{"id":27104,"date":"2019-05-16T13:26:46","date_gmt":"2019-05-16T11:26:46","guid":{"rendered":"https:\/\/hetzner.co.za\/help-centre\/?p=27104"},"modified":"2022-11-10T11:49:06","modified_gmt":"2022-11-10T09:49:06","slug":"cpu-vulnerabilities","status":"publish","type":"post","link":"https:\/\/xneelo.co.za\/help-centre\/website\/managing-website\/cpu-vulnerabilities\/","title":{"rendered":"Intel CPU vulnerabilities"},"content":{"rendered":"<p><span style=\"font-weight: 400\">On 14 May 2019 security vulnerabilities were published regarding Intel and other processors, including those used in our servers, which could allow attackers to access sensitive data.<\/span><\/p>\n<h2>Action required for Self-Managed Servers<\/h2>\n<p><span style=\"font-weight: 400\">As the vulnerabilities can\u2019t be fixed on the hardware level, OS developers are updating their operating systems to work around the error. For this reason, <\/span><b>you will need to patch the relevant OS on your Self-Managed server.<\/b><\/p>\n<p><span style=\"font-weight: 400\">The Microarchitectural Data Sampling (MDS) attacks, include <\/span><a href=\"https:\/\/cpu.fail\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400\">3 variants or attack vectors<\/span><\/a><span style=\"font-weight: 400\">, and are known as; <\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Fallout attack <\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Zombieload<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Rogue In-Flight Data Load (RIDL)<\/span><\/li>\n<\/ul>\n<h2><span id=\"Software_.2F_Operating_System\" class=\"mw-headline\">Operating System Patches<\/span><\/h2>\n<p>Refer to the relevant Security Advisory for your Operating System<\/p>\n<h3><span style=\"font-weight: 400\">Debian<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Security Advisory<\/span><\/p>\n<ul>\n<li><a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2018-12126\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/security-tracker.debian.org\/tracker\/CVE-2018-12126<\/a><\/li>\n<li><a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2018-12130\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/security-tracker.debian.org\/tracker\/CVE-2018-12130<\/a><\/li>\n<li><a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2018-12127\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/security-tracker.debian.org\/tracker\/CVE-2018-12127<\/a><\/li>\n<li><a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2019-11091\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/security-tracker.debian.org\/tracker\/CVE-2019-11091<\/a><\/li>\n<\/ul>\n<h3><span style=\"font-weight: 400\">Ubuntu<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Announcement: <\/span><a href=\"https:\/\/wiki.ubuntu.com\/SecurityTeam\/KnowledgeBase\/MDS\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400\">https:\/\/wiki.ubuntu.com\/SecurityTeam\/KnowledgeBase\/MDS<\/span><\/a><\/p>\n<p><span style=\"font-weight: 400\">Security Advisory<\/span><\/p>\n<ul>\n<li><a href=\"https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2018\/CVE-2018-12126.html\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400\">https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2018\/CVE-2018-12126.html<\/span><\/a><\/li>\n<li><a href=\"https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2018\/CVE-2018-12127.html\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400\">https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2018\/CVE-2018-12127.html<\/span><\/a><\/li>\n<li><a href=\"https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2018\/CVE-2018-12130.html\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400\">https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2018\/CVE-2018-12130.html<\/span><\/a><\/li>\n<li><a href=\"https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2019\/CVE-2019-11091.html\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400\">https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2019\/CVE-2019-11091.html<\/span><\/a><\/li>\n<\/ul>\n<h3><span style=\"font-weight: 400\">RedHat \/ CentOS<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Announcement: <\/span><a href=\"https:\/\/access.redhat.com\/security\/vulnerabilities\/mds\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400\">https:\/\/access.redhat.com\/security\/vulnerabilities\/mds<\/span><\/a><\/p>\n<p><span style=\"font-weight: 400\">Security