This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
YongHyunLee
Beginner
Beginner
‎2018-01-04 03:18 AM

About Intel cpu bugs

Jump to solution

Hello

 

Intel cpu bugs become an issue recently.

 

My customers want to know what are impacts on AM appliances and information of patches about the issue.

 

Plz let me know if there's something about the issue. (Impacts, release date of patch, etc...)

 

Thanks and have a nice day.

Labels (1)
0 Likes
Reply
1 Solution

Accepted Solutions
jeffshurtliff
Administrator Administrator
Administrator
‎2018-01-04 12:28 PM

Jump to solution

Updates regarding the impact of Meltdown and Spectre on RSA products will be provided in the following knowledge base article:  https://community.rsa.com/docs/DOC-85418 

View solution in original post

0 Likes
Reply
4 Replies
AlexFoyster
Contributor
Contributor
‎2018-01-04 09:23 AM

Jump to solution

Yes - we're getting these questions as well. 

 

As its a kernel-level patch which is needed to fix the issue, I guess the Suse Linux kernel (that AuthManager sits on), has to release a fix first, before RSA can make a patch for AuthenticationManager available. 

 

Suse have SAs for these CVEs, but they are all in progress/testing with their QA:

 

https://www.suse.com/security/cve/CVE-2017-5753/ 

 

https://www.suse.com/security/cve/CVE-2017-5715/ 

 

https://www.suse.com/security/cve/CVE-2017-5754/ 

0 Likes
Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2018-01-04 09:38 AM

Jump to solution

For reference, last night Ivan in APJ opened an Authentication Manager Jira bug to track this, AM-31724 - Intel chip vulnerabilities - Meltdown and Spectre.  Engineering in turn opened a PSO bug PSCSP-2234, because as Alex indicated above, AM Engineering does not write the fix, either Suse does or maybe Dell and the hardware manufacturers do.  AM just has to make sure it is implemented

Reply
jeffshurtliff
Administrator Administrator
Administrator
‎2018-01-04 12:28 PM

Jump to solution

Updates regarding the impact of Meltdown and Spectre on RSA products will be provided in the following knowledge base article:  https://community.rsa.com/docs/DOC-85418 

0 Likes
Reply
AlexFoyster
Contributor
Contributor
‎2018-01-09 10:17 AM

Jump to solution

With regard to the KB article; there is a link in there for 'other Dell products'  - which links to a page on Dell's site, which includes instructions for updating the BIOS of server hardware used in RSA hardware appliances to a newly released version. 

 

Is this considered a recommended action by RSA? Or should we advise customers to await more information?

I can see an updated Linux kernel coming in a patch for AuthManager, but a new version of BIOS software...not so much.  

 

I'm asking as we have customer reading this KBs etc. and putting 2 and 2 together. 

 

Thanks 

 

Alex

 

(I've asked the same question in this thread)

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.