Closed harshanarayana closed 6 years ago
ami-2bd87953
is not patched.
The 17.09
channel is though so if you upgrade you will get the meltdown and spectre fixes.
@edolstra needs to generate new AMIs (which I think he said somewhere he was going to do soon).
@edolstra just made new AMIs for 17.09
https://github.com/NixOS/nixpkgs/commit/6bbd67d45aaebbca0140384ea871c03c42d18277
The AMIs now contain the kpti patch (6bbd67d45aaebbca0140384ea871c03c42d18277). This can be verified by running dmesg | grep isolation
.
AFAIK the microcode updates don't apply to VMs since only the host can apply microcode updates.
Issue description
We have a set of EC2 Instance running on AWS that are used for admin purpose that use nixOS as their base. As per the AWS Security Bulletin, we are trying to patch the vulnarabilities in our system.
This is a sort of Followup question based on #33414 #33684 and #33563
Can someone please confirm that the AWS EC2 AMI for us-west-2 (ami-2bd87953) already includes the security patches for the items mentioned in the bulletin ? CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
Steps to reproduce
Technical details
EC2 AMI Image Used - ami-6449f504 (Build NixOS x86_64-linux 16.09.1508.3909827 )