Hi,
A serious vulnerbaility has bee detected named as meltdown and spectre. Details on how to verify and patch it are as follows:
Meltdown CPU Vulnerability CVE-2017-5754:
A very serious and critical security problem have been discovered in the Intel/AMD/ARM CPUs. Meltdown vulnerability allows hacker to break the isolation between operating system and the user applications. This attack will allow a program to access the memory of other programs and the operating system (secrets).
Spectre CPU Vulnerability CVE-2017-5753 and CVE-2017-5715:
Spectre CPU Vulnerability breaks the isolation between various applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.
Patches available on Linux:
1. Meltdown CPU Vulnerability: CVE-2017-5754
1. Spectre Vulnerability: CVE-2017-5753 and d
How to patch these vulnerabilities:
1. Check the kernel
2. Verify if the patch is applied or not:
At this point if you see no output, then your system requires patching..
3. Update the system to apply the patches:
4. Reboot the system and execute below command after reboot:
5. Verify the patches:
[root@24x7 ~]# rpm -q kernel-<new_version> --changelog | grep CVE-2017-5715
Positive output will ensure your system is patched.
A serious vulnerbaility has bee detected named as meltdown and spectre. Details on how to verify and patch it are as follows:
Meltdown CPU Vulnerability CVE-2017-5754:
A very serious and critical security problem have been discovered in the Intel/AMD/ARM CPUs. Meltdown vulnerability allows hacker to break the isolation between operating system and the user applications. This attack will allow a program to access the memory of other programs and the operating system (secrets).
Spectre CPU Vulnerability CVE-2017-5753 and CVE-2017-5715:
Spectre CPU Vulnerability breaks the isolation between various applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre.
Patches available on Linux:
1. Meltdown CPU Vulnerability: CVE-2017-5754
1. Spectre Vulnerability: CVE-2017-5753 and d
How to patch these vulnerabilities:
1. Check the kernel
[root@24x7 ~]# uname -r
<version>
<version>
2. Verify if the patch is applied or not:
- For Meltdown: CVE-2017-5754
[root@24x7 ~]# rpm -q kernel-<version> --changelog | grep CVE-2017-5754
- For Spectre : CVE-2017-5753 and CVE-2017-5715
[root@24x7 ~]# rpm -q kernel-<version> --changelog --changelog | grep CVE-2017-5753
[root@24x7 ~]# rpm -q kernel-<version> --changelog --changelog | grep CVE-2017-5715
[root@24x7 ~]# rpm -q kernel-<version> --changelog --changelog | grep CVE-2017-5715
At this point if you see no output, then your system requires patching..
3. Update the system to apply the patches:
[root@24x7 ~]# yum update
[root@24x7 ~]# yum update kernel (If kernel update is not passed in above update)
4. Reboot the system and execute below command after reboot:
[root@24x7 ~]# uname -r
<new_version>
<new_version>
5. Verify the patches:
- For Meltdown: CVE-2017-5754
[root@24x7 ~]# rpm -q kernel-<new_version> --changelog | grep CVE-2017-5754
- For Spectre : CVE-2017-5753 and CVE-2017-5715
[root@24x7 ~]# rpm -q kernel-<new_version> --changelog | grep CVE-2017-5753
[root@24x7 ~]# rpm -q kernel-<new_version> --changelog | grep CVE-2017-5715
Positive output will ensure your system is patched.