A new Fedora Atomic Host update is available via an OSTree commit. This update contains an important security patch.

Version: 27.47
Commit(x86_64): 397e907961adafaeff11b807ceade8da5783134072406fcdba627f1195e0db76
Commit(aarch64): 25965b64256417d7dfed37511ffe0cf842ebe64bd6adc8c57a3c603dcfd79885
Commit(ppc64le): c0d0a28a01fd363dfc317e3418935efae6d728a718320dfb3709c4282160f20f

This is a security related release of Fedora Atomic Host to address CVE-2017-5754 (Meltdown). This release does not yet handle the Spectre vulnerabilities, CVE-2017-5753 and CVE-2017-5715. Those will come in a future update. For more information see the Red Hat knowledgebase article.

kernel-4.14.11-300.fc27.x86_64 fixes BZ1530826 related to CVE-2017-5754. It also fixes some other CVEs as well. See the attached bugs to the bodhi update for more information.

The diff between this and the previous released version is:

  • ostree diff commit old: b5845ebd002b2ec829c937d68645400aa163e7265936b3e91734c6f33a510473
  • ostree diff commit new: 397e907961adafaeff11b807ceade8da5783134072406fcdba627f1195e0db76

Upgraded:

  • container-selinux 2:2.36-1.fc27.noarch -> 2:2.37-1.fc27.noarch
  • glibc 2.26-20.fc27.x86_64 -> 2.26-21.fc27.x86_64
  • glibc-all-langpacks 2.26-20.fc27.x86_64 -> 2.26-21.fc27.x86_64
  • glibc-common 2.26-20.fc27.x86_64 -> 2.26-21.fc27.x86_64
  • kernel 4.14.8-300.fc27.x86_64 -> 4.14.11-300.fc27.x86_64
  • kernel-core 4.14.8-300.fc27.x86_64 -> 4.14.11-300.fc27.x86_64
  • kernel-modules 4.14.8-300.fc27.x86_64 -> 4.14.11-300.fc27.x86_64
  • libcrypt-nss 2.26-20.fc27.x86_64 -> 2.26-21.fc27.x86_64
  • oci-register-machine 0-5.11.gitcd1e331.fc27.x86_64 -> 0-5.12.git3c01f0b.fc27.x86_64
  • oci-systemd-hook 1:0.1.13-1.gitafe4b4a.fc27.x86_64 -> 1:0.1.15-1.git2d0b8a3.fc27.x86_64
  • oci-umount 2:2.3.0-1.git51e7c50.fc27.x86_64 -> 2:2.3.2-1.git3025b19.fc27.x86_64
  • os-prober 1.74-3.fc27.x86_64 -> 1.74-4.fc27.x86_64
  • selinux-policy 3.13.1-283.17.fc27.noarch -> 3.13.1-283.19.fc27.noarch
  • selinux-policy-targeted 3.13.1-283.17.fc27.noarch -> 3.13.1-283.19.fc27.noarch
  • vim-minimal 2:8.0.1386-1.fc27.x86_64 -> 2:8.0.1427-1.fc27.x86_64

Existing systems can be upgraded in place via e.g. atomic host upgrade or atomic host deploy. Systems on Fedora Atomic 26 can be upgraded using rpm-ostree rebase. Refer to the upgrade guide for more details.

Corresponding image media for new installations can be downloaded from GetFedora.org.

Respective signed CHECKSUM files can be found here:

For direct download, the latest targets are always available at the following URLs:

Filename fetching URLs for downloading to remote systems are available by querying the following links:

For more information about the latest targets, please reference the Fedora Atomic Wiki space.

The Vagrant Cloud page with the new atomic host:

To provision using vagrant:

vagrant init fedora/27-atomic-host; vagrant up

or, if you already have the box, to get the new one:

vagrant box update --box fedora/27-atomic-host