Meltdown and Spectre are the two new side channel attacks that exploit newly-discovered vulnerabilities hitting number of computer CPU processors and crippling operations. These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.

Debian was impacted by these vulnerabilities and in turn impacts all the supported versions Rovius CP i.e. 4.5, 4.5.1, 4.7, 4.7.1 and 4.11.

Following are the vulnerabilities for Meltdown: 

Debian has fixed the Meltdown vulnerability CVE-2017-5754. Accelerite has incorporated the fix from Debian in the SystemVM Templates and released new SystemVM Templates.

Click Here for the details of the new SystemVM Templates, install scripts, and installation instructions.

Red Hat and CentOS are among the impacted Management Server OSs. For details, refer to https://access.redhat.com/security/vulnerabilities/speculativeexecution.

In addition, various Hypervisors supported by Rovius CP were also impacted. Please check with respective Hypervisors for the current status of the fixes for these vulnerabilities.

• Citrix XenServer: https://support.citrix.com/article/ctx231390
• VMware: https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
• HyperV: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
• KVM: https://www.qemu.org/2018/01/04/spectre/

Debian is yet to fix the Spectre vulnerability. This is being tracked by the following:

Accelerite shall incorporate the Spectre fix from Debian in the SystemVM Templates and release new SystemVM Templates as and when the fix is available from Debian.

We aim to keep posting updates here to provide the best protection for all our customers. Please watch this space.

If you have any more questions, please write to us at support@accelerite.com