Please visit us on our new Support Page
Leostream statement on the Meltdown and Spectre vulnerabilities - Powered by Kayako Help Desk Software
Knowledgebase: Security
Leostream statement on the Meltdown and Spectre vulnerabilities
Posted by Karen Gondoly, Last modified by Karen Gondoly on 01 November 2018 09:18 AM

Spectre and Meltdown are local-machine-only vulnerabilities. Any malicious process must be running on the same machine as the Connection Broker in order for the Connection Broker to be vulnerable. If you are running a Connection Broker on a stand-alone machine and are already taking precautions against unauthorized access, then your Connection Broker is not at risk from these vulnerabilities. The same applies to the database host, if the Connection Broker is using an external database.

If your Connection Broker is running on a virtual machine, a malicious process running on another virtual machine on the same host could potentially access memory from your Connection Broker. If all of your virtual machines are under your control and protected from unauthorized access, you are at lower risk.

VMware reported that VMware ESXi, VMware Workstation, VMware Fusion, and VMware vCenter Server Appliance are at risk. If you are running a Connection Broker on any of those hypervisors, Leostream recommends applying VMware's latest patches, as soon as possible. Please, see the following VMware statements for more information:

Leostream does not offer patches to the underlying CentOS operating system included in the Connection Broker virtual appliance. However, Leostream routinely tests the Connection Broker on the latest RHEL and CentOS versions. If you installed your Connection Broker using the Leostream RPM, you may manually apply the latest patches to the underlying CentOS or Red Hat Enterprise Linux (RHEL) operating system. Applying updates to your virtualization host or guest operating system will not negatively effect your Connection Broker performance.

The currently support operating system versions for Leostream are RHEL/CentOS 6.9 for the Leostream Connection Broker, and RHEL/CentOS 7.4 for the new Leostream Connection Broker 9.0.

For more information on updates to the underlying operating system, see the following statements:

(2 vote(s))
Not helpful

Comments (0)
Post a new comment
Full Name: