Spectre & Meltdown - Kernel Side-Channel Attacks

Incident Report for amazee.io

Resolved

*Ubuntu LTS*
We successfully updated and patched all Ubuntu LTS Servers during the emergency Maintenance Window last Thursday.

With this all Servers at amazee.io are patched against Spectre & Meltdown.
Posted Jan 15, 2018 - 12:31 UTC

Update

*Ubuntu LTS*:
Our tests of the patched Ubuntu kernel are positive and we are conducting an Emergency Maintenance tonight during the same hours like usual Maintenance.
Posted Jan 11, 2018 - 14:35 UTC

Update

*RedHat Enterprise Linux:*
We successfully updated and patched all RedHat Enterprise Servers during the regular Maintenance Window last night.

*Ubuntu LTS*:
Ubuntu released Kernel Patches yesterday January 9th. We are currently conducting tests with these new kernels and are planning to conduct an emergency maintenance in the night of Thursday 11th to Friday 12th January. We will update as soon as we have more information.
Posted Jan 10, 2018 - 15:00 UTC

Identified

We are actively monitoring and update all our Server to mitigate the Spectre & Meltdown attacks.
At amazee.io we are running two different Operating Systems: Ubuntu LTS and RedHat Enterprise Linux.

*RedHat Enterprise Linux*
RedHat released updates for their systems: https://access.redhat.com/security/vulnerabilities/speculativeexecution
We are actively updating and patching all Servers with these patches. Current estimation is that this is finished within 24h.

*Ubuntu LTS*
Ubuntu has no official patches yet: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
As soon as patches are released we will start updating and patching all Servers.
Posted Jan 09, 2018 - 17:48 UTC
This incident affected: General (Lagoon API, Deployment Infrastructure, Nameservers).