Status of Meltdown and Spectre vulnerabilities

It is undeniable that Open Source isn't just delivering the building blocks of our digital world but, thanks to the growing number of involved professionals, is helping in making our infrastructures more secure.
Thanks to the efforts of developers and researchers several software and hardware vulnerabilities are being constantly discovered and fixed.

One of the latest discoveries made by independent researchers, probably tipped by a presentation made by Anders Fogh at the BlackHat Conference in 2016, is that serious security flaws have been baked into computer chips for decades. It may be surprising that serious flaws may remain undiscovered for such a long time but most processors manufacturers aren't very open regarding the design of their products so it may take a lot of time and patience to tests and confirm those vulnerabilities by, nearly, blindly testing any formulated hypothesis.

Much has been and can be said about it but most of you may wonder "Should I start panicking?"

 

Simple answers:

Don't panic if you own and control your virtualisation infrastructure (private Cloud) and run trusted workloads
Do panic if you run your workloads in a public Cloud or shared virtual environment

 

Should you do something about it?

Those that, unfortunately, haven't yet discovered that private Cloud can be a lot more cost effective than public Cloud should have received notifications by their providers that patches are being applied to the virtualisation environment and that client should get patching their own virtual machines as well.

Until your Cloud provider applies patches to the hypervisor and related CPU microcode then there isn't much you can do about it so just relax but hope there are no people sharing the host with you that want to test if the exploits work. Keep in mind that some early patches applied by your Cloud providers may affect the stability of your VMs. We noticed that some vendors issued some updates but quickly withdrawn them when they realised they where causing problems.

Once you get confirmation from your provider that the patches have been tested and applied then proceed to install the updates available for the vendors we represent.

Note: patches that mitigate some of the issues will affect performances, some say between 5 to 30%, so be prepared to see your monthly Cloud bill to go up.

Are Omnis Systems partners and customers affected?

Many of our partners demonstrated to their customers that, using the right solutions, an on-premises virtualisation platform or Private Cloud is a lot more efficient than a Public Cloud so there is generally no need to rush to apply patches for the solutions we distribute.

However, there are situation where the solutions we distribute may have been virtualised on a Public Cloud so apply the updates below as soon as you get confirmation that the hypervisors have been patched with a stable and tested release.

Updates from our partners

If you are running your virtual machines in untrusted environments do follow our partners advice on how to apply updates to mitigate the risks:

Collax Simply Linux
 


OnApp Private Cloud

 Univention Logo 180x45


NComputing VERDE VDI 144x50

NComputing VERDE is deployed on stock CentOS so make sure you are running version 6.9 or 7 and follow the usual update steps.

Regarding the other solutions we supply please follow the instructions related to the Linux distribution you are using.

More resources about Meltdown and Spectre

Many articles and blog posts have been written about these vulnerability but most of what you need to know about them and if you look for links to many of the vendors involved then head to the Meltdown and Spectre attack site.

 

Omnis Systems Tweets

RT @Nextclouders: .@univention corporate server makes it easy to integrate #nextcloud in your Active Directory domain. Here is how! https:/…
RT @zackwhittaker: New: University researchers said they were given non-anonymized Dropbox user data on nearly half-a-million academics, an…
RT @Vecchi_Paolo: @kopanobv As shown during my talk at a #GDPR event in #Luxembourg, Public #Cloud services are a liability for many types…
RT @felixbartels: @ThePSF at @kopanobv we are not only producing open source software ourselves, but are also looking and working at apps a…
RT @Vecchi_Paolo: @OnApp Link seems to be broken. I bit of a shame I won't be able to follow the webinar as I'll be meeting another #vCloud