Meltdown and Spectre CPU vulnerabilities

On 3 Jan 2018 security vulnerabilities were published regarding Intel and other processors, including those used in our servers, which could allow attackers to access sensitive data.

Our system engineers are following developments carefully and will ensure that all shared Web Hosting servers and Managed Servers receive the relevant updates. No action is required by customers of these services.

Action required for Self-Managed Servers

As the vulnerabilities can’t be fixed on the hardware level, OS developers are updating their operating systems to work around the error. For this reason, all customers with Self-Managed servers will need to patch the relevant OS on their server.

The vulnerabilities include 3 variants or attack vectors, and are known as

• Spectre (variants 1 and 2)
• Meltdown (variant 3)

Operating System patches

Refer to the relevant Security Advisory for your Operating System

Debian

• Security Advisory
  • https://security-tracker.debian.org/tracker/CVE-2017-5715
  • https://security-tracker.debian.org/tracker/CVE-2017-5753
  • https://security-tracker.debian.org/tracker/CVE-2017-5754

Ubuntu

Announcement: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

• Security Advisory
  • https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5715.html
  • https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5753.html
  • https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5754.html

RedHat / CentOS

Announcement: https://access.redhat.com/security/vulnerabilities/speculativeexecution

• Security Advisory
  • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-5715
  • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-5753
  • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-5754

OpenSUSE

Announcement: https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00001.html

• Security Advisory
  • https://www.suse.com/security/cve/CVE-2017-5715/
  • https://www.suse.com/security/cve/CVE-2017-5753/
  • https://www.suse.com/security/cve/CVE-2017-5754/

Archlinux

• Security Advisory
  • https://security.archlinux.org/CVE-2017-5715
  • https://security.archlinux.org/CVE-2017-5753
  • https://security.archlinux.org/CVE-2017-5754

Microsoft Windows

Announcement: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

• Security Advisory
  • https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180002