Last update: 29 jun. at 02.00 pm CET
(this table reflects the situation at a given moment and is constantly evolving.)
General information
As we communicated, OVH has been informed of the Spectre (CVE-2017-5753 and CVE-2017-5715) and Meltdown (CVE-2017-5754) security vulnerabilities, making a large part of computer equipment in operation vulnerable to potential attacks, particularly those equipped with Intel CPUs. Note than some AMD cpu may be affected too.
Some services, which are entirely managed by OVH, will not require any manipulation on your part: Domains, Metrics and Logs Data Platform, xDSL, VoIP, DBaaS, OVH Load Balancer, vRack, Exchange, MX Plan, Web Hosting, Cloud Desktop, VDI, CDN, Swift, CEPH, NAS-HA, Public Cloud Storage and Public Cloud Archive.
Securing certain other services such as Dedicated servers, Public Cloud instances, VPS or Private Cloud will require additional action on your part, consisting of applying the recommended update and patches of the operating system vendor of your servers.
To help you, we offer a non-exhaustive table listing the updates available for the main versions of the operating systems to find a patch to protect them against Meltdown and Spectre vulnerability. If you use another operating system, we recommend that you consult the documentation provided by the vendor to know if a patch is available to fix Meltdown and Spectre vulnerabilities.
You will also find a list of all affected Intel CPU. If you are using one of them, your system is potentially vulnerable, and you will need to install a patch against Meltdown and Spectre and/or update your kernel.
As a reminder, OVH provides self-managed machines which are the customer’s responsibility. Since we have no access to these machines we are not the administrators. It is your responsibility to manage software and install this patch against Meltdown or Spectre when available. Consequently, you will be responsible for potential instabilities.
Please note that you can also see the status of each OVH product in this page.
Moreover, here is a guide explaining how to update and patch your kernel to protect your system against Meltdown and Spectre if you're using an OVH image of your distribution.
Meltdown and Spectre patches availability per OS
|
|
OS
|
Spectre - Variant 1 *** Bounds Check Bypass (CVE-2017-5753) |
Spectre - Variant 2 *** Branch Target Injection (CVE-2017-5715) |
Meltdown *** Rogue Data Cache Load Meltdown (CVE-2017-5754) |
|---|---|---|---|---|
|
|
OS
|
Spectre - Variant 1 *** Bounds Check Bypass (CVE-2017-5753) |
Spectre - Variant 2 *** Branch Target Injection (CVE-2017-5715) |
Meltdown *** Rogue Data Cache Load Meltdown (CVE-2017-5754) |
|
|
||||
| Windows | Server 2008 |
NOT AVAILABLE upgrade to Windows Server 2008 R2
|
NOT AVAILABLE upgrade to Windows Server 2008 R2
|
NOT AVAILABLE upgrade to Windows Server 2008 R2
|
| Windows | Server 2008 R2 | |||
| Windows | Server 2012 |
NOT AVAILABLE upgrade to Windows Server 2012 R2
|
NOT AVAILABLE upgrade to Windows Server 2012 R2
|
NOT AVAILABLE upgrade to Windows Server 2012 R2
|
| Windows | Server 2012 R2 |
DONE |
||
| Windows | Server 2016 | |||
| VMware | vSphere 4.0/4.1/5.0/5.1 | |||
| VMware | vSphere 5.5 | |||
| VMware | vSphere 6.0/6.5 | |||
| Linux | Debian Wheezy | |||
| Linux | Debian Jessie | |||
| Linux | Debian Stretch | |||
| Linux | Debian Buster | |||
| Linux | Debian Sid | |||
| Linux | Red Hat Enterprise Linux 7 |
|||
| Linux | Red Hat Enterprise Linux 6 |
|||
| Linux | Red Hat Enterprise Linux 5 | |||
| Linux | Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | |||
| Linux | Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | |||
| Linux | Red Hat OpenStack Platform v 8/9/10/11/12 | |||
| Linux | CentOS 6 |
DONE |
||
| Linux | CentOS 7 |
DONE |
||
| Linux | Fedora 26 |
WAIT |
WAIT |
DONE |
| Linux | Fedora 27 |
WAIT |
WAIT |
DONE |
| Linux | SUSE OpenStack Cloud 6 | |||
| Linux | SUSE Linux Enterprise Server 11 SP3-LTSS | |||
| Linux | SUSE Linux Enterprise Server 11 SP4 | |||
| Linux | SUSE Container as a Service Platform ALL | |||
| Linux | Gentoo | |||
| Linux | Slackware 14 |
WAIT |
WAIT |
|
| Solaris | SmartOS | |||
| Linux | CloudLinux 6 | |||
| Linux | CloudLinux 7 | |||
| Linux |
Ubuntu
Ubuntu kernel updates addressing all three vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) across amd64, ppc64el and s390x are released in USN-3541-1 (Ubuntu 17.10), USN-3540-1 (Ubuntu 16.04 LTS), USN-3541-2 (Ubuntu 16.04 LTS (HWE)), USN-3542-1 (Ubuntu 14.04 LTS) and USN-3540-2 (Ubuntu 14.04 LTS (HWE)).
