Howdy all,
While we don’t distribute any software directly impacted by this issue, it is a big enough issue that I felt it worth mentioning, just in case anyone has missed the news elsewhere. A variety of serious data exposure bugs have been discovered in most major CPUs of the past decade or so. It is most dangerous on multi-tenant systems of all kinds (like Cloudmin and Virtualmin systems with untrusted users), as an attack could be used by non-privileged users with any sort of shell access to discover sensitive information, such as passwords or private keys.
Linux distributions have begun rolling out new kernels with mitigations, but not all distros have made them available yet. But, be on the lookout for those updates from your OS vendor(s), and plan to reboot into the new kernel ASAP after it becomes available. I see that RHEL has the default kernel available (which would also cover KVM users), but no Xen kernel yet.
Some relevant coverage of the topic:
https://access.redhat.com/security/vulnerabilities/speculativeexecution
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
Be careful out there. Also, now is a good time to check your backups and disaster recovery processes to make sure they’re doing the right thing.
Cheers,
Joe