Digital Ocean Security Update: The Meltdown and Spectre Vulnerabilities
An email from Digital Ocean states:
DigitalOcean is working to mitigate the industry-wide security vulnerabilities known as Meltdown and Spectre. As part of our mitigation efforts, we have planned an ongoing maintenance that will affect all Droplets in all regions. During the one hour window noted above, we will be performing reboots on a small portion of our fleet. This will result in your Droplets, listed below, being offline for the duration of the reboot.
We have dedicated all available resources to this maintenance to ensure your Droplets are back online as quickly as possible. We anticipate a maximum downtime of fifteen minutes for impacted Droplets, but expect most Droplets to be back online much faster. We are primarily performing this maintenance during business hours so we can maximize our available resources for issues that might arise and continue to maintain service levels for our users.
You can read more about the reason for these reboots here: https://blog.digitalocean.com/a-message-about-intel-security-findings.
This reboot will not automatically patch your Droplet, you should follow this guide to do so, and we encourage you to continue to update as more mitigation patches are pushed into repositories: https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-meltdown-and-spectre-vulnerabilities.
If you have any questions, please reply to this email and our support team will be happy to assist you.
There is enough content to read about what is Meltdown and Spectre and how it affects our servers. There are details on how to protect our servers against Meltdown and Spectre vulnerabilities.
Here, I have summarized the steps for securing your servers running on Ubuntu 14.04 and 16.04
- First, login to your remote server. Check your Ubuntu version:
deploy@my-droplet:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.4 LTS
- Now, check the kernel release on remote server. Run this on terminal:
- For Ubuntu and Debian servers, you can update your system software by refreshing your local package index and then upgrading your system software:
sudo apt-get update
sudo apt-get dist-upgrade
For CentOS servers, you can download and install updated software by typing:
sudo yum update
For Fedora servers, use the dnf tool instead:
sudo dnf update
- Now, reboot your server to switch to the new kernel:
Also, it must to Power OFF and then Power ON the droplet to apply latest changes on Kernel.
That’s it! You are done with the latest update.
- Now, check your server Kernel release with the command:
This will show the latest stable release patch installed. In my case it was changed to 4.4.0–116
NOTE: If you have Ubuntu 12.04 then it is highly recommended that you should move to droplet to version 14.04 LTS or 16.04 LTS ASAP.
This is from Digital Ocean support (I had a droplet with version 12.04 and it was down more than 10 Hrs due to this update).
I think I’ve finally gotten the droplet to boot!
I would highly suggest to migrate the data from this droplet to a current LTS release such as Ubuntu 14.04 or 16.04 as we have no way of ensuring compatibility of this 12.04 droplet on our platform going forward. If you have any other droplets running on an unsupported release such as this I would suggest to migrate those as well. With the current and upcoming reboots to address Spectre and Meltdown it is possible to see issues due to the lack of compatibility for these older instances.
We work in Ruby on Rails, Python, Java, React, Android and iOS.
Drop us a line to discuss how can we help take your business to the next level.
Choose Your Language
- Digital Marketing
- IT Consulting
- Project Management