This blog post was updated with the steps to update Debian 8
----
A new vulnerability was discovered in the Linux Kernel. The recent Spectre attacks exploit speculative execution to allow the exfiltration of sensitive data across protection boundaries.
https://blog.bitnami.com/2018/01/spectre-and-meltdown-privileged-memory.html
https://blog.bitnami.com/2018/05/kernel-side-channel-attack.html
This is a new Spectre-class attack, also known as SpectreRSB (CVE-2018-15572), that exploits the return stack buffer (RSB), a common structure in modern CPUs used to predict return addresses. More information about this security vulnerability can be found in the official paper at https://www.usenix.org/conference/woot18/presentation/koruyeh.
Once a new, patched kernel is available from the operating system vendor, you can update it by following these instructions (depending on your distribution/operating system):
Debian 8 and 9 / Ubuntu 14.04, 16.04 and 18.04
sudo apt-get update && sudo apt-get dist-upgrade
Oracle Linux, Red Hat, CentOS and Amazon Linux
Not affected
OSX
Update your system packages when the operating system suggests to.
Once you have completed the steps above, you will have the fixed version of the kernel/operating system after rebooting your server.
If you have any questions about this process, please post to our community support forum and we will be happy to help!