This thread is created to provide updates on our compatibility with the Meltdown kernel patches released by the Linux OS vendors.
It has been discovered that Red Hat 6 and Red Hat 7 64bit Kernel Updates and PIM will cause the system panic when starting our agent on the following kernel levels.
RHEL 6 - 2.6.32-696.18.7.el6.x86_64RHEL 7 - 3.10.0-693.11.6.el7.x86_64
PAMSC 14 fix have been released on the Solutions and Patches page. This also covers PIM 14 Enterprise Manager on Linux with the embedded PAMSC endpoint.
PIM 12.6.3 fix for Red Hat 6 has been released on Solutions and Patches page as SO00057.
PIM 12.8 GA fix for Red Hat 6 only has been released on the Solutions and Patches page as SO00058.
PIM 12.8 SP1 fix has been released on the Solutions and Patches page as SO00005.
PIM 12.9 (Management Servers) fix for Red Hat 6 has been released on Solutions and Patches page as SO00293.
PIM 12.9.1/12.9.2 (Management Servers) fix for Red Hat 6 has been released on Solutions and Patches page as SO00294.
Red Hat AUS/EUS:
PIM 12.8 SP1 fix for the following kernels on Red Hat has been released on Solutions and Patches page as SO00292.
RHEL 6.7 EUS, 6.x latest
2.6.32-573.49.3.el6.x86_64 - RHEL 6.7 - EUS
2.6.32-573.51.1.el6.x86_64 - RHEL 6.7 - EUS
2.6.32-696.18.7.el6.x86_64 - RHEL 6.x - latest
RHEL 7.2, 7.3 EUS/AUS, 7.x latest
3.10.0-327.62.4.el7.x86_64 - RHEL 7.2 - AUS
3.10.0-514.36.5.el7.x86_64 - RHEL 7.3 - EUS
3.10.0-693.11.6.el7.x86_64 - RHEL 7.4 - latest
Due to Red Hat restrictions we are unable to provide updates for the following AUS kernels.
RHEL6.2 AUS kernel-2.6.32-220.77.1.el6.x86_64(RHBA-2018:0120)RHEL6.5 AUS kernel-2.6.32-431.86.1.el6.x86_64(RHBA-2018:0119)
Red Hat 5
RHEL 5, 2.6.18-426.el5, which was released on 2/7/2018 has been tested with PIM endpoint and no update is required to our SEOS_syscall.https://access.redhat.com/errata/RHSA-2018:0292
We are unable to make a Red Hat 7 fix for PIM 12.8 GA. It is required to upgrade to 12.8 SP1 full fixes to support Meltdown. (SO00290 - install_base | SO00277 - RPM)
s390xWe have done our testing on Red Hat 7.4 and SLES 12.3 running on s390x with our exiting modules. No updates are required on s390x systems based on our testing.Latest kernel modules we have tested.RHEL - 3.10.0-693.17.1.el7.s390xSLES - 4.4.114-94.11-default
We have found not all versions of SUSE Linux with the meltdown kernel patch will require an updated SEOS_syscall. Here is the breakdown of what passed and failed.
Passed – no patch needed:
SLES 11.4 - kernel-default-3.0.101-108.21.1
SLES 12.0 - kernel-default-3.12.61-52.111.1
SLES 12.1 - kernel-default-3.12.74-220.127.116.11
Failed – Patch Required
SLES 12.2 - 4.4.103-92.56-default
SLES 12.3 - 4.4.103-6.38-default
PIM 12.8.1 fix for SUSE 12.2 and 12.3 has been released on Solutions and Patches page as SO00152.
Oracle Enterprise Linux:
It has been discovered that Oracle Enterprise Linux 7 running UEKr4 kernels will require an updated SEOS_syscall module.
OEL 6.x, 7.x UEKr4 - latest
PIM 12.8.1 fix for OEL 6 & OEL 7 has been released on Solutions and Patches page as SO00248.
We have added the following kernel support to PAMSC 14.01 Rollup Patch for Meltdown
Full Install Packages:
We have created full rollup install patches for 12.8 SP1
SO00290 - install_base | SO00277 - RPM
These packages include support for the following kernels:
2.6.32-573.51.1.el6.x86_64 - RHEL 6.7 - EUS (same module)
SLES 12.2, 12.3
4.4.103-92.56-default - SLES 12.2 - latest
4.4.103-6.38-default - SLES 12.3 - latest
We have tested IBM's AIX 7.1 patch without any problems with our SEOS_syscall module.
# oslevel -s7100-03-05-1524
Please follow this thread as it will be updated when patches are published.
Aaron Armagost Manager, Software Engineering (CA)
On the other hand, according to Broadcom in the following URL:
SuSE Linux is included in the so-called "Tier 1" in which the output of the versions of compatible agents will take between 4 and 6 months. This URL speaks even between 1 and 2 months for service packs.
Given that according to the SuSE Linux website (https://www.suse.com/lifecycle/) version 15 of SuSE Linux was released on July 16, 2018, and version 15 SP1 of Linux was released on June 24 of 2019, the corresponding versions of the CA Access Control agent that will be released on December 16, 2018 and August 24, 2019, respectively. However, none of them is currently available.