Security Advisory: Meltdown and Spectre

Last updated: Fri Jan 26 04:27:58 GMT 2018

Background

In response to vulnerabilities referred to as Meltdown and Spectre (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754), ThousandEyes does not expect to have any security impact on its systems and information due to the following:

  1. ThousandEyes does not rely on third party Platform-as-a-Service (or any other forms of shared computing infrastructure) to perform critical data storage and processing; we maintain our own physical infrastructure.
  2. All internal systems are regularly audited for unauthorized access, including user access and privileged access; a limited number of engineering personnel have interactive access to systems that store and process critical data
  3. All patches will be deployed to ThousandEyes infrastructure components, including Web application and Cloud Agents, as they are released by the manufacturers. All ThousandEyes virtual appliances will be patched as soon as updates are released and tested, and we will contact our customers if any action is required.
 

Action required

if you are running the ThousandEyes Enterprise agent on your own virtualization infrastructure, use containers, or if you have deployed Enterprise agents as a Linux application on your own Linux operating system, it is your responsibility to apply patches to your virtualization software, container application and/or operating system.  Refer to links in the additional information section below for details on patches for supported operating systems.


Additional information

Update links can be found below for supported Enterprise Agent operating systems.  Please refer to these links as patches are made available, to identify steps that must be taken.
  • Ubuntu - https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown (status updates on patches)
  • Red Hat - https://access.redhat.com/security/vulnerabilities/speculativeexecution (status updates on patches)

Updates


Further updates

If our assessment of these vulnerabilities changes based on new information made available, this document will be updated.  Registered ThousandEyes users can subscribe to the Announcements channel to be updated upon any changes.