Brand Claim Brand Claim
by Kurt Garloff

January 2018

Updated images provided on 2018-01-26. Major changes over previous versions:

  • Ubuntu-14, Ubuntu-16

    • Security fix for Spectre Variant-1 (CVE-2017-5753)

      new version Ubuntu-14 with kernel 3.13.0-141-generic #190 new version Ubuntu-16 with kernel 4.4.0-112-generic #135

Updated Windows images provided on 2018-01-12. Major changes over previous versions:

  • OTC Windows Self-Managed - Release 2018-01-11-0

  • registry keys to enable the mitigations on the server against speculative execution side-channel vulnerabilities are set:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management, FeatureSettingsOverride, 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management, FeatureSettingsOverrideMask, 3 `HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization MinVmVersionForCpuBasedMitigations, 1.0

for details see: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

  • added January 2018 MS Patches
  • Windows Server 2008 R2
    • 2018-01 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4056890)
    • Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - January 2018 (KB8 90830)
  • Windows Server 2012 R2
    • 2018-01 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4056898)
    • 2018-01 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4056895)
    • Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - January 2018 (KB890830)
    • 2018-01 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 8.1 and Server 2012 R2 for x64 (KB4055271)
  • Windows Server 2016
    • 2018-01 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4056894)
    • Windows Malicious Software Removal Tool x64 - January 2018 (KB890830)
    • 2018-01 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4055269)
    • 2018-01 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4055532)
  • Included driver and tools:

    • XEN GPL driver: 3.0.144.590 (unchanged)
    • KVM UVP Vmtools: 2.5.0.102 (unchanged)
    • Intel SRIOV (High Performance ) driver : Version 22.0, January 27, 2017 (unchanged)
    • NVIDIA vGPU driver: 369.71 (unchanged)
    • NVIDIA pGPU driver: 385.54 (unchanged)
    • Cloudbase-Init: 9.12 (unchanged)
  • In pGPU image NVIDIA driver mode is set to TCC per default. Can be changed to WDDM by running :

    "C:\Program Files\NVIDIA Corporation\NVSMI\nvidia-smi.exe" -dm 0

Updated images provided on 2018-01-08. Major changes over previous versions:

  • Debian-9

    • Security fix for Meltdown (CVE-2017-5754)

      new version Debian 4.9.65-3+deb9u2

  • Fedora-26

    • Security fix for Meltdown (KPTI)

      new version Fedora 4.14.11-200.fc26.x86_64

Updated images provided on 2018-01-05. Major changes over previous versions:

  • CentOS-6, CentOS-7

    • Security fix for Meltdown and Spectre (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)

      new version CentOS-7 3.10.0-693.11.6.el7.x86_64

      new version CentOS-6 2.6.32-696.18.7.el6.x86_64

All the other Images were updated as well on Jan 5 or the following handful of days, see https://imagefactory.otc.t-systems.com/Blog-Review/SpecExLeak/OTC_Patching.html.