A new Fedora Atomic Host update is available via an OSTree commit. This update contains an important security patch.

Version: 27.47
Commit(x86_64): 397e907961adafaeff11b807ceade8da5783134072406fcdba627f1195e0db76
Commit(aarch64): 25965b64256417d7dfed37511ffe0cf842ebe64bd6adc8c57a3c603dcfd79885
Commit(ppc64le): c0d0a28a01fd363dfc317e3418935efae6d728a718320dfb3709c4282160f20f

This is a security related release of Fedora Atomic Host to address CVE-2017-5754 (Meltdown). This release does not yet handle the Spectre vulnerabilities, CVE-2017-5753 and CVE-2017-5715. Those will come in a future update. For more information see the Red Hat knowledgebase article.

kernel-4.14.11-300.fc27.x86_64 fixes BZ1530826 related to CVE-2017-5754. It also fixes some other CVEs as well. See the attached bugs to the bodhi update for more information.

The diff between this and the previous released version is:

• ostree diff commit old: b5845ebd002b2ec829c937d68645400aa163e7265936b3e91734c6f33a510473
• ostree diff commit new: 397e907961adafaeff11b807ceade8da5783134072406fcdba627f1195e0db76

Upgraded:

• container-selinux 2:2.36-1.fc27.noarch -> 2:2.37-1.fc27.noarch
• glibc 2.26-20.fc27.x86_64 -> 2.26-21.fc27.x86_64
• glibc-all-langpacks 2.26-20.fc27.x86_64 -> 2.26-21.fc27.x86_64
• glibc-common 2.26-20.fc27.x86_64 -> 2.26-21.fc27.x86_64
• kernel 4.14.8-300.fc27.x86_64 -> 4.14.11-300.fc27.x86_64
• kernel-core 4.14.8-300.fc27.x86_64 -> 4.14.11-300.fc27.x86_64
• kernel-modules 4.14.8-300.fc27.x86_64 -> 4.14.11-300.fc27.x86_64
• libcrypt-nss 2.26-20.fc27.x86_64 -> 2.26-21.fc27.x86_64
• oci-register-machine 0-5.11.gitcd1e331.fc27.x86_64 -> 0-5.12.git3c01f0b.fc27.x86_64
• oci-systemd-hook 1:0.1.13-1.gitafe4b4a.fc27.x86_64 -> 1:0.1.15-1.git2d0b8a3.fc27.x86_64
• oci-umount 2:2.3.0-1.git51e7c50.fc27.x86_64 -> 2:2.3.2-1.git3025b19.fc27.x86_64
• os-prober 1.74-3.fc27.x86_64 -> 1.74-4.fc27.x86_64
• selinux-policy 3.13.1-283.17.fc27.noarch -> 3.13.1-283.19.fc27.noarch
• selinux-policy-targeted 3.13.1-283.17.fc27.noarch -> 3.13.1-283.19.fc27.noarch
• vim-minimal 2:8.0.1386-1.fc27.x86_64 -> 2:8.0.1427-1.fc27.x86_64

Existing systems can be upgraded in place via e.g. atomic host upgrade or atomic host deploy. Systems on Fedora Atomic 26 can be upgraded using rpm-ostree rebase. Refer to the upgrade guide for more details.

Corresponding image media for new installations can be downloaded from GetFedora.org.

Respective signed CHECKSUM files can be found here:

• aarch64 ISO
• ppc64le ISO
• x86_64 ISO
• aarch64 Cloud Image
• ppc64le Cloud Image
• x86_64 Cloud Image

For direct download, the latest targets are always available at the following URLs:

• Latest ISO
• Latest QCOW
• Latest raw image
• Latest LibVirt VM
• Latest VirtualBox VM

Filename fetching URLs for downloading to remote systems are available by querying the following links:

• ISO
• QCOW
• raw
• LibVirt
• VirtualBox

For more information about the latest targets, please reference the Fedora Atomic Wiki space.

The Vagrant Cloud page with the new atomic host:

• All Fedora boxes
• Fedora Atomic Host 27

To provision using vagrant:

vagrant init fedora/27-atomic-host; vagrant up

or, if you already have the box, to get the new one:

vagrant box update --box fedora/27-atomic-host