Linux Kernel - CVE-2017-5754 , CVE-2017-5753 , CVE-2017-5715

A good way to start the new year;) I'm curious to see if there are any performance issues after the patch. Going to do a benchmark soon. Seems macOS is already patched in 10.13.2 and there aren't any issues because of a feature called PCID..
 
It's for Intel processors released for past 10 years. Sadly it's a MUST update since the issue is very serious.
 
What gets me, it's been around for 10 years, yet, "researchers" thought of testing out their theories just recently? :confused:
 
Benchmarks were released after the Microsoft patch from today. It looks like desktop computers won't be affected much. The issue will be mainly for servers running with lots of IO.

Also AMD & ARM:)

AMD is not affected by Meltdown which is the big security concern now. As for Spectre - yes, everybody is affected by the bounds check bypass. The second Spectre variant - the branch target injection is confirmed only on Intel and Arm so far.
 
Can you explain this in more detail?
Did the Centos update come with conflicts? Was a reboot unsuccessful?
 
After the update I ran into serious issues with my CentOS 7 box. First was a known bug after reboot that ip6tables didn’t work and ipv6 connections where impossible. Temporary solution is found in the bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1499367

Other issue was that php-fpm service failed, it started but got crashed every minute, giving 502 bad gateway errors. Error from systemctl status:
Code:
timeout (code: excited). The php-fpm72.service start operation timed out. Terminating. Unit php-fpm72.service entered failed state. The php-fpm72.service failed.
PHP fpm log:
11C9573C-52E2-48DB-9ACC-98FC787306D5.jpeg
Ps: this was before php update! So it’s not related to the new php release.
 
Last edited:
Updated and rebooted several CentOS 7 machines yesterday with yum (dedicated and VM QEMU/XEN) without any problems. Latest CB updates were already installed.
 
Hi, also updated and rebooted several CentOS 6 & 7 machines and all went good. :D
 
CentOS 6.9 on XenServer 6.5 is not booting after the meltdown patches.

If you run into the same problems:

1) download CentOS ISO (minimal is ok)
2) Insert ISO into DVD drive of the VM
3) VM > Start/Shut Down > Start in Recovery Mode
4) mount existing system to /mnt/sysimage/
5) vi /mnt/sysimage/etc/grub.conf
6) change "default=0" to "default=1" to boot from last Kernel
7) exit shell and reboot VM (You might have to forcefully shut it down and start it again if it doesn't boot after the rescue exit)
 
CloudVPS informs (users running VPS under XEN):

In the latest kernel version of CentOS 6 (2.6.32-696.18.7.el6.x86_64) and CentOS 7 (3.10.0-693.11.6.el7.centos.plus) we've detected a bug. Installing this kernel will make your VPS unbootable.


The most recent kernel version that works for CentOS 6 is (2.6.32-696.16.1.el6.x86_64). For CentOS 7 this is (3.10.0-693.2.2.el7.centos.plus.x86_64). At this moment the workaround is to activate an older kernel version untill the bug has been solved.
 
A stupid question... but after upgrading to the latest kernel is it necessary to reboot the server?
 
Back
Top