OnApp 5.0 CloudBoot KVM Security Update

This update addresses the Meltdown and Spectre vulnerabilities (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754) for CentOS 6 KVM. For more information refer to Meltdown and Spectre CPU Issues.

The following package has been released for CloudBoot:

  • onapp-store-install-5.0.0-38.noarch.rpm

Use CloudBoot Compute Resources and CloudBoot Backup Server upgrade procedures to install the update. 'Simple reboot'  and 'Migrate and Reboot' options are available.

KeyTypeRelease NotesAffects Version/s
CLOUDBOOT-176FixUpdated the kernel to version 2.6.32-696.3.2.el6.x86_64 for CentOS 6 KVM ramdisk to address the CVE-2017-1000364 issue.All OnApp versions
CLOUDBOOT-177FixUpdated the glibc packages for CentOS6 KVM and Xen ramdisks to address the CVE-2017-1000366 issue.All OnApp versions
CLOUDBOOT-178Fix

Fixed the issue caused by the old Intel i40e driver version having a bug preventing the X710 quad NICs from receiving multicast packets when the ethX was bridged.

5.0

CLOUDBOOT-195

FixUpdated KVM packages to version 0.12.1.2-2.503.el6_9.4 for CentOS 6 KVM to address the CVE-2017-5715 issue.All OnApp versions
CLOUDBOOT-198FixUpdated libvirt packages to version 0.10.2-62.el6_9.1 for CentOS 6 KVM to address the CVE-2017-5715 issue.All OnApp versions
CLOUDBOOT-192FixUpdated the kernel to version 2.6.32-696.18.7.el6.x86_64 for CentOS 6 KVM to address the CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754 issues.All OnApp versions