[elrepo] Announcement: EL6 Updated kernel-ml Package Set [4.14.14-1]

nitnit1981 nitnit nitnit1981.1 at gmail.com
Thu Jan 18 01:02:03 EST 2018 

Hi Alan

       Looks like the compiler used has an issue. Can you please change the
packaging process to the new compiler .


uname -r

4.14.14-1.el6.elrepo.x86_64





sh ./spectre-meltdown-checker.sh

Spectre and Meltdown mitigation detection tool v0.24



Checking for vulnerabilities against live running kernel Linux
4.14.14-1.el6.elrepo.x86_64 #1 SMP Wed Jan 17 14:39:23 EST 2018 x86_64



CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'

* *Checking count of LFENCE opcodes in kernel:  NO  (only 11 opcodes found,
should be >= 70)*

> STATUS:  VULNERABLE  (heuristic to be improved when official patches
become available)



CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'

* Mitigation 1

*   Hardware (CPU microcode) support for mitigation:  YES

*   Kernel support for IBRS:  NO

*   IBRS enabled for Kernel space:  NO

*   IBRS enabled for User space:  NO

* Mitigation 2

*   Kernel compiled with retpoline option:  YES

* *  Kernel compiled with a retpoline-aware compiler:  NO*

> STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with
retpoline are needed to mitigate the vulnerability)



CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'

* Kernel supports Page Table Isolation (PTI):  YES

* PTI enabled and active:  YES

> STATUS:  NOT VULNERABLE  (PTI mitigates the vulnerability)



A false sense of security is worse than no security at all, see --disclaimer

On Thu, Jan 18, 2018 at 3:27 AM, Alan Bartlett <ajb at elrepo.org> wrote:

> Announcing the release of the kernel-ml-4.14.14-1.el6.elrepo package
> set into the EL6 elrepo-kernel repository:
>
> https://elrepo.org/tiki/kernel-ml
>
> The upstream changelog:
>
> https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.14
>
> The following files are currently synchronising to our mirror sites:
>
> x86_32
> kernel-ml-4.14.14-1.el6.elrepo.i686.rpm
> kernel-ml-devel-4.14.14-1.el6.elrepo.i686.rpm
> kernel-ml-doc-4.14.14-1.el6.elrepo.noarch.rpm
> kernel-ml-headers-4.14.14-1.el6.elrepo.i386.rpm
> kernel-ml-NONPAE-4.14.14-1.el6.elrepo.i686.rpm
> kernel-ml-NONPAE-devel-4.14.14-1.el6.elrepo.i686.rpm
> perf-4.14.14-1.el6.elrepo.i686.rpm
> python-perf-4.14.14-1.el6.elrepo.i686.rpm
>
> x86_64
> kernel-ml-4.14.14-1.el6.elrepo.x86_64.rpm
> kernel-ml-devel-4.14.14-1.el6.elrepo.x86_64.rpm
> kernel-ml-doc-4.14.14-1.el6.elrepo.noarch.rpm
> kernel-ml-headers-4.14.14-1.el6.elrepo.x86_64.rpm
> perf-4.14.14-1.el6.elrepo.x86_64.rpm
> python-perf-4.14.14-1.el6.elrepo.x86_64.rpm
>
> nosrc
> kernel-ml-4.14.14-1.el6.elrepo.nosrc.rpm
>
> We provide these kernels for hardware testing in an effort to identify
> new/updated drivers which can then be targeted for backporting as kmod
> packages. Meanwhile, these kernels may provide interim relief to
> people with non-functional hardware. We stress that we consider such
> kernels as a last resort for those who are unable to get their
> hardware working using the RHEL-6 kernel with supplementary kmod
> packages.
>
> These packages are provided "As-Is" with no implied warranty or
> support. Using the kernel-ml may expose your system to security,
> performance and/or data corruption issues. Since timely updates may
> not be available from the ELRepo Project, the end user has the
> ultimate responsibility for deciding whether to continue using the
> kernel-ml packages in regular service.
>
> The packages are intentionally named kernel-ml so as not to conflict
> with the RHEL-6 kernels and, as such, they may be installed and updated
> alongside the regular kernel. The kernel configuration is based upon a
> default RHEL-6 configuration with added functionality enabled as
> appropriate.
>
> If a bug is found when using these kernels, the end user is encouraged
> to report it upstream to the Linux Kernel Bug Tracker [1] and, for our
> reference, to the ELRepo bug tracker [2]. By taking such action, the
> reporter will be assisting the kernel developers, Red Hat and the Open
> Source Community as a whole.
>
> Thank you,
>
> The ELRepo Team.
>
> [1] https://bugzilla.kernel.org/
> [2] https://elrepo.org/bugs/
> _______________________________________________
> elrepo mailing list
> elrepo at lists.elrepo.org
> http://lists.elrepo.org/mailman/listinfo/elrepo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.elrepo.org/pipermail/elrepo/attachments/20180118/d05f4a76/attachment.html>

More information about the elrepo mailing list