Hetzner - DokuWiki

Spectre and Meltdown/en

Inhaltsverzeichnis

Information about the vulnerabilities

On January 3rd, 2018, several security vulnerabilities within the microarchitecture of most modern processors were published, which could have the following results:

Those vulnerabilities are now known as:

For further information on this topic, please check the following resources:

Affected Products

We are still in the process of determining all of our affected products. So far, we have been able to confirm that the following products are affected:

Current Generation

AX-Line

  • affected by Variant 1 & 2:
    • AX50-SSD
    • AX60-SSD
    • AX160-NVMe
    • AX160-SSD
  • microcode updates are rolling out, which address CVE-2017-5715 for Zen:
amd64-microcode (3.20171205.1) unstable; urgency=high
 * New microcode updates (closes: #886382):
   sig 0x00800f12, patch id 0x08001213, 2017-12-05
   Thanks to SuSE for distributing these ahead of AMD's official release!
 * Add IBPB support for family 17h AMD processors (CVE-2017-5715)
 * README: describe source for faml17h microcode update
 * Upload to unstable to match IBPB microcode support on Intel in Debian
   unstable.
 * WARNING: requires at least kernel 4.15, 4.14.13, 4.9.76, 4.4.111 (or a
   backport of commit f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf
   "x86/microcode/AMD: Add support for fam17h microcode loading") otherwise
   it will not be applied to the processor.

Check the update on the AMD page for more information about the microcode update:

EX-Line

  • EX41
  • EX41-SSD
  • EX41S
  • EX41S-SSD
  • EX51
  • EX51-SSD
  • EX51-SSD-GPU

PX-Line

  • PX61
  • PX61-SSD
  • PX61-NVMe
  • PX91
  • PX91-SSD
  • PX121
  • PX121-SSD

DX-Line

Announcement: http://www.dell.com/support/article/de/de/debsdt1/sln308588/microprocessor-side-channel-attacks--cve-2017-5715--cve-2017-5753--cve-2017-5754---impact-on-dell-emc-products--dell-enterprise-servers--storage-and-networking-?lang=en

  • DX141 (Dell R530)
  • DX151 (Dell R730)
  • DX291 (Dell R730)

SX-Line

  • SX61
  • SX131
  • SX291

Managed Servers

  • MX90
  • MX90-SSD
  • MX121
  • MX120-SSD
  • MX151-SSD

Previous Generations

  • AX10 (Cortex A15 + A7)
  • AX20 (Cortex A15 + A7)
  • AX30 (Cortex A15 + A7)
  • DX150 (R720)
  • DX290 (R720)
  • EQ4
  • EQ6
  • EQ8
  • EQ9
  • EQ10
  • EX4
  • EX4S
  • EX5
  • EX6
  • EX6S
  • EX8
  • EX8S
  • EX10
  • EX40
  • EX40-SSD
  • EX40-Hybrid
  • EX60
  • MQ7
  • MQ9
  • MQ10
  • MX120
  • MX150-SSD
  • MX151
  • PX60
  • PX60-SSD
  • PX70
  • PX70-SSD
  • PX90
  • PX90-SSD
  • PX120
  • PX120-SSD
  • SX60
  • SX130
  • SX290
  • XS13
  • XS29

Under Review

The following products are still under review and may be added to the affected list if new information regarding the used CPUs of these models are published:

  • DS3000
  • DS5000
  • DS7000
  • DS8000
  • DS9000
  • PX80

Update / Upgrade Path

Hardware / BIOS / Firmware

We are working with the respective manufacturers regarding firmware updates and will provide them as soon as possible.

We will keep a list of all updates which are available here:

Firmware Updates

The Microcode updates should also be available soon via the operating system updates.

Software / Operating System

Information about upcoming patches for all of our supported operating systems can be found in their specific bug tracker:


Debian

Ubuntu

Announcement: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

RedHat / CentOS

Announcement: https://access.redhat.com/security/vulnerabilities/speculativeexecution

OpenSUSE

Announcement: https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00001.html

Archlinux

Microsoft Windows

Announcement: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution-s

other Operating Systems

Information about upcoming patches for not officially supported operating systems:

VMware

Announcement: https://blogs.vmware.com/security/2018/01/vmsa-2018-0002.html

Webhosting/Managed Servers

The host systems will be updated to fix the vulnerabilities as soon as possible. The necessary reboots will be announced on Hetzner Status.

Since we manage your servers for you, you do not need to take any precautions for now.

Update 2018-01-09: The Update for Meltdown has been applied

Virtual Servers (VQ/VX/CX)

The host systems will be updated to fix the vulnerabilities as soon as possible. The necessary reboots will be announced on Hetzner Status. You may subscribe to be notified.

Since the installed operating system may still be vulnerable, you need to install the updates, which provide the fixes, as soon as possible yourself. For more information on when the OS updates will be available, please check the links above.



© 2018. Hetzner Online GmbH. Alle Rechte vorbehalten.