Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

Debian Patching for Spectre / Meltdown

Discussion in '3CX Phone System - General' started by iron, Jan 8, 2018.

Thread Status:
Not open for further replies.
  1. iron

    Joined:
    Apr 28, 2011
    Messages:
    24
    Likes Received:
    13
    Can we get an official word on where 3CX stands with Debian OS patching for the 3CX managed installs?

    Additionally, (and it may be too soon to tell) but I would be interested to know how this patch affects CPU performance.
     
    #1 iron, Jan 8, 2018
    Last edited: Jan 8, 2018
  2. StefanW

    StefanW Head of Customer Support and Training
    Staff Member 3CX Support

    Joined:
    Jun 2, 2009
    Messages:
    1,222
    Likes Received:
    93
    the CVEs in relations are:

    https://security-tracker.debian.org/tracker/CVE-2017-5753
    https://security-tracker.debian.org/tracker/CVE-2017-5754
    https://security-tracker.debian.org/tracker/CVE-2017-5715

    All state: to an attacker with local user access

    the main benefit is that there is no local access to the platform and you dont share resources with others. ours is 100% yours. this removes the biggest issue already for your security. Once tested and proven solutions are provided by Debian, surly they will be applied via 3CX team, so nothing to do for you and as a managed service we will take care of it.

    Side affects are currently a slower system due to the nature of the issue. As the issue in this case are not as urgent (dont get me wrong, they need to be dealt with as soon the time is right) as they might be for others, we have time to evaluate all cases with time & care before we role out.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    complex1 likes this.
Thread Status:
Not open for further replies.