2019-05-15 MDS attacks against Intel CPUs and Zombieload vulnerability
On May the 14th, security researchers have disclosed a new attack impacting the speculative execution process. It is named as Microarchitectural Data Sampling (MDS) attack, and the Zombieload Vulnerability is considered the most dangerous of them.
Similar to the previous Meltdown and Spectre attacks, it can effectively break all privacy protections that exist between apps. An attacker could allow data in the CPU’s cache to be exposed to unauthorized processes. It could use these flaws to read memory from a virtual or containerized instance or the underlying host system.
Bitnami team is working on updating all affected Virtual Machines and Cloud Images available through Bitnami, for all of our cloud provider partners. This will ensure that all new launches will be secured against these issues.
Bitnami has now released and submitted the following images with the new kernel for fixing these issues:
- Bitnami has now released all the images with the new kernel available for Debian, Ubuntu and Oracle Linux in the Bitnami Launchpad for Oracle Cloud and the Oracle Cloud Marketplace.
- Bitnami has now submitted all the VMware affected images with the new kernel. Updates are being propagated to the VMware Marketplace.
- Bitnami has now released all the images with the new kernel available for Debian 9 in the Bitnami Launchpad for AWS Cloud. Updates with the new kernel available for Ubuntu 16.04 are being propagated to the AWS Marketplace.
- Bitnami has now released all the images with the new kernel available for Ubuntu 16.04 in the Bitnami Launchpad for Microsoft Azure. Updates are also being propagated to the Azure Marketplace.
- Bitnami has now released all the images with the new kernel available for Debian 9 in Bitnami Launchpad for Google Cloud Platform. Updates are being propagated to the Google Marketplace.
- Bitnami has now released all the virtual machines (OVA and VMDK format) with the new kernel available for Debian 9. They are available at bitnami.com.
- If you are running a native installer on a bare metal server, you should update the kernel in your host as well as install the Intel microcode firmware. This package is available in the “contrib” and “non-free” repositories that you should previously enable in your distro.
How to patch it
If you already have a running server (virtual machine) or if you have a Bitnami stack installed on your computer, you will need to update the operating system on your own.
Once a new, patched kernel is available from the operating system vendor, you can update it by following these instructions (depending on your distribution / operating system):
Ubuntu / Debian:
$ sudo apt-get update && sudo apt-get dist-upgrade
Oracle Linux, Red Hat, CentOS, and Amazon Linux:
$ sudo yum update
Windows / OSX. Update your system packages when the operating system suggests to. Enable the “Check for updates” option in Windows in order to get the latest updates and patches.
Once you have completed the steps above, you will get the fixed version of the kernel / operating system after rebooting your server.
If you have any questions about this process, you can visit our github repository. We will be happy to help!
For further information about these vulnerabilities, check the frequently asked questions page at the official Zombieloadattack website: https://zombieloadattack.com/#faq.