Brand Claim Brand Claim
by Kurt Garloff

February 2018

All Linux images received significant work on the bootup speed:

  • The platform got a better performing Metadata Service (MDS)
  • The network start scripts were tuned (wait times, waiting for mds, ...)
  • cloud-init > 0.7.6 received a patch removing unnecessary retries on 404
  • The generation of an optimized initrd on the kiwi built images was pushed into the background

Updated SUSE images provided on 2018-02-15. Major changes over previous versions:

  • The SUSE images now use the retpoline approach to mitigate Spectre V2 (CVE-2017-5715):
    • This results in a much lower performance impact compared to full IBC, see https://imagefactory.otc.t-systems.com/Blog-Review/SpecExLeak/Benchmarks.html
    • It is available also for CPUs without (stable) microcode support for IBC.
    • Minimal IBC (IBPB) is used on Broadwell and newer CPUs to make it fully secure.
    • The 4.4 kernels from openSUSE42.3 and SLES12SP3 and SP2 were delivered in early February, the kernels for SLES12SP1 and SLES11SP4 in the last week of Feb.

Updated Debian images provided on 2018-02-23. Major changes over previous versions:

  • Debian-9

    • Security fix for Spectre V1 (CVE-2017-5753) and Spectre V2 (CVE-2017-5715)

      new version Debian 4.9.82-1+deb9u2

Updated Windows images provided on 2018-02-16. Major changes over previous versions:

  • OTC Windows Self-Managed - Release 2018-02-14-0

  • image disk size now 40GB for all images

  • added February 2018 MS Patches
  • Windows Server 2008 R2
    • Windows Malicious Software Removal Tool x64 - February 2018 (KB890830)
    • 2018-02 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4076492)
    • Cumulative Security Update for Internet Explorer 11 for Windows Server 2008 R2 for x64-based Systems (KB4074736)
    • 2018-02 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB4074587)
    • 2018-02 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4074598) )
  • Windows Server 2012 R2
    • Windows Malicious Software Removal Tool x64 - February 2018 (KB890830)
    • Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB4074736)
    • 2018-02 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4074594)
    • 2018-02 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4074597)
  • Windows Server 2016
    • Update for Windows Defender antimalware platform - KB4052623 (Version 4.12.17007.18011)
    • Windows Malicious Software Removal Tool x64 - February 2018 (KB890830)
    • 2018-02 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4074590)
  • Included driver and tools:
    • XEN GPL driver: 3.0.144.590 (unchanged)
    • KVM UVP Vmtools: 2.5.0.102 (unchanged)
    • Intel SRIOV (High Performance ) driver : Version 22.0, January 27, 2017 (unchanged)
    • NVIDIA vGPU driver: 369.71 (unchanged)
    • NVIDIA pGPU driver: 390.65 (new)
    • Cloudbase-Init: 9.12 (unchanged)