forked from xtreme-sameer-vohra/docs-stemcell-rn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
stemcell-v3445x.html.md.erb
97 lines (58 loc) · 3.84 KB
/
stemcell-v3445x.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
---
title: Stemcell v3445.x (Linux) Release Notes
Owner: BOSH
---
This topic includes release notes for the 3445.x line of Linux stemcells used with Pivotal Cloud Foundry (PCF).
## <a id="3445-30"></a>3445.30
**Release Date**: March 28, 2018
- Periodic Ubuntu Trusty stemcell bump
## <a id="3445-29"></a>3445.29
**Release Date**: March 13, 2018
- Periodic Ubuntu Trusty stemcell bump
## <a id="3445-28"></a>3445.28
**Release Date**: February 23, 2018
- Bump Ubuntu Trusty stemcells for USN-3582-2: Linux kernel (Xenial HWE) vulnerabilities
## <a id="3445-24"></a>3445.24
**Release Date**: January 23, 2018
- Bump Ubuntu Trusty stemcells for USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities. This addresses the flaw known as Spectre. This update may include degradations to performance. Pivotal will do additional performance testing and provide updates as more information is available.
## <a id="3445-23"></a>3445.23
**Release Date**: January 18, 2018
- Bump Ubuntu Trusty stemcells for USN-3534-1: GNU C Library vulnerabilities
## <a id="3445-22"></a>3445.22
**Release Date**: January 10, 2018
- Bumps Ubuntu Trusty stemcells for USN-3522-4; also bumps vSphere stemcells to use VM hardware version 9
- USN-3522-2 introduced a regression in the Linux Hardware Enablement kernel and USN-3522-4 fixes that issue.
- Per the 3445.21 release note, monitor your VMs prior to upgrading to this stemcell and scale your VMs as necessary.
## <a id="3445-21"></a>3445.21
**Release Date**: January 10, 2018
- Bump Ubuntu Trusty stemcells for [USN-3522-2: Linux (Xenial HWE) vulnerability](https://usn.ubuntu.com/usn/usn-3522-2/) (This flaw is known as Meltdown.)
### <a id='critical'></a> USN-3522-2 Addresses Meltdown Vulnerabilities
Meltdown exploits critical vulnerabilities in modern processors.
For more information about Meltdown, see the [Meltdown and Spectre Attacks](https://www.cloudfoundry.org/blog/meltdown-spectre-attacks/) blog post.
[USN-3522-2](https://www.cloudfoundry.org/usn-3522-2/) addresses the critical vulnerability in Ubuntu associated with Meltdown.
</br>
</br>
This update may include degradations to performance if your VM's CPU and memory usage are currently at near-capacity levels.
Prior to upgrading to this stemcell, monitor your PCF VM's current CPU and memory usage and scale those components if necessary. If any of your VMs are currently operating at 60% or above, Pivotal recommends scaling that VM.
For more information about the performance impact of Meltdown-related stemcell patches on PCF components and guidance on scaling, see this [KB article](https://discuss.pivotal.io/hc/en-us/articles/360000309953).
</br>
</br>
For more information about monitoring and scaling PCF, see the [Monitoring PCF VMs from Ops Manager](http://docs.pivotal.io/pivotalcf/2-0/customizing/monitoring.html),
[Key Capacity Scaling Indicators](https://docs.pivotal.io/pivotalcf/monitoring/key-cap-scaling.html),
and [Scaling PAS](../opsguide/scaling-ert-components.html) topics. Performance degradation is likely to vary by workload type, IaaS, and other factors.
Pivotal recommends testing your deployment thoroughly after upgrading to this stemcell.
## <a id="3445-19"></a>3445.19
**Release Date**: December 8, 2017
- Bump Ubuntu Trusty stemcell USN-3509-2: Linux kernel (Xenial HWE) vulnerabilities
## <a id="3445-17"></a>3445.17
**Release Date**: December 1, 2017
- Periodic Ubuntu stemcells update
## <a id="3445-11"></a>3445.11
**Release Date**: September 20, 2017
- Bump Ubuntu stemcells for USN-3420-2: Linux kernel (Xenial HWE) vulnerabilities
## <a id="3445-7"></a>3445.7
**Release Date**: September 1, 2017
- Logrotate /var/log/wtmp and utmp more aggressively
- Updated BOSH agent to include aggressive 5 minute timeout on NATS connection failure
- Set auditd rules to be mutable by default
- Please use `auditd` job from os-conf-release to make rules immutable