Mitigating Meltdown and Spectre - Linux

Patches for Meltdown & Spectre are being released by the different Linux vendors at variable rates.This guide will evolve as we discover more information.  Please subscribe to receive notifications of updates.

Apply CPU microcode updates

If you have a Dedicated Server, you will need to apply a firmware update to your CPU. Depending on your server's CPU, these updates and instructions on their application will become available via Intel's download centre.

If you are using cloud based products then our engineers are working on the application of the necessary hardware fixes. 

Patch your Operating System

Our primary advice is to check your kernel version against the list of known patches, update if required, reboot your server and ensure you are then using the recommended patch.

Please refer to the documentation made available below for information on which patches should be applied to mitigate Meltdown & Spectre.

Updating RedHat, CentOS

$ uname -a
$ yum clean all
$ yum update
$ rpm -q kernel
$ reboot
...
$ uname -a

Updating Debian/Ubuntu

$ uname -a
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo shutdown -r now
...
$ uname -a

Further information on OS patches

RedHat/CentOS

More information on how RedHat/CentOS is handling Meltdown & Spectre can be found at https://access.redhat.com/security/vulnerabilities/speculativeexecution.  You can read an overview of how the issue affects RedHat/CentOS, its impact and ultimately how to resolve each version of the RedHat/CentOS OS.

RedHat/CentOS 6

Three security advisories have been released for RedHat/CentOS 6 detailing security updates required.

https://access.redhat.com/errata/RHSA-2018:0008

https://access.redhat.com/errata/RHSA-2018:0024

https://access.redhat.com/errata/RHSA-2018:0030

RedHat/CentOS 7

Five security advisories have been released for RedHat/CentOS 7 detailing security updates required.

https://access.redhat.com/errata/RHSA-2018:0007

https://access.redhat.com/errata/RHSA-2018:0016

https://access.redhat.com/errata/RHSA-2018:0029

https://access.redhat.com/errata/RHSA-2018:0023

https://access.redhat.com/errata/RHBA-2018:0042

Ubuntu

Further information made available by Ubuntu:

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5715.html

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5753.html

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5754.html

Ubuntu have not released updates as yet, but have said that they will be released by the 9th Jan.

Debian

Further information made available by Debian:

https://security-tracker.debian.org/tracker/CVE-2017-5753 

https://security-tracker.debian.org/tracker/CVE-2017-5715 

https://security-tracker.debian.org/tracker/CVE-2017-5754 

Arch Linux

There is currently a patch for Meltdown (Variant 3) 5754 which was fixed in version 4.14.11-1

Further information made available by Arch:

https://security.archlinux.org/CVE-2017-5753

https://security.archlinux.org/CVE-2017-5715

https://security.archlinux.org/CVE-2017-5754 

openSUSE leap 42.2

Further information made available by openSUSE:

https://www.suse.com/security/cve/CVE-2017-5753

https://www.suse.com/security/cve/CVE-2017-5715

https://www.suse.com/security/cve/CVE-2017-5754

 
  • Patches for Meltdown & Spectre, Mitigating Meltdown and Spectre - Linux, AMD, INTEL, ARM, Vulnerabilities on ARM
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Say NO to Trespassers, DDoS Attackers and Hijackers from your WordPress Site by Restricting Access to wp-admin

Late last month the Internet faced one of the biggest DDoS attacks in the history. With not even...

Simple Security Tips

Always Update your software :- Hackers and malicious code can exploit security holes in a...

The future of computing is in Meltdown

The Meltdown It’s recently been revealed that a design flaw in basically all of the world’s...

Clearing your DNS cache

Overview Your DNS cache stores the locations (IP addresses) of webservers that contain pages...

Why are my emails treated as SPAM?

Most email service providers use complex anti-spam filters. These filters usually determine which...