(UPDATED 22-Jan-2018) Security Advisory: Intel Security Findings: "Meltdown" and "Spectre"

Sean G. -

Overview

This notice is to advise Joyent customers of the potential security vulnerabilities surrounding Intel hardware, known as Spectre and Meltdown:

  • CVE-2017-5753
  • CVE-2017-5715
  • CVE-2017-5754

Description

Details surrounding Intel's findings regarding Spectre and Meltdown can be reviewed here. Additional information can be reviewed here and here.

Actions Taken by Joyent

Joyent has identified the necessary fixes to address the Meltdown vulnerability.  We are now in the process of creating a new Platform Image (PI) containing these fixes and running it through an initial QA cycle.  Once confident it is ready for production, the PI will be applied across the Triton Cloud (public cloud), and made available to Triton Enterprise software users in parallel. Please note that this update will require a reboot of the underlying physical servers.

For users running Ubuntu-certified KVM, images containing the fix are available; please see the "Actions You Need to Take" section below for more information. 

New KVM images of other types are actively being worked on. We will update this notice when those new images become available. 

Further updates will continue to be posted here.

Actions You Need to Take

Triton Public Cloud Users:

For users running Docker or infrastructure containers (container-native Linux or SmartOS), there is no action required on your end at this time. Joyent will be providing a fix in the form of a PI as mentioned above.

To move to the new Ubuntu-certified image release, you will need to provision a new container using that image. You can learn more about the Ubuntu-certified images that are available here.

For remedial actions on KVM Linux/Windows containers, please check the notices applicable to the distro you are using:

Debian and Ubuntu users can update images with the following commands:

sudo apt-get update 
sudo apt-get dist-upgrade

CentOS users can update images using the following:

sudo yum update

For all other distro's, please consult with the specific OS provider for best practices around updating and patching.

Note that all distros will require a reboot after being updated.


Open Source Triton Users:

Please direct any questions to The SmartOS Community Mailing Lists and IRC.

Support

If you are a Joyent customer and have any further questions or concerns after reading the information provided above, please contact Joyent Support.

As noted above, if you are an Open Source Triton user, please direct any further questions to the SmartOS Community Mailing Lists and IRC.

Have more questions? Submit a request

0 Comments

Article is closed for comments.