4 Steps to Follow to Protect Website from Meltdown and Spectre

| | 2 min read

The two industry-wide security vulnerabilities named Meltdown and Spectre are hardware bugs that can allow hackers to steal sensitive information such as passwords, encryption keys from the memory of other programs. They work in different ways, affect different processors from Intel, ARM, and AMD, and require different fixes.

What to do to protect against Meltdown and Spectre?

To protect yourself, update your operating system software as patches are released by vendors and continue to monitor communications related to the Meltdown and Spectre vulnerabilities.

Current Patch Status

As of now, no distributions are yet fully patched.

Distributions that have released kernel updates with partial mitigation (patched for Meltdown AND variant 1 of Spectre) include:

  • CentOS 7: kernel 3.10.0-693.11.6
  • CentOS 6: kernel 2.6.32-696.18.7

Distributions that have released kernel updates with partial mitigation (patched for Meltdown) include:

  • Fedora 27: kernel 4.14.11-300
  • Fedora 26: kernel 4.14.11-200
  • Ubuntu 17.10: kernel 4.13.0-25-generic
  • Ubuntu 16.04: kernel 4.4.0-109-generic
  • Ubuntu 14.04: kernel 3.13.0-139-generic
  • Debian 9: kernel 4.9.0-5-amd64
  • Debian 8: kernel 3.16.0-5-amd64
  • Debian 7: kernel 3.2.0-5-amd64
  • Fedora 27 Atomic: kernel 4.14.11-300.fc27.x86_64
  • CoreOS: kernel 4.14.11-coreos

How to Apply Updates?

Its good to apply updates as they become available instead of waiting for a full patch set. This may require you to upgrade the kernel and reboot. Below are the four steps to follow to update.

1. Update your system software once patches are available.

For Ubuntu and Debian servers, you can update your system using the command

sudo apt-get update
sudo apt-get dist-upgrade

For CentOS servers

sudo yum update

For Fedora servers, use the dnf tool instead:

sudo dnf update

2. It is highly recommended to take a backup or snapshot of critical data before making changes to a production system

3. Reboot your server using the command regardless of the operating system

sudo reboot

4. Log in and check the active kernel to ensure that your kernel has been upgraded.

Update and stay protected!