[elrepo] Announcement: EL6 Updated kernel-ml Package Set [4.14.14-1]
nitnit1981 nitnit
nitnit1981.1 at gmail.com
Thu Jan 18 01:02:03 EST 2018
Hi Alan
Looks like the compiler used has an issue. Can you please change the
packaging process to the new compiler .
uname -r
4.14.14-1.el6.elrepo.x86_64
sh ./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.24
Checking for vulnerabilities against live running kernel Linux
4.14.14-1.el6.elrepo.x86_64 #1 SMP Wed Jan 17 14:39:23 EST 2018 x86_64
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* *Checking count of LFENCE opcodes in kernel: NO (only 11 opcodes found,
should be >= 70)*
> STATUS: VULNERABLE (heuristic to be improved when official patches
become available)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation: YES
* Kernel support for IBRS: NO
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: YES
* * Kernel compiled with a retpoline-aware compiler: NO*
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with
retpoline are needed to mitigate the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
> STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)
A false sense of security is worse than no security at all, see --disclaimer
On Thu, Jan 18, 2018 at 3:27 AM, Alan Bartlett <ajb at elrepo.org> wrote:
> Announcing the release of the kernel-ml-4.14.14-1.el6.elrepo package
> set into the EL6 elrepo-kernel repository:
>
> https://elrepo.org/tiki/kernel-ml
>
> The upstream changelog:
>
> https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.14
>
> The following files are currently synchronising to our mirror sites:
>
> x86_32
> kernel-ml-4.14.14-1.el6.elrepo.i686.rpm
> kernel-ml-devel-4.14.14-1.el6.elrepo.i686.rpm
> kernel-ml-doc-4.14.14-1.el6.elrepo.noarch.rpm
> kernel-ml-headers-4.14.14-1.el6.elrepo.i386.rpm
> kernel-ml-NONPAE-4.14.14-1.el6.elrepo.i686.rpm
> kernel-ml-NONPAE-devel-4.14.14-1.el6.elrepo.i686.rpm
> perf-4.14.14-1.el6.elrepo.i686.rpm
> python-perf-4.14.14-1.el6.elrepo.i686.rpm
>
> x86_64
> kernel-ml-4.14.14-1.el6.elrepo.x86_64.rpm
> kernel-ml-devel-4.14.14-1.el6.elrepo.x86_64.rpm
> kernel-ml-doc-4.14.14-1.el6.elrepo.noarch.rpm
> kernel-ml-headers-4.14.14-1.el6.elrepo.x86_64.rpm
> perf-4.14.14-1.el6.elrepo.x86_64.rpm
> python-perf-4.14.14-1.el6.elrepo.x86_64.rpm
>
> nosrc
> kernel-ml-4.14.14-1.el6.elrepo.nosrc.rpm
>
> We provide these kernels for hardware testing in an effort to identify
> new/updated drivers which can then be targeted for backporting as kmod
> packages. Meanwhile, these kernels may provide interim relief to
> people with non-functional hardware. We stress that we consider such
> kernels as a last resort for those who are unable to get their
> hardware working using the RHEL-6 kernel with supplementary kmod
> packages.
>
> These packages are provided "As-Is" with no implied warranty or
> support. Using the kernel-ml may expose your system to security,
> performance and/or data corruption issues. Since timely updates may
> not be available from the ELRepo Project, the end user has the
> ultimate responsibility for deciding whether to continue using the
> kernel-ml packages in regular service.
>
> The packages are intentionally named kernel-ml so as not to conflict
> with the RHEL-6 kernels and, as such, they may be installed and updated
> alongside the regular kernel. The kernel configuration is based upon a
> default RHEL-6 configuration with added functionality enabled as
> appropriate.
>
> If a bug is found when using these kernels, the end user is encouraged
> to report it upstream to the Linux Kernel Bug Tracker [1] and, for our
> reference, to the ELRepo bug tracker [2]. By taking such action, the
> reporter will be assisting the kernel developers, Red Hat and the Open
> Source Community as a whole.
>
> Thank you,
>
> The ELRepo Team.
>
> [1] https://bugzilla.kernel.org/
> [2] https://elrepo.org/bugs/
> _______________________________________________
> elrepo mailing list
> elrepo at lists.elrepo.org
> http://lists.elrepo.org/mailman/listinfo/elrepo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.elrepo.org/pipermail/elrepo/attachments/20180118/d05f4a76/attachment.html>
More information about the elrepo
mailing list