Meltdown and Spectre are critical vulnerabilities existing in several modern CPUs. Due to these security vulnerabilities, unauthorized users may gain access to supposedly protected memory areas. These problems affect most CPUs made by Intel, but also by AMD and ARM, regardless of the operating system in use.
So far, there are three known variants of this issue:
We highly recommend to install the latest errata updates which have been released by Univention. If you still use an outdated version of UCS like UCS 1, UCS 2 or UCS 3, please upgrade. We will only release updates for UCS 4.1-5 and UCS 4.2-2 and UCS 4.2-3. The UCS 4.2 updates will be available for Enterprise and Core Edition users, the UCS 4.1 fixes will only be available for Enterprise users.
Status in UCS:
- 2018-01-09: Erratum 257 has been announced for UCS 4.2 which updates the Linux Kernel to 4.9.75 and fixes Meltdown CVE-2017-5754
- 2018-01-12: Erratum 491 has been announced for UCS 4.1 which updates the Linux Kernel from 4.1.6 to 4.9.76 and fixes Meltdown CVE-2017-5754.
- 2018-01-29: Erratum 270 has been announced for UCS 4.2 which adds the infrastructure to the gcc C compiler for using “retpoline”. The compiler can be used to mitigate the “Spectre 2” vulnerability by re-compiling susceptible binaries until fixed CPUs or fixed CPU micro code updates are available from the CPU vendors.
- 2018-01-29: Erratum 267 has been announced for UCS 4.2 which updates the Linux Kernel to 4.9.78. This kernel has been built with the new gcc.
- 2018-01-31: Erratum 498 has been announced for UCS 4.1 which updates the backported Linux Kernel to 4.9.78. This kernel has been built with the new gcc.
- Checking microcode updates.
- We are also checking how the Spectre 1 issues can be mitigated.