Layer7 Identity Management

Meltdown and Spectre vulnerabilities - Identity Suite Virtual Appliance update

  • 1.  Meltdown and Spectre vulnerabilities - Identity Suite Virtual Appliance update

    Posted 01-08-2018 04:02 PM

    CA Identity Suite

    1/8/2018

     

    To:

    CA Identity Suite Customers

    From:

    The CA Technologies Identity Suite Product Team

    Subject:

    Proactive Notification: Critical Alert for Identity Suite Virtual Appliance

     

    Dear CA Customer:

    The purpose of this Critical Alert is to inform you of a potential problem that has been recently identified involving the CA Identity Suite Virtual Appliance.
    Please read the information provided below and follow the instructions in order to avoid being impacted by this problem.

     

    PRODUCT(S) AFFECTED: CA Identity Suite Virtual Appliance          RELEASE: 14.0 thru 14.1.

     

    PROBLEM DESCRIPTION:
    CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715 have been recently identified in industry-wide "multiple microarchitectural (hardware) implementation issues affecting many modern microprocessors, requiring updates to the Linux kernel, virtualization-related components, and/or in combination with a microcode update."
    Ref: https://access.redhat.com/security/vulnerabilities/speculativeexecution

     

    SYMPTOMS:
    "An unprivileged attacker can use these flaws to bypass conventional memory security restrictions in order to gain read access to privileged memory that would otherwise be inaccessible. There are 3 known CVEs related to this issue in combination with Intel, AMD, and ARM architectures. Additional exploits for other architectures are also known to exist. These include IBM System Z, POWER8 (Big Endian and Little Endian), and POWER9 (Little Endian)."
    Ref: https://access.redhat.com/security/vulnerabilities/speculativeexecution

     

    IMPACT:
    All form factors of the CA IDS vApp are impacted by this issue.

     

    WORKAROUND:
    There is currently no known workaround for this issue.

     

    PROBLEM RESOLUTION:
    Install the hotfix HF-INTERNAL-20180107-MELTDOWN-VULNERABILITY-FIX-0001 on all CA IDS vApp nodes.
    File name:                           HF-INTERNAL-20180107-MELTDOWN-VULNERABILITY-FIX-0001.tgz.gpg
    File size:                               114,022,075 bytes
    MD5 checksum:                c37ba35f20caaf505e10554312c3b0ad

    It is strongly advised that customers apply this patch to all CA Identity Suite Virtual Appliance nodes in their environment.
    If you have any questions about this Critical Alert, please contact CA Support.
     
    Thank you,

    CA Support Team

    Copyright © 2017 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.