CloudLinux OS Blog - CloudLinux 6 kernel updated
CloudLinux OS Blog

CloudLinux 6 kernel updated

CloudLinux 6 kernel updated

A new updated CloudLinux 6 kernel version 2.6.32-896.16.1.lve1.4.51 is available for download from our production repository.

Changelog since kernel-2.6.32-896.16.1.lve1.4.50:

  • CKSIX-153: improved fix for Spectre Variant 1 attack.

To install new kernel, please run the following command:

yum clean all && yum install kernel-2.6.32-896.16.1.lve1.4.51.el6

To install microcode_ctl, please run the following command:

yum clean all && yum install microcode_ctl -y && yum install kernel-2.6.32-896.16.1.lve1.4.51.el6
CloudLinux CLN downtime Monday, January 22nd, star...
Beta: MySQL Governor updated
 

Comments 8

Guest - Kailash on Friday, 19 January 2018 08:28

This Kernel is no working for Xen PV VM. It is unable to boot from this Kernel (as well as previous Kernel). Is there a fix Xen PV VM?

This Kernel is no working for Xen PV VM. It is unable to boot from this Kernel (as well as previous Kernel). Is there a fix Xen PV VM?
Guest - Irritated User on Friday, 19 January 2018 19:09

Same issue..the last two kernels would not boot in Xen. After the first debacle we were prepared for the second and literally were waiting to boot into rescue mode as soon as this kernel failed as well. I would suggest you attach a warning to your blog entry to not try it on Xen until you know it actually works.

Same issue..the last two kernels would not boot in Xen. After the first debacle we were prepared for the second and literally were waiting to boot into rescue mode as soon as this kernel failed as well. I would suggest you attach a warning to your blog entry to not try it on Xen until you know it actually works.
Igor Seletskiy on Friday, 19 January 2018 19:19

Xen PV is not supported with kernels with Meltdown/Spectre. We are waiting for upstream to resolve the issue, but we are not even sure if it is ever going to be resolved. You should migrate to Xen HVM

Xen PV is not supported with kernels with Meltdown/Spectre. We are waiting for upstream to resolve the issue, but we are not even sure if it is ever going to be resolved. You should migrate to Xen HVM
Guest - Ivan Levente on Monday, 22 January 2018 02:09

This version is running fine. No bugs here.
Only 1 more vulnerability remaining:

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel: YES
> STATUS: NOT VULNERABLE (84 opcodes found, which is >= 70, heuristic to be improved when official patches become available)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
* Hardware (CPU microcode) support for mitigation
* The SPEC_CTRL MSR is available: NO
* The SPEC_CTRL CPUID feature bit is set: NO
* Kernel support for IBRS: YES
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* Mitigation 2
* Kernel compiled with retpoline option: NO
* Kernel compiled with a retpoline-aware compiler: NO
> STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Checking if we're running under Xen PV (64 bits): NO
> STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)

This version is running fine. No bugs here. Only 1 more vulnerability remaining: [quote]CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' * Checking count of LFENCE opcodes in kernel: YES > STATUS: NOT VULNERABLE (84 opcodes found, which is >= 70, heuristic to be improved when official patches become available) CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' * Mitigation 1 * Hardware (CPU microcode) support for mitigation * The SPEC_CTRL MSR is available: NO * The SPEC_CTRL CPUID feature bit is set: NO * Kernel support for IBRS: YES * IBRS enabled for Kernel space: NO * IBRS enabled for User space: NO * Mitigation 2 * Kernel compiled with retpoline option: NO * Kernel compiled with a retpoline-aware compiler: NO > STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability) CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' * Kernel supports Page Table Isolation (PTI): YES * PTI enabled and active: YES * Checking if we're running under Xen PV (64 bits): NO > STATUS: NOT VULNERABLE (PTI mitigates the vulnerability) [/quote]
Guest - J on Monday, 05 February 2018 21:19

Is the improvement improved security or improved performance?

Is the improvement improved security or improved performance?
Alexandre Parubochyi on Tuesday, 06 February 2018 07:06

Security - the previous version appeared to be vulnerable to Spectre v1 when checked by https://github.com/speed47/spectre-meltdown-checker

Security - the previous version appeared to be vulnerable to Spectre v1 when checked by https://github.com/speed47/spectre-meltdown-checker
Guest - Ryan Smith on Wednesday, 07 February 2018 20:27

My upstream provider sent out a notice today that the Xen PV issue is apparently fixed in the CentOS kernel-2.6.32-696.20.1.el6.x86_64.rpm. When can we expect an updated CloudLinux 6 kernel with these fixes?

My upstream provider sent out a notice today that the Xen PV issue is apparently fixed in the CentOS kernel-2.6.32-696.20.1.el6.x86_64.rpm. When can we expect an updated CloudLinux 6 kernel with these fixes?
Alexandre Parubochyi on Friday, 09 February 2018 08:20

We expect it to be fixed in 1-2 weeks (testing repo)

We expect it to be fixed in 1-2 weeks (testing repo)
Already Registered? Login Here
Guest
Friday, 15 November 2019

Captcha Image