CloudLinux 7 and CloudLinux 6 Hybrid kernel v.1.5-38 has been rolled out to 100%

Jul 9, 2020 4:33:04 PM / by Inessa Atmachian

 

kernel

CloudLinux 7 and CloudLinux 6 Hybrid kernel version 3.10.0-962.3.2.lve1.5.38 has been rolled out to 100% and is now available for download from our production repository.

SRBDS System Information

The Linux kernel provides vulnerability status information through sysfs. For SRBDS this can be accessed by the following sysfs file: /sys/devices/system/cpu/vulnerabilities/srbds

The possible values contained in this file are:

Not affected  Processor is not vulnerable
Vulnerable Processor is vulnerable and mitigation is disabled
Vulnerable: No microcode Processor is vulnerable and microcode is missing mitigation
Mitigation: Microcode  Processor is vulnerable and mitigation is in effect
Mitigation: TSX disabled Processor is only vulnerable when TSX is enabled while this system was booted with TSX disabled
Unknown: Dependent on hypervisor status Running on virtual guest processor that is affected but with no way to know if the host processor is mitigated or vulnerable

                 

Mitigation Mechanism

Intel will release microcode updates that modify the RDRAND, RDSEED, and EGETKEY instructions to overwrite secret special register data in the shared staging buffer before the secret data can be accessed by another logical processor.

Changelog

  • CLKRN-597: ext4: wait for existing dio workers in ext4_alloc_file_blocks()
  • CLKRN-597: ext4: check for directory entries too close to block end
  • CLKRN-597: tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK
  • CLKRN-597: vfs: fix do_last() regression
  • CLKRN-597: do_last(): fetch directory ->i_mode and ->i_uid before it's too late
  • CLKRN-597: CVE-2000-1134: CVE-2007-3852: CVE-2008-0525: CVE-2009-0416: CVE-2011-4834: CVE-2015-1838: CVE-2015-7442: CVE-2016-7489: namei: allow restricted O_CREAT of FIFOs and regular files
  • CLKRN-601: make CONFIG_CL_* entries visible in "menuconfig"
  • CLKRN-597: mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
  • CLKRN-597: jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal
  • CLKRN-597: x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR
  • CLKRN-597: PCI: Don't disable bridge BARs when assigning bus resources
  • CLKRN-597: scsi: qla2xxx: Fix mtcp dump collection failure
  • CLKRN-597: CVE-2020-12114: fs/namespace.c: fix mountpoint reference counter race
  • CLKRN-597: tracing: Fix tracing_stat return values in error handling paths
  • CLKRN-597: tracing: Fix very unlikely race of registering two stat tracers
  • CLKRN-597: ext4, jbd2: ensure panic when aborting with zero errno
  • CLKRN-597: jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record
  • CLKRN-597: KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c
  • CLKRN-597: KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks
  • CLKRN-597: KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks
  • CLKRN-597: KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks
  • CLKRN-597: tcp: clear tp->total_retrans in tcp_disconnect()
  • CLKRN-597: mm/mempolicy.c: fix out of bounds write in mpol_parse_str()
  • CLKRN-597: net_sched: ematch: reject invalid TCF_EM_SIMPLE
  • CLKRN-607: random: always use batched entropy for get_random_u{32,64}
  • CLKRN-607: x86/speculation: Add Ivy Bridge to affected list
  • CLKRN-607: CVE-2020-0543: x86/speculation: Add SRBDS vulnerability and mitigation documentation
  • CLKRN-607: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation
  • CLKRN-607: x86/cpu: Add 'table' argument to cpu_matches()
  • CLKRN-607: x86/cpu: Add a steppings field to struct x86_cpu_id
  • CLKRN-607: x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
  • CLKRN-600: mm: don't clear __GFP_NOFAIL when matching against mask

Update

For CloudLinux 7, run the command:

yum install kernel-3.10.0-962.3.2.lve1.5.38.el7

For CloudLinux 6 Hybrid, run the command:

yum install kernel-3.10.0-962.3.2.lve1.5.38.el6h

Topics: CloudLinux OS 7, hybrid, kernel-cl7, kernel-cl6, CloudLinux OS 6, Technical Blog, Gradual rollout

Inessa Atmachian

Written by Inessa Atmachian

Inessa Atmachian is a Technical Writer. She is responsible for developing technical product documentation for CloudLinux OS, KernelCare, and Imunify360 products. She provides customers with release notes and information on product updates.

    Subscribe to Email Updates

    Recent Posts