Security weaknesses Meltdown and Spectre

Follow

Recently, the following weaknesses have been published: 

CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, also known as Meltdown and Spectre. 

Cumulocity is taking precautionary measures to prevent exposure of these weaknesses on the Cumulocity platforms.

We are currently in the process of verification of the required OS level patches for the operated IoT patforms which will be applied once the verification is completed.

Although Cumulocity considers the risk of exposure to these weaknesses minimal and limited to the CEP server component only, all machines in all operated platforms will be patched and rebooted in the coming days. 

A technical note for private edition customers is under preparation for Cumulocity Private Edition Customers. 

For the underlying cloud platforms please see the statements from our cloud operators:

Amazon Web Services:

https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/

Microsoft Azure:

https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/

 

Have more questions? Submit a request

Comments