Dear LIR mailing list subscribers,

You may be aware of the "Meltdown" and "Spectre" vulnerabilities that were disclosed in the media during the past 24 hours. These are vulnerabilities in CPUs (notably, but not only, Intel CPUs made since 1995) which can allow programs to access memory, and therefore sensitive restricted information, that they should not have access to.
 
The immediate problem can be worked around with operating system patches. This vulnerability was originally scheduled to be disclosed next Tuesday by the vendors; because of the early disclosure, some patches are still being readied for release.
 
The vulnerability itself appears to require local code execution to exploit. In some situations, this may be very easy; in other scenarios, where a device is well isolated from user input, it can be much more difficult. We are working to identify affected systems in HEAnet and apply fixes once they are available. This is likely to require emergency maintenance on certain services as we perform the reboots necessary to patch their kernels (in line with industry practice.) We will be in touch as these are scheduled.
 
We also suggest that you install security updates on your own systems as they become available (but we also note that the mitigation may incur a performance penalty.) Please note that, for virtual machines, both the host and its guest VMs are likely to need to be patched.
 
The details of the vulnerabilities are at Google Project Zero: 
https://googleprojectzero.blogspot.ie/2018/01/reading-privileged-memory-with-side.html

And at CERT: http://www.kb.cert.org/vuls/id/584653
 
We will be in touch with further information as it arises, and if you have any questions please don't hesitate to contact [log in to unmask].

Regards,
Brian.

--
Brian Boyle, Head of Infrastructure
HEAnet CLG, Ireland’s National Education and Research Network 1st Floor, 5 George’s Dock, IFSC, Dublin D01 X8N7, Ireland
+353 (0)1 6609040, [log in to unmask], www.heanet.ie
Registered in Ireland, No. 275301.  CRA No. 20036270