rssLink RSS for all categories
 
icon_orange
icon_green
icon_red
icon_orange
icon_red
icon_green
icon_green
icon_orange
icon_green
icon_blue
icon_green
icon_green
icon_green
icon_green
icon_orange
icon_blue
icon_green
icon_green
icon_red
icon_red
icon_green
icon_green
icon_red
icon_orange
icon_orange
icon_green
icon_green
icon_green
icon_green
icon_green
icon_red
 

FS#29261 — Meltdown / Spectre

Attached to Project— Cloud
Maintenance
cloud
CLOSED
100%
Following the different CVE publicized :
- CVE-2017-5715 (branch target injection – Spectre)
- CVE-2017-5753 (bounds check bypass – Spectre)
- CVE-2017-5754 (rogue data cache load – Meltdown)

Variant 1: bounds check bypass (CVE-2017-5753) - spectre
Vulnerable : YES
Fixed by patch : YES

Variant 2: branch target injection (CVE-2017-5715) - spectre
Vulnerable : YES
Fixed by patch : YES

Variant 3: rogue data cache load (CVE-2017-5754) - meltdown
Vulnerable : YES
Fixed by patch : YES

We will have to apply updates on different sides:
- customers side
- OVH side

On customer side, KVM on host is not impacted but customers need to apply patches in their OS. OVH is maintaining a list of vendors patches => http://travaux.ovh.net/?do=details&id=29257.

On OVH side, new versions of microcodes and kernels are being tested and will be applied in next step once they'll be validated.
Date:  Monday, 04 June 2018, 10:03AM
Reason for closing:  Done
Comment by OVH - Monday, 04 June 2018, 10:03AM

Upgrade still in progress.

Microcode deploy this week.

We closed this travaux tasks.