes, everybody is affected by the bounds check bypass. The second Spectre variant - the branch target injection is confirmed only on Intel and Arm so far.
 

Awd

Verified User
Joined
Aug 9, 2015
Messages
316
Can you explain this in more detail?
Did the Centos update come with conflicts? Was a reboot unsuccessful?
 

vancanneyt

Verified User
Joined
Dec 13, 2012
Messages
77
After the update I ran into serious issues with my CentOS 7 box. First was a known bug after reboot that ip6tables didn’t work and ipv6 connections where impossible. Temporary solution is found in the bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1499367

Other issue was that php-fpm service failed, it started but got crashed every minute, giving 502 bad gateway errors. Error from systemctl status:
Code:
timeout (code: excited). The php-fpm72.service start operation timed out. Terminating. Unit php-fpm72.service entered failed state. The php-fpm72.service failed.
PHP fpm log:
11C9573C-52E2-48DB-9ACC-98FC787306D5.jpeg
Ps: this was before php update! So it’s not related to the new php release.
 
Last edited:

Remco00

Verified User
Joined
Feb 22, 2006
Messages
231
Updated and rebooted several CentOS 7 machines yesterday with yum (dedicated and VM QEMU/XEN) without any problems. Latest CB updates were already installed.
 

Awd

Verified User
Joined
Aug 9, 2015
Messages
316
Hi, also updated and rebooted several CentOS 6 & 7 machines and all went good. :D
 

sysdev

Verified User
Joined
Jul 16, 2007
Messages
178
CentOS 6.9 on XenServer 6.5 is not booting after the meltdown patches.

If you run into the same problems:

1) download CentOS ISO (minimal is ok)
2) Insert ISO into DVD drive of the VM
3) VM > Start/Shut Down > Start in Recovery Mode
4) mount existing system to /mnt/sysimage/
5) vi /mnt/sysimage/etc/grub.conf
6) change "default=0" to "default=1" to boot from last Kernel
7) exit shell and reboot VM (You might have to forcefully shut it down and start it again if it doesn't boot after the rescue exit)
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,890
Location
GMT +7.00
CloudVPS informs (users running VPS under XEN):

In the latest kernel version of CentOS 6 (2.6.32-696.18.7.el6.x86_64) and CentOS 7 (3.10.0-693.11.6.el7.centos.plus) we've detected a bug. Installing this kernel will make your VPS unbootable.


The most recent kernel version that works for CentOS 6 is (2.6.32-696.16.1.el6.x86_64). For CentOS 7 this is (3.10.0-693.2.2.el7.centos.plus.x86_64). At this moment the workaround is to activate an older kernel version untill the bug has been solved.
 

chronic

Verified User
Joined
Dec 14, 2006
Messages
53
A stupid question... but after upgrading to the latest kernel is it necessary to reboot the server?
 
Top