|
DONE https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown |
||
| Linux | OpenSuse Linux based upon SUSE 12/11 | |||
| Linux | Archlinux | |||
| Linux | OpenVZ | |||
| Linux | Proxmox 3.x |
WAIT |
WAIT |
WAIT |
| Linux | Proxmox 4.X |
DONE (/!\ partial /!\) https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/ |
DONE (/!\ partial /!\) https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/ |
|
| Linux | Proxmox 5.X |
DONE (/!\ partial /!\) https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/ |
DONE (/!\ partial /!\) https://forum.proxmox.com/threads/meltdown-and-spectre-linux-kernel-fixes.39110/ |
|
| Linux | CoreOS Container Linux (channels Stable/Beta/Alpha) | |||
| BSD |
DragonFlyBSD |
WAIT
|
WAIT |
|
| BSD |
FreeBSD |
|||
| BSD | OpenBSD |
WAIT |
WAIT |
WAIT |
| BSD | NetBSD |
WAIT |
WAIT |
WAIT |
Intel affected CPU list
Here is a non-exhaustive list of Intel processors affected by Meltdown and Spectre vulnerabilities :
- Intel Core™ i3 processor (45nm and 32nm)
- Intel Core™ i5 processor (45nm and 32nm)
- Intel Core™ i7 processor (45nm and 32nm)
- Intel Core™ M processor family (45nm and 32nm)
- 2nd generation Intel Core processors
- 3rd generation Intel Core processors
- 4th generation Intel Core processors
- 5th generation Intel Core processors
- 6th generation Intel Core processors
- 7th generation Intel Core processors
- 8th generation Intel Core processors
- Intel Core X-series Processor Family for Intel X99 platforms
- Intel Core X-series Processor Family for Intel X299 platforms
- Intel Xeon processor 3400 series
- Intel Xeon processor 3600 series
- Intel Xeon processor 5500 series
- Intel Xeon processor 5600 series
- Intel Xeon processor 6500 series
- Intel Xeon processor 7500 series
- Intel Xeon Processor E3 Family
- Intel Xeon Processor E3 v2 Family
- Intel Xeon Processor E3 v3 Family
- Intel Xeon Processor E3 v4 Family
- Intel Xeon Processor E3 v5 Family
- Intel Xeon Processor E3 v6 Family
- Intel Xeon Processor E5 Family
- Intel Xeon Processor E5 v2 Family
- Intel Xeon Processor E5 v3 Family
- Intel Xeon Processor E5 v4 Family
- Intel Xeon Processor E7 Family
- Intel Xeon Processor E7 v2 Family
- Intel Xeon Processor E7 v3 Family
- Intel Xeon Processor E7 v4 Family
- Intel Xeon Processor Scalable Family
- Intel Xeon Phi Processor 3200, 5200, 7200 Series
- Intel Atom Processor C Series
- Intel Atom Processor E Series
- Intel Atom Processor A Series
- Intel Atom Processor x3 Series
- Intel Atom Processor Z Series
- Intel Celeron Processor J Series
- Intel Celeron Processor N Series
- Intel Pentium Processor J Series
- Intel Pentium Processor N Series
All of them are affected. If you're using one of them, we strongly recommend you to update your system with the latest available patches.