Advisory<\/span><\/p>\n<ul>\n<li><a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2018-12126\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2018-12126<\/a><\/li>\n<li><a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2018-12130\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2018-12130<\/a><\/li>\n<li><a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2018-12127\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2018-12127<\/a><\/li>\n<li><a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2019-11091\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2019-11091<\/a><\/li>\n<\/ul>\n<h3><span style=\"font-weight: 400\">OpenSUSE<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Security Advisory<\/span><\/p>\n<ul>\n<li><a href=\"https:\/\/www.suse.com\/security\/cve\/CVE-2018-12126\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.suse.com\/security\/cve\/CVE-2018-12126\/<\/a><\/li>\n<li><a href=\"https:\/\/www.suse.com\/security\/cve\/CVE-2018-12130\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.suse.com\/security\/cve\/CVE-2018-12130\/<\/a><\/li>\n<li><a href=\"https:\/\/www.suse.com\/security\/cve\/CVE-2018-12127\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.suse.com\/security\/cve\/CVE-2018-12127\/<\/a><\/li>\n<li><a href=\"https:\/\/www.suse.com\/security\/cve\/CVE-2019-11091\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.suse.com\/security\/cve\/CVE-2019-11091\/<\/a><\/li>\n<\/ul>\n<h3><span style=\"font-weight: 400\">Microsoft Windows<\/span><\/h3>\n<p><span style=\"font-weight: 400\">Security Advisory<\/span><\/p>\n<ul>\n<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/adv190013\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"font-weight: 400\">https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/adv190013<\/span><\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false,"plain":"<span >On 14 May 2019 security vulnerabilities were published regarding Intel and other processors, including those used in our servers, which could allow attackers to access sensitive data.<\/span>\r\n<h2>Action required for Self-Managed Servers<\/h2>\r\n<span >As the vulnerabilities can\u2019t be fixed on the hardware level, OS developers are updating their operating systems to work around the error. For this reason, <\/span><b>you will need to patch the relevant OS on your Self-Managed server.<\/b>\r\n\r\n<span >The Microarchitectural Data Sampling (MDS) attacks, include <\/span><a href=\"https:\/\/cpu.fail\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span >3 variants or attack vectors<\/span><\/a><span >, and are known as; <\/span>\r\n<ul>\r\n \t<li ><span >Fallout attack <\/span><\/li>\r\n \t<li ><span >Zombieload<\/span><\/li>\r\n \t<li ><span >Rogue In-Flight Data Load (RIDL)<\/span><\/li>\r\n<\/ul>\r\n<h2><span id=\"Software_.2F_Operating_System\" class=\"mw-headline\">Operating System Patches<\/span><\/h2>\r\nRefer to the relevant Security Advisory for your Operating System\r\n<h3><span >Debian<\/span><\/h3>\r\n<span >Security Advisory<\/span>\r\n<ul>\r\n \t<li><a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2018-12126\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/security-tracker.debian.org\/tracker\/CVE-2018-12126<\/a><\/li>\r\n \t<li><a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2018-12130\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/security-tracker.debian.org\/tracker\/CVE-2018-12130<\/a><\/li>\r\n \t<li><a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2018-12127\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/security-tracker.debian.org\/tracker\/CVE-2018-12127<\/a><\/li>\r\n \t<li><a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2019-11091\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/security-tracker.debian.org\/tracker\/CVE-2019-11091<\/a><\/li>\r\n<\/ul>\r\n<h3><span >Ubuntu<\/span><\/h3>\r\n<span >Announcement: <\/span><a href=\"https:\/\/wiki.ubuntu.com\/SecurityTeam\/KnowledgeBase\/MDS\" target=\"_blank\" rel=\"noopener noreferrer\"><span >https:\/\/wiki.ubuntu.com\/SecurityTeam\/KnowledgeBase\/MDS<\/span><\/a>\r\n\r\n<span >Security Advisory<\/span>\r\n<ul>\r\n \t<li><a href=\"https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2018\/CVE-2018-12126.html\" target=\"_blank\" rel=\"noopener noreferrer\"><span >https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2018\/CVE-2018-12126.html<\/span><\/a><\/li>\r\n \t<li><a href=\"https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2018\/CVE-2018-12127.html\" target=\"_blank\" rel=\"noopener noreferrer\"><span >https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2018\/CVE-2018-12127.html<\/span><\/a><\/li>\r\n \t<li><a