Security update for Riada Cloud customers

Wednesday 10-Jan-2018 we patched all of our systems with the new Linux kernel mitigating recent exploits enabled through a bug in Intel cpu’s.

Why did this occur?
Recently there was a disclosure about a kernel space vulnerability named CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 aka Spectre and Meltdown. The public disclosure was set for Tuesday 09-Jan-2018 but was released earlier in side channels which accelerated the work to mitigate this problem from vendors.

What was affected?
Our whole server platform was affected by this but since we patched this is no longer an issue.

Our goals
Riada’s goal is to keep our customers as secure as possible and always patch known vulnerability within 48h of released fix.
We monitor the security community closely to be up to date with information that affects our services we provide.

Future Updates
We are working on a new data flow to give our customers better information about our services, as our customer you will receive an email about emergency maintenance at least 4 hours before we begin our work. We suspect there will be more patches regarding this bug as the security community keeps researching this problem.

Further information
Ubuntu: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
AWS: https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
Meltdown & Spectre https://meltdownattack.com/

No Comments

Post A Comment