UPDATE – 6th January 1.03PM GMT 0
New Xen kernels are being tested by upstream which should hopefully fix booting issues of PV guests.
UPDATE – 6th January 12.15PM GMT 0
An updated kernel is available for OpenVZ on CentOS 6.
What better way to start 2018 than with news of two serious vulnerabilities in all kinds of computing devices! In this post we’ll summarize the problems and explain what SolusVM customers need to do.
The vulnerabilities, which have been named Meltdown and Spectre, are hardware bugs that were reported by security researchers on January 3rd 2018. They affect a large number of Intel, AMD and ARM computing architectures.
What are Meltdown and Spectre?
In brief, “Meltdown” affects the most fundamental isolation of user applications from the operating system, which could allow a program to access memory being used by another program, or the Operating System; while “Spectre” is reported to break the isolation between error-free applications. You can read more at https://meltdownattack.com/.
How does this affect your SolusVM software?
These issues are not specific to SolusVM, or any specific software application: they are created by hardware bugs that affect a large number of different computing platforms, from smartphones and desktop PCs to datacenter infrastructure.
From what we know today, it seems that the problems cannot be fixed at the hardware level: they have to be addressed by software patches at the OS level.
There are two potential impacts on your SolusVM software:
At the installer/package level. For new installs, we pull the relevant OS components direct from the repo: these should already be patched, apart from OpenVZ.
For existing SolusVM installs, you’ll need to update your OS components via yum in the usual way, specifically the kernel.
The following updates are available from upstream for your hypervisors:
KVM:
CentOS 7 – Updates available
CentOS 6 – Updates available
Xen:
CentOS 7 – Updates available
CentOS 6 – Updates available
If a Xen PV guest is updated to the new CentOS 6 kernel (2.6.32-696.18.7.el6.x86_64) it may prevent the guest from booting.
OpenVZ:
Virtuozzo Linux 7 – No updates available as of yet
CentOS 6 – Updates available
Keep an eye on this blog post, and the @SolusVM twitter feed, for the latest news.