Intel cpu bugs become an issue recently.
My customers want to know what are impacts on AM appliances and information of patches about the issue.
Plz let me know if there's something about the issue. (Impacts, release date of patch, etc...)
Thanks and have a nice day.
- Auth Manager
- Authentication Manager
- Community Thread
- Forum Thread
- RSA Authentication Manager
- RSA SecurID
- RSA SecurID Access
- side-channel attack
Yes - we're getting these questions as well.
As its a kernel-level patch which is needed to fix the issue, I guess the Suse Linux kernel (that AuthManager sits on), has to release a fix first, before RSA can make a patch for AuthenticationManager available.
Suse have SAs for these CVEs, but they are all in progress/testing with their QA:
For reference, last night Ivan in APJ opened an Authentication Manager Jira bug to track this, AM-31724 - Intel chip vulnerabilities - Meltdown and Spectre. Engineering in turn opened a PSO bug PSCSP-2234, because as Alex indicated above, AM Engineering does not write the fix, either Suse does or maybe Dell and the hardware manufacturers do. AM just has to make sure it is implemented
With regard to the KB article; there is a link in there for 'other Dell products' - which links to a page on Dell's site, which includes instructions for updating the BIOS of server hardware used in RSA hardware appliances to a newly released version.
Is this considered a recommended action by RSA? Or should we advise customers to await more information?
I can see an updated Linux kernel coming in a patch for AuthManager, but a new version of BIOS software...not so much.
I'm asking as we have customer reading this KBs etc. and putting 2 and 2 together.
(I've asked the same question in this thread)