Difference between revisions of "SVG:Meltdown and Spectre Vulnerabilities"

From EGIWiki
Jump to: navigation, search
(Add CentOS information)
Line 78: Line 78:
  
 
libvirt: [https://access.redhat.com/errata/RHSA-2018:0029 https://access.redhat.com/errata/RHSA-2018:0029]
 
libvirt: [https://access.redhat.com/errata/RHSA-2018:0029 https://access.redhat.com/errata/RHSA-2018:0029]
 +
 +
== CentOS Information  ==
 +
 +
CentOS 7:
 +
 +
* kernel Security Update: [https://lists.centos.org/pipermail/centos-announce/2018-January/022696.html CESA-2018:0007]
 +
* microcode_ctl Security Update: [https://lists.centos.org/pipermail/centos-announce/2018-January/022697.html CESA-2018:0012] <br> also needs dracut BugFix Update for AMD: [https://lists.centos.org/pipermail/centos-announce/2018-January/022708.html CEBA-2018:0042]
 +
* linux-firmware Security Update: [https://lists.centos.org/pipermail/centos-announce/2018-January/022698.html CESA-2018:0014]
 +
* qemu-kvm Security Update: [https://lists.centos.org/pipermail/centos-announce/2018-January/022705.html CESA-2018:0023]
 +
* libvirt Security Update: [https://lists.centos.org/pipermail/centos-announce/2018-January/022704.html CESA-2018:0029]
 +
 +
CentOS 6:
 +
 +
* kernel Security Update: [https://lists.centos.org/pipermail/centos-announce/2018-January/022701.html CESA-2018:0008]
 +
* microcode_ctl Security Update: [https://lists.centos.org/pipermail/centos-announce/2018-January/022700.html CESA-2018:0013]
 +
* qemu-kvm Security Update: [https://lists.centos.org/pipermail/centos-announce/2018-January/022702.html CESA-2018:0024]
 +
* libvirt Security Update: [https://lists.centos.org/pipermail/centos-announce/2018-January/022703.html CESA-2018:0030]
 +
 +
See further in the centos-announce Security mails for January
 +
[https://lists.centos.org/pipermail/centos-announce/2018-January/date.html  https://lists.centos.org/pipermail/centos-announce/2018-January/date.html]
  
 
== Scientific Linux  ==
 
== Scientific Linux  ==
Line 108: Line 128:
  
 
[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown]  
 
[https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown]  
 
== CentOS ==
 
 
This is discussed in the centos-announce Security mails for January
 
 
[https://lists.centos.org/pipermail/centos-announce/2018-January/date.html  https://lists.centos.org/pipermail/centos-announce/2018-January/date.html]
 
  
  

Revision as of 13:21, 12 January 2018

Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Meltdown and Spectre Vulnerabilities


More information is likely to be added in the coming days. This is an initial version.

Purpose of this page

To provide useful links and other information concerning the Meltdown and Spectre vulnerabilities, which we consider relevant to the EGI infrastructure.

What are they?

These are vulnerabilities in the design of the chip hardware, and cannot be fully resolved by patching operating systems. However patches are available which mitigate these problems.

Meltdown affects most Intel chips, and has CVE-2017-5754

Spectre affects a wide range of chips, CVE-2017-5753 and CVE-2017-5715.

Here you will find more information  http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/

https://meltdownattack.com/ , https://spectreattack.com/ and https://googleprojectzero.blogspot.dk/2018/01/reading-privileged-memory-with-side.html

CERN information

CERN has compiled information which is useful for many EGI sites

https://security.web.cern.ch/security/advisories/spectre-meltdown/spectre-meltdown.shtml

Intel Information

Product patches

https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File

RedHat Information

RedHat description:

https://access.redhat.com/security/vulnerabilities/speculativeexecution

https://access.redhat.com/articles/3307751


RedHat CVE info: [1]

https://access.redhat.com/security/cve/CVE-2017-5754

https://access.redhat.com/security/cve/CVE-2017-5753

https://access.redhat.com/security/cve/CVE-2017-5715


RHEL6:

kernel-2.6.32-696.18.7.el6: https://access.redhat.com/errata/RHSA-2018:0008

microcode_ctl-1.17-25.2.el6_9: https://access.redhat.com/errata/RHSA-2018:0013

RHEL7:

kernel-3.10.0-693.11.6.el7: https://access.redhat.com/errata/RHSA-2018:0007

microcode_ctl-2.1-22.2.el7: https://access.redhat.com/errata/RHSA-2018:0012

linux-firmware-20170606-57.gitc990aae.el7_4: https://access.redhat.com/errata/RHSA-2018:0014


qemu-kvm:

RHEL6:

qemu-kvm: https://access.redhat.com/errata/RHSA-2018:0024

libvirt: https://access.redhat.com/errata/RHSA-2018:0030

RHEL7:

qemu-kvm: https://access.redhat.com/errata/RHSA-2018:0023

libvirt: https://access.redhat.com/errata/RHSA-2018:0029

CentOS Information

CentOS 7:

CentOS 6:

See further in the centos-announce Security mails for January https://lists.centos.org/pipermail/centos-announce/2018-January/date.html

Scientific Linux

SL6:

https://www.scientificlinux.org/category/sl-errata/slsa-20180008-1/

SL7:

https://www.scientificlinux.org/category/sl-errata/slsa-20180007-1/


qemu-kvn:

SL6:

qemu-kvm: http://scientificlinux.org/category/sl-errata/slsa-20180024-1/

libvirt: http://scientificlinux.org/category/sl-errata/slsa-20180030-1/

SL7:

qemu-kvm: http://scientificlinux.org/category/sl-errata/slsa-20180023-1/

libvirt: http://scientificlinux.org/category/sl-errata/slsa-20180029-1/

Ubuntu

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown


Xen

Other Cloud related

The Kernel update of the hypervisor appears to be enough to ensure the isolation of the VMs.

https://www.qemu.org/2018/01/04/spectre/