stable

kernel-4.14.14-200.fc26

FEDORA-2018-8dc60a4feb created by jforbes 6 years ago for Fedora 26

The 4.14.14 stable update contains a number of important fixes across the tree. This update also includes some PPC mitigations, and has been built with a retpoline capable compiler for improved Spectre mitigation on x86_64.

Reboot Required
After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-8dc60a4feb

This update has been submitted for testing by jforbes.

6 years ago

Works as expected.

karma: +1

User Icon hreindl commented & provided feedback 6 years ago
karma

works for me

By "built with a retpoline capable compiler" I assume you mean it was built with gcc-7.2.1-7, but the latest gcc I can see at https://bodhi.fedoraproject.org/updates/?search=gcc is gcc-7.2.1-2. Shouldn't the gcc package be pushed first, and shouldn't this package have a build dependency on the retpoline capable gcc, so the build can be reproduced by users?

@cesarb yes it is built with gcc-7.2.1-7 and no there is no reason that the gcc packlage is pushed first because it#s about a kernel security update and needless have that to wait for gcc going to updates-testing and all that stuff means either a 4.14.14 with not all security enchanements or a not justified delay and frankly "so the build can be reproduced by users" is nice but not really why you use a distribution

if you want that gcc just install it - or webstack is built with -mindirect-branch=thunk since thursday (we maintain httpd/apr/php/mysql at our own for a decade now)

@cesarb Yes, it was built with gcc-7.2.1-7, and no there should not be a build dependency on it. The patches for retpoline support were added to our 4.14.13 update, but the compiler was not available in koji. As a result, that kernel offered " Minimal generic ASM retpoline" mitigations. Still better than nothing. Building with an updated gcc changed that to "Full generic retpoline". As there is no runtime dependency for this change, it seems more benefit to get the improved mitigation out to users. The gcc builds are in koji and you are welcome to install them.

This update has been pushed to testing.

6 years ago
User Icon cesarb provided feedback 6 years ago
karma

This update has been submitted for batched by jforbes.

6 years ago

This update has been submitted for stable by jforbes.

6 years ago

This update has been pushed to stable.

6 years ago
karma

Please login to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
BZ#1532458 kernel panic running 4.14.11-300.fc27 in a Centos6 KVM
0
0
BZ#1533890 CVE-2018-5332 kernel: rds_message_alloc_sgs() function doesn't validate value used during DMA page allocation causes heap out-of-bounds write
0
0
BZ#1533891 CVE-2018-5333 kernel: Null pointer dereference in rds_atomic_free_op() allowing denial-of-service
0
0
BZ#1533895 CVE-2018-5332 CVE-2018-5333 kernel: various flaws [fedora-all]
0
0
BZ#1533909 CVE-2018-5344 kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service
0
0
BZ#1533911 CVE-2018-5344 kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service [fedora-all]
0
0

Automated Test Results

Test Cases

0 0 Test Case kernel regression