Micro Focus Contributor
Micro Focus Contributor
3006 views

(resolved) Appliance channels temporarily disabled

A few hours ago, Intel issued a recommendation (https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/) to not apply a recently-issued patch related to the Spectre and Meltdown exploits.

In response, we have temporarily shut down access to the Change Guardian appliance update channels that contain this operating system patch. We are monitoring the situation and will post updated information when it’s available.

- Micro Focus Change Guardian product team

Cheryl Witt Project Manager Micro Focus Engineering
0 Likes
7 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Appliance channels temporarily disabled (Meltdown/Spectre)

Thank-you for updating us proactively.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: Appliance channels temporarily disabled (Meltdown/Spectr

We are in the process of generating and testing updated patches for the Change Guardian appliance channel, which will be re-enabled later this week. This update will include all of the latest SLES 11 patches and will exclude the patch that Intel revoked.

We will continue to issue updated OS patches as they become available (after sufficient testing with our appliance).

Thank you for your patience.

Cheryl Witt Project Manager Micro Focus Engineering
0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: Appliance channels temporarily disabled (Meltdown/Spectr

By tomorrow, we will have re-enabled the appliance update channels and published a TID on the Knowledge Base to describe how to remove the affected file, microcode_ctl-1.17-102.83.9.1.x86_64.rpm.

It's not possible to completely remove the microcode_ctl-1.17-102.83.9.1.x86_64.rpm from the update channel, so we recommend that customers remove it manually. (TID link to follow.)

Our testing doesn't show any major risks if you are unable to remove the RPM immediately; we have not observed any performance or stability impacts, and Change Guardian does not have any hard dependencies on this package.

When Intel issues an update to this file, we'll publish it through the channel as part of our regular SUSE OS updates.

Cheryl Witt Project Manager Micro Focus Engineering
0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: Appliance channels temporarily disabled (Meltdown/Spectr

Unfortunately, our IT department ran into a problem re-enabling the channels. They are confident they'll resolve the issues in the next 24 hours but cannot make guarantees beyond that.

Here's a TID to describe how to remove the microcode_ctl RPM from a Change Guardian appliance. (Look past the references to Sentinel; the same steps apply.) https://www.netiq.com/support/kb/doc.php?id=7022578

Cheryl Witt Project Manager Micro Focus Engineering
0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: Appliance channels temporarily disabled (Meltdown/Spectr

Update: The channel is re-enabled, but there is a sync process that is scheduled to happen overnight. All should be normal by this time tomorrow, if not earlier.

Cheryl Witt Project Manager Micro Focus Engineering
0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: Appliance channels temporarily disabled (Meltdown/Spectr

CeeDubbVA;2475173 wrote:

Here's a TID to describe how to remove the microcode_ctl RPM from a Change Guardian appliance. (Look past the references to Sentinel; the same steps apply.) https://www.netiq.com/support/kb/doc.php?id=7022578


NOTE: For CG, use the command “rpm -e --nodeps microcode_ctl-1.17-102.83.9.1” only. Do not use the zypper command in that TID because it interferes with some necessary post-upgrade scripts, and the service won't start properly.

Cheryl Witt Project Manager Micro Focus Engineering
0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: Appliance channels temporarily disabled (Meltdown/Spectr

There's a CG-specific TID now at https://www.netiq.com/support/kb/doc.php?id=7022579.

Cheryl Witt Project Manager Micro Focus Engineering
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.