Documentation OVH

Find your patch for Meltdown and Spectre


Last update: 29 jun. at 02.00 pm CET

(this table reflects the situation at a given moment and is constantly evolving.)

 

General information

 

As we communicated, OVH has been informed of the Spectre (CVE-2017-5753 and CVE-2017-5715) and Meltdown (CVE-2017-5754) security vulnerabilities, making a large part of computer equipment in operation vulnerable to potential attacks, particularly those equipped with Intel CPUs. Note than some AMD cpu may be affected too. 

Some services, which are entirely managed by OVH, will not require any manipulation on your part: Domains, Metrics and Logs Data Platform, xDSL, VoIP, DBaaS, OVH Load Balancer, vRack, Exchange, MX Plan, Web Hosting, Cloud Desktop, VDI, CDN, Swift, CEPH, NAS-HA, Public Cloud Storage and Public Cloud Archive.

Securing certain other services such as Dedicated servers, Public Cloud instances, VPS or Private Cloud will require additional action on your part, consisting of applying the recommended update and patches of the operating system vendor of your servers.

 

To help you, we offer a non-exhaustive table listing the updates available for the main versions of the operating systems to find a patch to protect them against Meltdown and Spectre vulnerability. If you use another operating system, we recommend that you consult the documentation provided by the vendor to know if a patch is available to fix Meltdown and Spectre vulnerabilities. 

You will also find a list of all affected Intel CPU. If you are using one of them, your system is potentially vulnerable, and you will need to install a patch against Meltdown and Spectre and/or update your kernel.

 

As a reminder, OVH provides self-managed machines which are the customer’s responsibility. Since we have no access to these machines we are not the administrators. It is your responsibility to manage software and install this patch against Meltdown or Spectre when available. Consequently, you will be responsible for potential instabilities.

 

Please note that you can also see the status of each OVH product in this page.

Moreover, here is a guide explaining how to update and patch your kernel to protect your system against Meltdown and Spectre if you're using an OVH image of your distribution.

 

 Meltdown and Spectre patches availability  per OS



 
OS

Spectre - Variant 1

***

Bounds Check Bypass

(CVE-2017-5753)

Spectre - Variant 2

***

Branch Target Injection

(CVE-2017-5715)

Meltdown

***

Rogue Data Cache Load

Meltdown

(CVE-2017-5754)

     
In addition of the software patch, CPU Microcode need to be updated by OVH to totally fix Spectre 2.
 
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2

DONE

Windows Server 2016
VMware vSphere 4.0/4.1/5.0/5.1
VMware vSphere 5.5
VMware vSphere 6.0/6.5
Linux Debian Wheezy
Linux Debian Jessie
Linux Debian Stretch
Linux Debian Buster
Linux Debian Sid
Linux Red Hat Enterprise Linux 7
Linux Red Hat Enterprise Linux 6
Linux Red Hat Enterprise Linux 5
Linux Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7
Linux Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7
Linux Red Hat OpenStack Platform v 8/9/10/11/12
Linux CentOS 6

DONE

Linux CentOS 7

DONE

Linux Fedora 26

WAIT

WAIT

DONE

Linux Fedora 27

WAIT

WAIT

DONE

Linux SUSE OpenStack Cloud 6
Linux SUSE Linux Enterprise Server 11 SP3-LTSS
Linux SUSE Linux Enterprise Server 11 SP4
Linux SUSE Container as a Service Platform ALL
Linux Gentoo
Linux Slackware 14

WAIT

WAIT

Solaris SmartOS
Linux CloudLinux 6
Linux CloudLinux 7
Linux

Ubuntu

 

Ubuntu kernel updates addressing all three vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) across amd64, ppc64el and s390x are released in USN-3541-1 (Ubuntu 17.10), USN-3540-1 (Ubuntu 16.04 LTS), USN-3541-2 (Ubuntu 16.04 LTS (HWE)), USN-3542-1 (Ubuntu 14.04 LTS) and USN-3540-2 (Ubuntu 14.04 LTS (HWE)).

DONE

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

Linux OpenSuse Linux based upon SUSE 12/11
Linux Archlinux
Linux OpenVZ
Linux Proxmox 3.x

WAIT

WAIT

WAIT

Linux Proxmox 4.X
Linux Proxmox 5.X
Linux CoreOS Container Linux (channels Stable/Beta/Alpha)
BSD

DragonFlyBSD

 WAIT

 

 WAIT

BSD

 FreeBSD

BSD  OpenBSD

 WAIT

 WAIT

 WAIT

BSD  NetBSD

 WAIT

 WAIT

 WAIT

 

Intel affected CPU list

Here is a non-exhaustive list of Intel processors affected by Meltdown and Spectre vulnerabilities :

  • Intel Core™ i3 processor (45nm and 32nm)
  • Intel Core™ i5 processor (45nm and 32nm)
  • Intel Core™ i7 processor (45nm and 32nm)
  • Intel Core™ M processor family (45nm and 32nm)
  • 2nd generation Intel Core processors
  • 3rd generation Intel Core processors
  • 4th generation Intel Core processors
  • 5th generation Intel Core processors
  • 6th generation Intel Core processors
  • 7th generation Intel Core processors
  • 8th generation Intel Core processors
  • Intel Core X-series Processor Family for Intel X99 platforms
  • Intel Core X-series Processor Family for Intel X299 platforms
  • Intel Xeon processor 3400 series
  • Intel Xeon processor 3600 series
  • Intel Xeon processor 5500 series
  • Intel Xeon processor 5600 series
  • Intel Xeon processor 6500 series
  • Intel Xeon processor 7500 series
  • Intel Xeon Processor E3 Family
  • Intel Xeon Processor E3 v2 Family
  • Intel Xeon Processor E3 v3 Family
  • Intel Xeon Processor E3 v4 Family
  • Intel Xeon Processor E3 v5 Family
  • Intel Xeon Processor E3 v6 Family
  • Intel Xeon Processor E5 Family
  • Intel Xeon Processor E5 v2 Family
  • Intel Xeon Processor E5 v3 Family
  • Intel Xeon Processor E5 v4 Family
  • Intel Xeon Processor E7 Family
  • Intel Xeon Processor E7 v2 Family
  • Intel Xeon Processor E7 v3 Family
  • Intel Xeon Processor E7 v4 Family
  • Intel Xeon Processor Scalable Family
  • Intel Xeon Phi Processor 3200, 5200, 7200 Series
  • Intel Atom Processor C Series
  • Intel Atom Processor E Series
  • Intel Atom Processor A Series
  • Intel Atom Processor x3 Series
  • Intel Atom Processor Z Series
  • Intel Celeron Processor J Series
  • Intel Celeron Processor N Series
  • Intel Pentium Processor J Series
  • Intel Pentium Processor N Series

All of them are affected. If you're using one of them, we strongly recommend you to update your system with the latest available patches.


Cet article vous a-t-il été utile ?

Génial ! Ravi d'avoir pu vous aider.

Pourquoi n'êtes-vous pas satisfait ?

Merci votre avis a été pris en compte.


Ces guides pourraient également vous intéresser...