|
|
(47 intermediate revisions by 9 users not shown) |
Line 1: |
Line 1: |
| {{svg-header}} | | {{svg-header}} |
| | | {{DeprecatedAndMovedTo|new_location=https://advisories.egi.eu/Meltdown_and_Spectre_Vulnerabilities}} |
| More information is likely to be added in the coming days. This is an initial version.
| |
| | |
| == Purpose of this page ==
| |
| | |
| To provide useful links and other information concerning the Meltdown and Spectre vulnerabilities.
| |
| | |
| == What are they? ==
| |
| | |
| These are vulnerabilities in the design of the chip hardware, and cannot be fully resolved by patching operating systems. However patches are available which mitigate these problems.
| |
| | |
| Meltdown affects most Intel chips, and has CVE-2017-5754
| |
| | |
| Spectre affects a wide range of chips, CVE-2017-5753 and CVE-2017-5715.
| |
| | |
| Here you will find more information [http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/ http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/]
| |
| | |
| [https://meltdownattack.com/ https://meltdownattack.com/ ], [https://spectreattack.com/ https://spectreattack.com/] and [https://googleprojectzero.blogspot.dk/2018/01/reading-privileged-memory-with-side.html https://googleprojectzero.blogspot.dk/2018/01/reading-privileged-memory-with-side.html]
| |
| | |
| == CERN information ==
| |
| | |
| CERN has compiled information which is useful for may EGI sites
| |
| | |
| [https://security.web.cern.ch/security/advisories/spectre-meltdown/spectre-meltdown.shtml https://security.web.cern.ch/security/advisories/spectre-meltdown/spectre-meltdown.shtml]
| |
| | |
| == Intel Information ==
| |
| | |
| Product patches
| |
| | |
| [https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File]
| |
| | |
| == RedHat Information ==
| |
| | |
| RedHat description:
| |
| | |
| [https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/vulnerabilities/speculativeexecution]
| |
| | |
| [https://access.redhat.com/articles/3307751 https://access.redhat.com/articles/3307751]
| |
| | |
| | |
| | |
| RedHat CVE info: [https://access.redhat.com/security/cve/CVE-2017-5754]
| |
| | |
| [https://access.redhat.com/security/cve/CVE-2017-5754 https://access.redhat.com/security/cve/CVE-2017-5754]
| |
| | |
| [https://access.redhat.com/security/cve/CVE-2017-5753 https://access.redhat.com/security/cve/CVE-2017-5753]
| |
| | |
| [https://access.redhat.com/security/cve/CVE-2017-5715 https://access.redhat.com/security/cve/CVE-2017-5715]
| |
| | |
| | |
| | |
| RHEL6:
| |
| | |
| kernel-2.6.32-696.18.7.el6: [https://access.redhat.com/errata/RHSA-2018:0008 https://access.redhat.com/errata/RHSA-2018:0008]
| |
| | |
| microcode_ctl-1.17-25.2.el6_9: [https://access.redhat.com/errata/RHSA-2018:0013 https://access.redhat.com/errata/RHSA-2018:0013]
| |
| | |
| RHEL7:
| |
| | |
| kernel-3.10.0-693.11.6.el7: [https://access.redhat.com/errata/RHSA-2018:0007 https://access.redhat.com/errata/RHSA-2018:0007]
| |
| | |
| microcode_ctl-2.1-22.2.el7: [https://access.redhat.com/errata/RHSA-2018:0012 https://access.redhat.com/errata/RHSA-2018:0012]
| |
| | |
| linux-firmware-20170606-57.gitc990aae.el7_4: [https://access.redhat.com/errata/RHSA-2018:0014 https://access.redhat.com/errata/RHSA-2018:0014]
| |
| | |
| <br> qemu-kvm:
| |
| | |
| RHEL6:
| |
| | |
| qemu-kvm: [https://access.redhat.com/errata/RHSA-2018:0024 https://access.redhat.com/errata/RHSA-2018:0024]
| |
| | |
| libvirt: [https://access.redhat.com/errata/RHSA-2018:0030 https://access.redhat.com/errata/RHSA-2018:0030]
| |
| | |
| RHEL7:
| |
| | |
| qemu-kvm: [https://access.redhat.com/errata/RHSA-2018:0023 https://access.redhat.com/errata/RHSA-2018:0023]
| |
| | |
| libvirt: [https://access.redhat.com/errata/RHSA-2018:0029 https://access.redhat.com/errata/RHSA-2018:0029]
| |
| | |
| == Scientific Linux ==
| |
| | |
| SL6:
| |
| | |
| [https://www.scientificlinux.org/category/sl-errata/slsa-20180008-1/ https://www.scientificlinux.org/category/sl-errata/slsa-20180008-1/]
| |
| | |
| SL7:
| |
| | |
| [https://www.scientificlinux.org/category/sl-errata/slsa-20180007-1/ https://www.scientificlinux.org/category/sl-errata/slsa-20180007-1/]
| |
| | |
| <br>
| |
| | |
| qemu-kvn:
| |
| | |
| SL6:
| |
| | |
| qemu-kvm: [http://scientificlinux.org/category/sl-errata/slsa-20180024-1/ http://scientificlinux.org/category/sl-errata/slsa-20180024-1/]
| |
| | |
| libvirt: [http://scientificlinux.org/category/sl-errata/slsa-20180030-1/ http://scientificlinux.org/category/sl-errata/slsa-20180030-1/]
| |
| | |
| SL7:
| |
| | |
| qemu-kvm: [http://scientificlinux.org/category/sl-errata/slsa-20180023-1/ http://scientificlinux.org/category/sl-errata/slsa-20180023-1/]
| |
| | |
| libvirt: [http://scientificlinux.org/category/sl-errata/slsa-20180029-1/ http://scientificlinux.org/category/sl-errata/slsa-20180029-1/]
| |
| | |
| == Ubuntu ==
| |
| | |
| [https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown]
| |
| | |
| == Xen ==
| |
| | |
| [https://xenbits.xen.org/xsa/advisory-254.html https://xenbits.xen.org/xsa/advisory-254.html]
| |
| | |
| == Other Cloud related ==
| |
| | |
| The Kernel update of the hypervisor appears to be enough to ensure the isolation of the VMs.
| |
| | |
| [https://www.qemu.org/2018/01/04/spectre/ https://www.qemu.org/2018/01/04/spectre/]
| |