CVE-2018-3620 - L1 terminal fault vulnerability

[hickeng]

Update PhotonOS kernel packages to address
https://www.vmware.com/security/advisories/VMSA-2018-0021.htm

CVE-2018-3620

Ongoing industry work to address specter/meltdown

Kernel version is expected to be 4.4.148-1 but should be confirmed before closing.

[DanielXiao]

I made a new image gcr.io/eminent-nation-87317/local-repo:1.7 which downloads latest packages from https://dl.bintray.com/vmware/photon_updates_1.0_x86_64/x86_64/ and the linux kernel package version is 4.4.152-1.ph1.

It 's running on wdc-yum-builder-ci.eng.vmware.com now but only vic install packages from this local yum repo.

Because of exclude list in https://github.com/vmware/vic/blob/master/infra/integration-image/LocalRepo, there are packages missing to build vic-product ova. vic-product is still using remote repo and the current linux kernel version is 4.4.152-1.ph1.

[DanielXiao]

Close it and file a new task #8247 to track issue on vic-product.

[zjs]

I think this is worth a release note, as there is security impact.

[stuclem]

Added as a resolved issue in https://github.com/vmware/vic/releases/tag/v1.4.3