Status of Meltdown / Spectre Patching
This page is updated regularly and contains information about the status of patching on SWITCHengines regarding the Meltdown / Spectre vulnerabilities.
On our forum, we have a detailed explanation of the vulnerabilites and implications.
2018-01-09: KVM / QEMU (which we use as the basis for the virtualization in SWITCHengines) are not vulnerable to Meltdown / Spectre as far as we know today and it should therefore not be possible for a SWITCHengine VM to get access to data from other VMs running on the same hypervisor.
2018-01-08: We are currently testing new kernels for our hypervisors that patch against Meltdown. We are following up with our hardware vendors for new firmware that contain Microcode patches that will mitigate against the Spectre vulnerability. Our infrastructure contains servers and CPUs of different generations, so it might take some time, before we have upgraded our complete infrastructure.
Before we roll out new kernels to our hypervisors, we are waiting for officially supported kernels by our provider (Ubuntu). We expect them to arrive on 2018-01-09. We will then again test the kernels and start to upgrade our hypervisors. Running VMs will mostly not be affected, because we live migrate VMs between hypervisors. In rare circumstances we will have to reboot VMs. The number of VMs we have to migrate make it impractical to determine exact date/times when they will be migrated or rebooted. We will announce general time frames as soon as we know more.
SWITCHengines provided images
VMs running on SWITCHengines will also need to be patched to newer kernels and rebooted.VMs created from our images will apply security fixes automatically, however it is necessary to reboot them manually for the changes to take effect.
We are waiting for the official upstream releases and will update all images as they become available. Here is the current status (2018-01-08)
- Debian Jessie - waiting for release, consider upgrading to Debian Stretch
- Debian Stretch - patched, new images are being built and tested
- Ubuntu Trusty (14.04) - waiting for release
- Ubuntu Xenial (16.04) - waiting for release
- CentOS 7.4 - waiting for release
- Fedora 25 - EOL, consider updating to new release
- Windows Server 2012 - waiting for release
- RStudio Applicance - waiting for release