Bug 1710918 - Require updated microcode_ctl on hosts
Summary: Require updated microcode_ctl on hosts
Alias: None
Product: ovirt-distribution
Classification: oVirt
Component: ovirt-host
Version: 4.3.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: ovirt-4.3.4
: 4.3.3
Assignee: Sandro Bonazzola
QA Contact: Pavel Novotny
Depends On:
Blocks: 1711224
TreeView+ depends on / blocked
Reported: 2019-05-16 14:49 UTC by Sandro Bonazzola
Modified: 2019-06-20 11:48 UTC (History)
5 users (show)

Fixed In Version: ovirt-host-4.3.3-1
Doc Type: Bug Fix
Doc Text:
ovirt-host now require a minimum version of microcode_ctl on x86_64 architecture ensuring to update it for addressing CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, CVE-2019-11091
Clone Of:
Last Closed: 2019-06-20 11:48:03 UTC
oVirt Team: Integration
sbonazzo: ovirt-4.3?

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
oVirt gerrit 100110 0 master MERGED spec: require updated microcode_ctl 2019-05-16 16:08:41 UTC
oVirt gerrit 100111 0 ovirt-4.3 MERGED spec: require updated microcode_ctl 2019-05-16 16:32:23 UTC

Description Sandro Bonazzola 2019-05-16 14:49:29 UTC
On Fedora based oVirt Node microcode_ctl is missing and on EL7 host there is no strict requirement on minimum version for this package.
In order to ensure latest microcode is available on the host, requiring it here.
This should help with getting updates for CVE-2018-12130,
CVE-2018-12126, CVE-2018-12127, CVE-2019-11091.

Comment 1 Pavel Novotny 2019-06-14 13:14:31 UTC
Verified in ovirt-host-4.3.3-1.el7ev.x86_64

microcode_ctl >= 2.1-47.2 is now required for RHEL-based ovirt-host:

# rpm -q ovirt-host{,-dependencies}
# rpm -qR ovirt-host-dependencies | grep microcode_ctl
microcode_ctl >= 2.1-47.2

Comment 2 Sandro Bonazzola 2019-06-20 11:48:03 UTC
This bugzilla is included in oVirt 4.3.4 release, published on June 11th 2019.

Since the problem described in this bug report should be
resolved in oVirt 4.3.4 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.

Note You need to log in before you can comment on or make changes to this bug.