Meltdown and Spectre Vulnerability Patching Guidance for CentOS 7
The following steps are intended to be run on Platform9 Managed OpenStack hosts and Kubernetes hosts. These steps will mitigate the recent Meltdown and Spectre vulnerabilities.
Additional details regarding these vulnerabilities may be found on the US-CERT website under Alert TA18-004A.
Step 1: Update the impacted packages
Run the following command to patch your host. This command will only update these packages if an earlier version exists.
[bash]sudo yum update \kernel \
kernel-abi-whitelists \
kernel-debug \
kernel-debug-devel \
kernel-devel \
kernel-doc \
kernel-headers \
kernel-tools \
kernel-tools-libs \
kernel-tools-libs-devel \
perf \
python-perf \
microcode_ctl \
iwl1000-firmware \
iwl100-firmware \
iwl105-firmware \
iwl135-firmware \
iwl2000-firmware \
iwl2030-firmware \
iwl3160-firmware \
iwl3945-firmware \
iwl4965-firmware \
iwl5000-firmware \
iwl5150-firmware \
iwl6000-firmware \
iwl6000g2a-firmware \
iwl6000g2b-firmware \
iwl6050-firmware \
iwl7260-firmware \
iwl7265-firmware \
linux-firmware \
libvirt \
libvirt-admin \
libvirt-client \
libvirt-daemon \
libvirt-daemon-config-network \
libvirt-daemon-config-nwfilter \
libvirt-daemon-driver-interface \
libvirt-daemon-driver-lxc \
libvirt-daemon-driver-network \
libvirt-daemon-driver-nodedev \
libvirt-daemon-driver-nwfilter \
libvirt-daemon-driver-qemu \
libvirt-daemon-driver-secret \
libvirt-daemon-driver-storage \
libvirt-daemon-driver-storage-core \
libvirt-daemon-driver-storage-disk \
libvirt-daemon-driver-storage-gluster \
libvirt-daemon-driver-storage-iscsi \
libvirt-daemon-driver-storage-logical \
libvirt-daemon-driver-storage-mpath \
libvirt-daemon-driver-storage-rbd \
libvirt-daemon-driver-storage-scsi \
libvirt-daemon-kvm \
libvirt-daemon-lxc \
libvirt-devel \
libvirt-docs \
libvirt-libs \
libvirt-lock-sanlock \
libvirt-login-shell \
libvirt-nss \
qemu-img \
qemu-kvm \
qemu-kvm-common \
qemu-kvm-tools \
dracut \
dracut-caps \
dracut-config-generic \
dracut-config-rescue \
dracut-fips \
dracut-fips-aesni \
dracut-network \
dracut-tools[/bash]
Step 2: Reboot your host
A reboot is required for all of the updated packages to take effect.
[bash]sudo reboot[/bash]