Earlier on in the year we let our customers know of two security risks within the Linux, Power and IBMi systems, IBM has now release their updates keeping all customers informed, below we will share any information passed on and help you answer any questions, please call your Account Manager and we can assist you with any technical advice as needed.
Mitigation of these vulnerabilities for Power Systems clients involves installing patches to both system firmware and operating systems. The firmware patch provides partial remediation to these vulnerabilities and is a pre-requisite for the OS patch to be effective. These will be available as follows:Firmware patches for POWER7, POWER7+, POWER8 and POWER9 platforms are now available via FixCentral. Click here for more information.
- Linux operating systems patches are now available through our Linux distribution partners Red Hat, SUSE and Canonical.
- IBM i operating system patches are now available via FixCentral.
- AIX patches are now available via AIX Security.
Consistent with previously announced end of service, IBM will not be releasing patches for POWER4, POWER5, POWER6 systems and recommends migrating to a more current generation of POWER technology. We are committed to helping our clients address these vulnerabilities and have introduced an offer for
Information about generations prior to POWER4 will be communicated on an as-needed basis.We will continue to provide information about these patches via PSIRT and security bulletins.
Clients should review these patches in the context of their data center environment and standard evaluation practices to determine if they should be applied.
For more information or support please contact your Recarta Account manager
____________________________________________________________________________________________
An update to this issue was posted by IT Jungle recently based on the first exposure of the effects of the attacks. If you’re still not convinced that either Meltdown and Spectre is an issue it make for sober reading.
Read the latest report here.