Status of Meltdown and Spectre vulnerabilities

It is undeniable that Open Source isn't just delivering the building blocks of our digital world but, thanks to the growing number of involved professionals, is helping in making our infrastructures more secure.
Thanks to the efforts of developers and researchers several software and hardware vulnerabilities are being constantly discovered and fixed.

One of the latest discoveries made by independent researchers, probably tipped by a presentation made by Anders Fogh at the BlackHat Conference in 2016, is that serious security flaws have been baked into computer chips for decades. It may be surprising that serious flaws may remain undiscovered for such a long time but most processors manufacturers aren't very open regarding the design of their products so it may take a lot of time and patience to tests and confirm those vulnerabilities by, nearly, blindly testing any formulated hypothesis.

Much has been and can be said about it but most of you may wonder "Should I start panicking?"


Simple answers:

Don't panic if you own and control your virtualisation infrastructure (private Cloud) and run trusted workloads
Do panic if you run your workloads in a public Cloud or shared virtual environment


Should you do something about it?

Those that, unfortunately, haven't yet discovered that private Cloud can be a lot more cost effective than public Cloud should have received notifications by their providers that patches are being applied to the virtualisation environment and that client should get patching their own virtual machines as well.

Until your Cloud provider applies patches to the hypervisor and related CPU microcode then there isn't much you can do about it so just relax but hope there are no people sharing the host with you that want to test if the exploits work. Keep in mind that some early patches applied by your Cloud providers may affect the stability of your VMs. We noticed that some vendors issued some updates but quickly withdrawn them when they realised they where causing problems.

Once you get confirmation from your provider that the patches have been tested and applied then proceed to install the updates available for the vendors we represent.

Note: patches that mitigate some of the issues will affect performances, some say between 5 to 30%, so be prepared to see your monthly Cloud bill to go up.

Are Omnis Systems partners and customers affected?

Many of our partners demonstrated to their customers that, using the right solutions, an on-premises virtualisation platform or Private Cloud is a lot more efficient than a Public Cloud so there is generally no need to rush to apply patches for the solutions we distribute.

However, there are situation where the solutions we distribute may have been virtualised on a Public Cloud so apply the updates below as soon as you get confirmation that the hypervisors have been patched with a stable and tested release.

Updates from our partners

If you are running your virtual machines in untrusted environments do follow our partners advice on how to apply updates to mitigate the risks:

Collax Simply Linux

OnApp Private Cloud

 Univention Logo 180x45

NComputing VERDE VDI 144x50

NComputing VERDE is deployed on stock CentOS so make sure you are running version 6.9 or 7 and follow the usual update steps.

Regarding the other solutions we supply please follow the instructions related to the Linux distribution you are using.

More resources about Meltdown and Spectre

Many articles and blog posts have been written about these vulnerability but most of what you need to know about them and if you look for links to many of the vendors involved then head to the Meltdown and Spectre attack site.


Omnis Systems Tweets

RT @kopanobv: How to create a round-the-table experience using Meet. This and more in our latest blog post https://…
RT @kopanobv: Want to be the first to hear about news and developments at Kopano? Sign up for our monthly #newsletter!…
RT @Vecchi_Paolo: @LDN_CDO @AdviceCloud @londoncouncils What an innovative idea... hold on a sec I presented that plan in 2016 but put #Ope…
RT @kopanobv: We just published the upcoming Kopano 101 & 102 admin trainings. Check out the website for all new dates.…
RT @kopanobv: The @Seafile plugin for Kopano version 1.0 is available. The plugin combines the best from the worlds of groupware and sync &…