Posted on January 26, 2018 by Jonathan Hult
The Oracle Cloud teams have developed and deployed new Cloud VM images in response to the Intel processor design flaws leading to vulnerabilities CVE-2017-5715 (Spectre V2) and CVE-2017-5753 (Spectre V1) and CVE-2017-5754 (Meltdown). Please note that new IaaS VM service images launched from Unbreakable Enterprise Kernel (UEK) Release 4 base Oracle Linux (OL) images will contain the current applicable patches for these vulnerabilities, however mitigation against CVE-2017-5715 (Spectre v2) will only be completed when updated microcode is released by Intel and deployed by Oracle in future Cloud VM images. Future Windows images may also contain the applicable patches (if included by Microsoft).
Customers running OL6/7 UEK4 service images (IaaS and PaaS VMs) can perform manual patch updates to their UEK4 kernel by following the instructions posted here.
For more information, please contact us or reach out to your Mythics Account Manager.
Jonathan Hult, Senior Innovation Engineer, Mythics, Inc.
Connect with Jonathan Hult on LinkedIn!