Try   HackMD

Testers needed for updated packages: Intel and AMD CPUs affected

Earlier this week a few vulnerabilities have been reported to affect Intel and AMD CPUs. AlmaLinux OS Foundation calls for community to help to test updated packages for AlmaLinux OS 8 and AlmaLinux OS 9.

How do I install updated packages?

As AlmaLinux OS has changed its build processes in order to be ABI compatible with Red Hat, Testing repo has been created for packages that differ from RHEL and require additional testing by community.
To be able to help with testing, Testing repo should be enabled on AlmaLinux machine:

dnf install -y almalinux-release-testing

It's highly recommended to enable Testing repo on all non-production machines to participate in AlmaLinux development.

CVE-2022-40982 aka Downfall (Intel)

CVE-2022-40982 vulnerability is related to a Gather Data Sampling (GDS) transient execution side-channel vulnerability affecting Intel CPUs. This may allow an attacker to access stale data from previously used vector registers on the same physical core. Computing devices based on Intel Core processors from the 6th Skylake to (including) the 11th Tiger Lake generation are affected.

The vulnerability can be mitigated by updating CPU microcode - microcode_ctl package:

dnf update microcode_ctl

To check that the installation completed successfully, you can run:

rpm -qa microcode_ctl

Make sure that you've got the following version:

  • AlmaLinux OS 8 - microcode_ctl-20220809-2.20230808.1.el8_8.alma
  • AlmaLinux OS 9 - microcode_ctl-20220809-2.20230808.1.el9_2.alma

To update CPU microcode run the following:

echo 1 > /sys/devices/system/cpu/microcode/reload

CVE-2023-20569 (AMD)

CVE-2023-20569 vulnerability affects "Zen 3" and "Zen 4" AMD CPUs as it may allow an attacker to influence the return address prediction. This may potentially lead to information disclosure.

The vulnerability can be partially mitigated by updating linux-firmware package:

dnf update linux-firmware

To check that the installation completed successfully, you can run:

rpm -qa linux-firmware

Make sure that you've got the following version:

  • AlmaLinux OS 8 - linux-firmware-20230404-114.git2e92a49f.el8_8.alma.1
  • AlmaLinux OS 9 - linux-firmware-20230310-134.el9_2.alma.1

To update CPU microcode run the following:

echo 1 > /sys/devices/system/cpu/microcode/reload

Share your output

Once you have completed your testing, please help us by letting us know it works for you!

Please share the information (sanitized in whatever way you feel comfortable) in a comment on the issue that we have created specificaly for AlmaLinux 8 and for AlmaLinux 9 to track on bugs.almalinux.org:

Please include the output of the two commands from the test server and whether it worked for you:

lscpu
journalctl -k --grep=microcode

Come Help with Testing

If you want to contribute and help with testing - join the AlmaLinux community and the Release Engineering SIG chat channel.

We appreciate any contribution as they help us keep AlmaLinux OS free and make it better!

Last changed by 
AlmaLinux
AlmaLinux
0
70

Read more

tags: processing

Hello, Community! After AlmaLinux OS has shifted its direction, it now aims to provide more of additional content for the Community. For such purpose, two additional repositories have been added - Testing and Synergy. AlmaLinux OS Foundation is announcing that both repositories are now available for AlmaLinux OS 8 and AlmaLinux OS 9.

Feb 6, 2025
Errata template

Subject: [type of advisory Advisory] errata ID, severity: short description update Hi, you are receiving an AlmaLinux Bugfix/Enhancement/Security update email because you subscribed to receive errata notifications from AlmaLinux. Type: type Severity: severity Release date: release date Summary:

Feb 6, 2025
Announcing ELevate upgrades between OS versions 8 to 9 goes stable

Hello, Community! We'd like to announce that ELevate project now supports upgrades from 8.x to 9.x within your chose distrubution! Visually, you can see ELevate supports the following migration directions: * - migration to CentOS Stream 9 is currently in process and will be available later. ** - migration to Oracle Linux 9 is available with the Oracle Leapp utility and will not be supported by ELevate project. As usual, this is a simple reminder to make sure you have backups and/or snapshots of your system before you proceed. It is recommended to do a trial run in a sandbox to verify that migration worked as expected before you attempt to migrate any production system. For more details, please, visit the the webpage and ELevate wiki page. You may also wanna check out the ELevate Quick Start Guide to start with. We are eager to get your feedback, contributions, and bug reports as they are helpful in making the migration more stable and adding support for other operating systems and making the migration more stable.

Feb 6, 2025
AlmaLinux OS brings openQA to RHEL

Hello! I'm Elkhan Mammadli and you may know me as an avid AlmaLinux contributor and the head of AlmaLinux Cloud Images SIG. Today I'd like to share an absolutely awesome story about collaboration–the open source way. AlmaLinux OS has come a long way in a very short time. We’ve been fully committed to delivering the best possible experience for the community, no matter where or what you run. A big part of ensuring the quality of our releases is testing; lots and lots of testing. A while ago we went looking for a good testing automation framework to build into our release process. Thanks to a fortuitous session at FOSDEM, we decided to've implemented the openQA, which is used by a few other distros, including openSuse, Fedora and Debian. There were a couple of problems before we could get started though. openQA didn’t have support for RHEL or derivatives, didn’t support the RHEL virt stack and it also didn’t have support for s390x–so we added them. What is openQA and how does it work? Simply put, openQA is an automated test tool for operating systems. It simplifies automated testing of the whole installation process of an operating system in a wide combination of software and hardware configurations. The openQA tool uses virtual machines to reproduce predefined processes and check the output against what it expects. You can check out the openQA site or our openQA User Guide for more details. How did we do it?

Feb 6, 2025
Read more from AlmaLinux
Published on HackMD