Recent vulnerabilities related to server hardware have recently been identified and require updating your operating system software to protect your server. Referred to as “Spectre” or “Meltdown”, these vulnerabilities apply to almost all modern computing equipment (servers and desktops alike) and should be taken very seriously. Best Practice is to apply updates to your servers and workstations as soon as they are available from the manufacturers.
NOTE: VPS servers do not require microcode updates as these updates are applied on the parent server. However, operating system and registry updates should still be applied to Cloud servers as part of the recommended Best Practice for server security.
CentOS Systems
To properly mitigate against these vulnerabilities, you need to update the following packages:
- kernel
- microcode.ctl
- To update, run the following command after Logging into Your Server via Secure Shell (SSH):
yum update -y kernel microcode_ctl
On CentOS 6/CloudLinux 6 systems, you also need to run the following before rebooting:
if ! (mount -l | grep -q debugfs) ; then mount -t debugfs none /sys/kernel/debug echo "debugfs /sys/kernel/debug debugfs defaults 0 0" >> /etc/fstab fi ; echo 1 > /sys/kernel/debug/x86/ibrs_enabled 2>/dev/null || true
- Reboot the server.
- Check your server's status with the following script:
/usr/local/lp/apps/sonarpush-helpers/spectre-meltdown-checker*
NOTE: Some motherboard/CPU combinations cannot be patched with microcode updates or BIOS patches. If your server has such a limitation, we may be contacting you about upgrading your server hardware after we've verified that such an upgrade is necessary.
If you have questions or need additional assistance submit a Support Request here:
https://www.alpineweb.com/backroom/submitticket.php
Or visit the Contact Us page for additional contact options: