Cloud Providers Rebooting for Meltdown and Spectre Mitigations
January 26, 2018
As the recent Meltdown and Spectre CPU vulnerabilities impacted all cloud providers, all cloud providers have needed to take action. Due to the complexity of these bugs in CPUs and slow responses from Intel and AMD, developing and testing mitigations has taken understandable time for most cloud providers. DigitalOcean and others are now deploying mitigations.
On January 26, DigitalOcean announced they are done testing their mitigations for these vulnerabilities and will begin rebooting all servers to finish deploying the mitigations. DigitalOcean will email you at least 24 hours before rebooting your servers to provide you a maintenance window of when the reboot will be performed. Once a host server (physical server) at DigitalOcean is rebooted, all of the cloud servers on that host will be protected from attacks by other droplets on the same host. To reboot host servers, DigitalOcean must also reboot your cloud servers.
Additionally, Ubuntu has recently finished testing their mitigations and has released their updates to address Spectre and Meltdown. Whereas DigitalOcean's updates are needed to protect against memory disclosure across cloud servers, Ubuntu's updates protect against memory disclosure across processes within a server. ServerPilot has applied these Ubuntu updates to all servers. The updates will be fully applied once DigitalOcean reboots your servers.
For DigitalOcean users running older Ubuntu 14.04 servers, you need to switch your server to DigitalOcean's new kernel management if you haven't done so already. If your DigitalOcean server is running Ubuntu 16.04, you do not need to do this as all Ubuntu 16.04 servers use DigitalOcean's new kernel management by default.
Other Cloud Providers
For cloud providers other than DigitalOcean, check your provider's blog and email communications for information on when they'll be rebooting their servers.
If you don't want to wait for your provider to reboot servers before getting partial mitigations for these vulnerabilities, you can SSH in to your server as root and reboot your server with the following command:
However, your provider will still need to perform their own reboots if they haven't already.
Don't hesitate to contact us if you have any questions.