January 2018
- Security Alert Meltdown and Spectre: https://imagefactory.otc.t-systems.com/Blog-Review/SpecExLeak/
Updated images provided on 2018-01-26. Major changes over previous versions:
-
Ubuntu-14, Ubuntu-16
-
Security fix for Spectre Variant-1 (CVE-2017-5753)
new version Ubuntu-14 with kernel 3.13.0-141-generic #190
new version Ubuntu-16 with kernel 4.4.0-112-generic #135
-
Updated Windows images provided on 2018-01-12. Major changes over previous versions:
-
OTC Windows Self-Managed - Release 2018-01-11-0
-
registry keys to enable the mitigations on the server against speculative execution side-channel vulnerabilities are set:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management, FeatureSettingsOverride, 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management, FeatureSettingsOverrideMask, 3
`HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization MinVmVersionForCpuBasedMitigations, 1.0
for details see: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
-
added January 2018 MS Patches
-
Windows Server 2008 R2
- 2018-01 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4056890)
- Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - January 2018 (KB8 90830)
-
Windows Server 2012 R2
- 2018-01 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4056898)
- 2018-01 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4056895)
- Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - January 2018 (KB890830)
- 2018-01 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 8.1 and Server 2012 R2 for x64 (KB4055271)
-
Windows Server 2016
- 2018-01 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4056894)
- Windows Malicious Software Removal Tool x64 - January 2018 (KB890830)
- 2018-01 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4055269)
- 2018-01 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 7 and Server 2008 R2 for x64 (KB4055532)
-
Included driver and tools:
- XEN GPL driver: 3.0.144.590 (unchanged)
- KVM UVP Vmtools: 2.5.0.102 (unchanged)
- Intel SRIOV (High Performance ) driver : Version 22.0, January 27, 2017 (unchanged)
- NVIDIA vGPU driver: 369.71 (unchanged)
- NVIDIA pGPU driver: 385.54 (unchanged)
- Cloudbase-Init: 9.12 (unchanged)
-
In pGPU image NVIDIA driver mode is set to TCC per default. Can be changed to WDDM by running :
"C:\Program Files\NVIDIA Corporation\NVSMI\nvidia-smi.exe" -dm 0
Updated images provided on 2018-01-08. Major changes over previous versions:
-
Debian-9
-
Security fix for Meltdown (CVE-2017-5754)
new version Debian 4.9.65-3+deb9u2
-
-
Fedora-26
-
Security fix for Meltdown (KPTI)
new version Fedora 4.14.11-200.fc26.x86_64
-
Updated images provided on 2018-01-05. Major changes over previous versions:
-
CentOS-6, CentOS-7
-
Security fix for Meltdown and Spectre (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)
new version CentOS-7 3.10.0-693.11.6.el7.x86_64
new version CentOS-6 2.6.32-696.18.7.el6.x86_64
-
All the other Images were updated as well on Jan 5 or the following handful of days, see https://imagefactory.otc.t-systems.com/Blog-Review/SpecExLeak/OTC_Patching.html.