href=\"https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2018\/CVE-2018-12130.html\" target=\"_blank\" rel=\"noopener noreferrer\"><span >https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2018\/CVE-2018-12130.html<\/span><\/a><\/li>\r\n \t<li><a href=\"https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2019\/CVE-2019-11091.html\" target=\"_blank\" rel=\"noopener noreferrer\"><span >https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2019\/CVE-2019-11091.html<\/span><\/a><\/li>\r\n<\/ul>\r\n<h3><span >RedHat \/ CentOS<\/span><\/h3>\r\n<span >Announcement: <\/span><a href=\"https:\/\/access.redhat.com\/security\/vulnerabilities\/mds\" target=\"_blank\" rel=\"noopener noreferrer\"><span >https:\/\/access.redhat.com\/security\/vulnerabilities\/mds<\/span><\/a>\r\n\r\n<span >Security Advisory<\/span>\r\n<ul>\r\n \t<li><a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2018-12126\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2018-12126<\/a><\/li>\r\n \t<li><a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2018-12130\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2018-12130<\/a><\/li>\r\n \t<li><a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2018-12127\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2018-12127<\/a><\/li>\r\n \t<li><a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2019-11091\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2019-11091<\/a><\/li>\r\n<\/ul>\r\n<h3><span >OpenSUSE<\/span><\/h3>\r\n<span >Security Advisory<\/span>\r\n<ul>\r\n \t<li><a href=\"https:\/\/www.suse.com\/security\/cve\/CVE-2018-12126\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.suse.com\/security\/cve\/CVE-2018-12126\/<\/a><\/li>\r\n \t<li><a href=\"https:\/\/www.suse.com\/security\/cve\/CVE-2018-12130\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.suse.com\/security\/cve\/CVE-2018-12130\/<\/a><\/li>\r\n \t<li><a href=\"https:\/\/www.suse.com\/security\/cve\/CVE-2018-12127\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.suse.com\/security\/cve\/CVE-2018-12127\/<\/a><\/li>\r\n \t<li><a href=\"https:\/\/www.suse.com\/security\/cve\/CVE-2019-11091\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.suse.com\/security\/cve\/CVE-2019-11091\/<\/a><\/li>\r\n<\/ul>\r\n<h3><span >Microsoft Windows<\/span><\/h3>\r\n<span >Security Advisory<\/span>\r\n<ul>\r\n \t<li><a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/adv190013\" target=\"_blank\" rel=\"noopener noreferrer\"><span >https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/adv190013<\/span><\/a><\/li>\r\n<\/ul>\r\n&nbsp;\r\n\r\n&nbsp;"},"excerpt":{"rendered":"<p>On 14 May 2019 security vulnerabilities were published regarding Intel and other processors, including those used in our servers, which could allow attackers to access&#8230;<\/p>\n","protected":false},"author":23,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"lsx_disable_title":"0","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","footnotes":""},"categories":[168],"tags":[],"topics":[],"class_list":["post-27104","post","type-post","status-publish","format-standard","hentry","category-managing-website"],"acf":[],"additional_meta":{"category_title":[{"term_id":168,"name":"Managing your Website","slug":"managing-website","term_group":0,"term_taxonomy_id":168,"taxonomy":"category","description":"Managing your Website","parent":166,"count":52,"filter":"raw","term_order":"83","cat_ID":168,"category_count":52,"category_description":"Managing your Website","cat_name":"Managing your Website","category_nicename":"managing-website","category_parent":166}],"tag_title":false},"featured_image_src":null,"author_info":{"display_name":"janine.g","author_link":"https:\/\/xneelo.co.za\/help-centre\/author\/janine-g\/","author_avatar":"https:\/\/secure.gravatar.com\/avatar\/60563272a8fc98e284410c640884d1e02e7271b28f06b7526c5f7dd877cb33f9?s=96&d=mm&r=g"},"_links":{"self":[{"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/posts\/27104","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/comments?post=27104"}],"version-history":[{"count":0,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/posts\/27104\/revisions"}],"wp:attachment":[{"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/media?parent=27104"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/categories?post=27104"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/tags?post=27104"},{"taxonomy":"topics","embeddable":true,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/topics?post=27104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}