Meltdown and Spectre Vulnerabilities

KH-Jonathan

Director of Managed Services
Staff member
By now you've likely heard of the Meltdown and Spectre Vulnerabilities. This forum thread will be used to inform you of the steps we're taking to patch these vulnerabilities.

meltdown-spectre-kernel-vulnerability.jpg


Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.
Source: https://spectreattack.com/

As of this post, patches for CentOS 6 and 7 have been released from RedHat and rebuilt/released to the CentOS repositories.

Microcode updates are expected from Intel next week which will require further reboots for some service types.

The impact varies depending upon service type.

Cloud
Our cloud platform back-end was fully patched as of yesterday (1/4/18). The kernels inside of customer VMs will need to be updated and we will be reaching out to customers regarding this.
1/4/18 1200 CST: Patched

Managed SSD VPS (MVPS-*/VPS-*/SSD-*/VS* packages)
Patches have not been released for this platform as of yet. We are eagerly awaiting both upstream patches and patches from our live-update kernel vendor. We do not yet know if live-patching the kernel will be possible for all of the vulnerabilities. Once the upstream patches come out we will have more information to make an informed decision on exactly how to proceed.

No action will be necessary for customers on these packages.
1/5/18 1100 CST: Awaiting Upstream Patches
1/6/18 0438 CST: Upstream Patches Release. Awaiting live patches from vendor to avoid reboots.
2/8/18 0600 CST: Patches in place on a small subset of servers for testing. Patches were applied live with no customer impact.

2/10/18 1800 CST: Patched

Dedicated Servers
We are in the process of reaching out to all customers with dedicated servers regarding the patch. A reboot of your server will be required.
1/5/18 1100 CST: In Progress
1/5/18 2140 CST: All customers notified

1/6/18 1200 CST: All automatic patches complete - some customers couldn't be automatically patched and have been informed of such to work with us further.

Managed WordPress Hosting
Patching of our Managed WP Hosting infrastructure will be completed today. (1/5/18). No customer action is required.
1/5/18 1100 CST: Patched Pending Scheduled Reboot Window
1/5/18 1300 CST: Patched




For more information about these vulnerabilities please see:
https://access.redhat.com/errata/RHSA-2018:0007
https://access.redhat.com/errata/RHSA-2018:0008
https://spectreattack.com/
 
Last edited:
Is this why I keep getting these email notifications?

lfd on host.EXAMPLE-DOMAIN.com: SSH login alert for user ksupport from 192.251.128.16 (US/United States/sl-16.noc.al.privatesystems.net)
 

KH-Jonathan

Director of Managed Services
Staff member
Is this why I keep getting these email notifications?

lfd on host.EXAMPLE-DOMAIN.com: SSH login alert for user ksupport from 192.251.128.16 (US/United States/sl-16.noc.al.privatesystems.net)
Yes we are preparing your server for automatic patching. You'll be receiving an email/ticket shortly with more information.
 
Top