Information regarding speculative execution Meltdown and Spectre vulnerabilities. (15134-3250)
Important: If you are unable to access the sign-in link or if the page navigation seems broken, force refresh your browser's cache. From Windows and Linux browsers, use Ctrl+F5. From Mac browsers, use +Shift+R.

Information regarding speculative execution Meltdown and Spectre vulnerabilities. (15134-3250)

Vulnerability Detail

On January 3, 2018 it was formally announced that researchers had found three vulnerabilities that take advantage of the implementation of speculative execution of instructions on many modern microprocessor architectures to perform side-channel information disclosure attacks.

The first of these vulnerabilities is Meltdown (CVE-2017-5754).  Meltdown, can enable hackers to gain privileged access to parts of a computer’s memory used by an application/program and the operating system (OS). Meltdown only affects Intel processors.

The second and third vulnerabilities are rolled under the Spectre moniker (CVE-2017-5753 and CVE-2017-5715).  Spectre can allow attackers to steal information leaked in the kernel/cached files or data stored in the memory of running programs, such as credentials (passwords, login keys, etc.). According to Google Project Zero, this vulnerability impacts Intel, AMD, and ARM chips.

Tera2 Zero Clients, Tera2 Remote Workstation Cards and Hardware Accelerator

We have confirmed that the MIPS processor models used in our Tera2 Zero Clients,Tera2 Remote Workstation Cards, and Hardware Accelerator are not impacted by the exploitation techniques described in the Spectre and Meltdown vulnerabilities. See MIPS documentation.

All other products

Teradici continues to investigate all of our product line to determine which (if any) products might be impacted. We will update the support website and all relevant Knowledge base articles as we complete our investigations and more information becomes available. A summary of our current findings can be found in the table below:

Product

Spectre 1

Spectre 2

Meltdown

Tera2 Remote Workstation Card

Not Vulnerable

Not Vulnerable

Not Vulnerable

Tera2 Zero Client

Not Vulnerable

Not Vulnerable

Not Vulnerable

Hardware Accelerator

Not Vulnerable

Not Vulnerable

Not Vulnerable

Cloud Access Software

Not Vulnerable*

Not Vulnerable*

Not Vulnerable*

Connection Manager for Amazon Workspace (TAA)

Reboot the the PCoIP Connection Manager for Amazon WorkSpaces as unattended updates is enabled by default.

Teradici will also release a new version. See PCoIP Products and Releases (15134-650) for product updates

Reboot the the PCoIP Connection Manager for Amazon WorkSpaces as unattended updates is enabled by default.

Teradici will also release a new version. See PCoIP Products and Releases (15134-650) for product updates

Reboot the the PCoIP Connection Manager for Amazon WorkSpaces as unattended updates is enabled by default.

Teradici will also release a new version. See PCoIP Products and Releases (15134-650) for product updates

Connection Manager/Security Gateway

Not Vulnerable*

Not Vulnerable*

Not Vulnerable*

Host Software

Not Vulnerable*

Not Vulnerable*

Not Vulnerable*

License Server 1.x/2.0

Not Vulnerable*

Not Vulnerable*

Not Vulnerable*

Management Console 1.x

Under Review

Under Review

Under Review

Management Console 2.x/3.x

Teradici has released a new version with CentOS updates. See PCoIP Products and Releases (15134-650) for product updates.
Patching of the ESXi server will be required as patches are made available from VMware.

Note: Customers can continue to update CentOS using sudo yum update as CentOS release further updates.

Teradici has released a new version containing an updated VM Hardware version. See PCoIP Products and Releases (15134-650) for product updates.

Patching of the ESXi server will be required as patches are made available from VMware. VMware security information on VM Hardware version: https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html.

Teradici has released a new version with CentOS updates. See PCoIP Products and Releases (15134-650) for product updates.
Patching of the ESXi server will be required as patches are made available from VMware.

Note: Customers can continue to update CentOS using sudo yum update as CentOS release further updates.

Software Clients

Not Vulnerable*

Not Vulnerable*

Not Vulnerable*

 

*Not Vulnerable: It is important to note that that a Teradici product that may be deployed on an OS, as a virtual machine or a container, even while not being directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. Teradici recommends customers harden their virtual environment and to ensure that all security updates are installed.  Also, please be aware that as this is an ongoing investigation, products considered not vulnerable may become Vulnerable if additional information becomes available.

Operating System Updates: Updates have been made available for many of the major operating systems to mitigate both Spectre (1,2) and Meltdown. These updates can be applied to products delivered in a virtual appliance format. However, you should verify the performance of the system prior to running it in products by testing on a test system or performing a snapshot backup of the appliance prior to updating.

Official CentOS and RedHat information.

Was this answer helpful?YesNo

Knowledge Base

Topic Information
  • Topic #: 15134-3250
  • Date Created: 01/09/2018
  • Last Modified Since: 02/09/2018
  • Viewed: 551