IBM Released Patches to Mitigate the Notorious Spectre and Meltdown Vulnerabilities on its Power Servers
Page 1 of 1 • Share
IBM Released Patches to Mitigate the Notorious Spectre and Meltdown Vulnerabilities on its Power Servers
#9719- HatchSuper Moderator
- Time Online : 10m 18s
State : Ebonyi State
My Club :
Posts : 474 Posts Liked : 106
Awards :
IBM has finally released patches to mitigate the notorious Spectre and Meltdown vulnerabilities on its Power server line, whilst adding protection from a new flaw affecting its Notes collaboration platform.
The first two vulnerabilities, CVE-2017-5753 and CVE-2017- 5715, are collectively known as Spectre, and allow user-level code to infer data from unauthorized memory; the third vulnerability, CVE-2017-5754, is known as Meltdown, and allows user-level code to infer the contents of kernel memory. The vulnerabilities are all variants of the same class of attacks but differ in the way that speculative execution is exploited.
These vulnerabilities do not allow an external unauthorized party to gain access to a machine, but they could allow a party that has access to the system to access unauthorized data.
IBM said Power customers must install patches to system firmware and operating systems — with the former a pre-requisite for the latter to be effective.
Firmware patches for Power7, Power7 , Power8 and Power9 are available via FixCentral, as are IBM i operating system patches.
AIX OS patches are available from a separate website, while Linux OS patches are available through partners RedHat, SUSE and Canonical.
IBM has also been forced to issue an interim fix for CVE-2017-1711, a vulnerability given a CVSS base score of 5.3, which the server giant interprets as “High Impact/Medium Probability of Occurrence.”
The first two vulnerabilities, CVE-2017-5753 and CVE-2017- 5715, are collectively known as Spectre, and allow user-level code to infer data from unauthorized memory; the third vulnerability, CVE-2017-5754, is known as Meltdown, and allows user-level code to infer the contents of kernel memory. The vulnerabilities are all variants of the same class of attacks but differ in the way that speculative execution is exploited.
These vulnerabilities do not allow an external unauthorized party to gain access to a machine, but they could allow a party that has access to the system to access unauthorized data.
IBM said Power customers must install patches to system firmware and operating systems — with the former a pre-requisite for the latter to be effective.
Firmware patches for Power7, Power7 , Power8 and Power9 are available via FixCentral, as are IBM i operating system patches.
AIX OS patches are available from a separate website, while Linux OS patches are available through partners RedHat, SUSE and Canonical.
IBM has also been forced to issue an interim fix for CVE-2017-1711, a vulnerability given a CVSS base score of 5.3, which the server giant interprets as “High Impact/Medium Probability of Occurrence.”
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum