-
Notifications
You must be signed in to change notification settings - Fork 21
/
stemcell-v3363x.html.md.erb
151 lines (83 loc) · 4.85 KB
/
stemcell-v3363x.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
---
title: Stemcell v3363.x (Linux) Release Notes
Owner: BOSH
---
This topic includes release notes for the 3363.x line of Linux stemcells used with Pivotal Cloud Foundry (PCF).
## <a id="3363-51"></a>3363.51
**Release Date**: March 13, 2018
- Periodic Ubuntu Trusty stemcell bump
## <a id="3363-50"></a>3363.50
**Release Date**: February 23, 2018
- Bump Ubuntu Trusty stemcells for USN-3582-2: Linux kernel (Xenial HWE) vulnerabilities
## <a id="3363-48"></a>3363.48
**Release Date**: January 23, 2018
- Bump Ubuntu Trusty stemcells for USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities. This addresses the flaw known as Spectre. This update may include degradations to performance. Pivotal will do additional performance testing and provide updates as more information is available.
## <a id="3363-47"></a>3363.47
**Release Date**: January 18, 2018
- Bump Ubuntu Trusty stemcells for USN-3534-1: GNU C Library vulnerabilities
## <a id="3363-46"></a>3363.46
**Release Date**: January 10, 2018
- Bumps Ubuntu Trusty stemcells for USN-3522-4; also bumps vSphere stemcells to use VM hardware version 9
- USN-3522-2 introduced a regression in the Linux Hardware Enablement kernel and USN-3522-4 fixes that issue.
- Per the 3363.45 release note, monitor your VMs prior to upgrading to this stemcell and scale your VMs as necessary.
## <a id="3363-45"></a>3363.45
**Release Date:** January 10, 2018
- Bump Ubuntu Trusty stemcells for USN-3522-2: Linux (Xenial HWE) vulnerability (This flaw is known as Meltdown.)
### <a id='critical'></a> USN-3522-2 Addresses Meltdown Vulnerabilities
Meltdown exploits critical vulnerabilities in modern processors.
For more information about Meltdown, see the [Meltdown and Spectre Attacks](https://www.cloudfoundry.org/blog/meltdown-spectre-attacks/) blog post.
[USN-3522-2](https://www.cloudfoundry.org/usn-3522-2/) addresses the critical vulnerability in Ubuntu associated with Meltdown.
</br>
</br>
This update may include degradations to performance if your VM's CPU and memory usage are currently at near-capacity levels.
Prior to upgrading to this stemcell, monitor your PCF VM's current CPU and memory usage and scale those components if necessary. If any of your VMs are currently operating at 60% or above, Pivotal recommends scaling that VM.
For more information about the performance impact of Meltdown-related stemcell patches on PCF components and guidance on scaling, see this [KB article](https://discuss.pivotal.io/hc/en-us/articles/360000309953).
</br>
</br>
For more information about monitoring and scaling PCF, see the [Monitoring PCF VMs from Ops Manager](http://docs.pivotal.io/pivotalcf/2-0/customizing/monitoring.html),
[Key Capacity Scaling Indicators](https://docs.pivotal.io/pivotalcf/monitoring/key-cap-scaling.html),
and [Scaling PAS](../opsguide/scaling-ert-components.html) topics. Performance degradation is likely to vary by workload type, IaaS, and other factors.
Pivotal recommends testing your deployment thoroughly after upgrading to this stemcell.
## <a id="3363-42"></a>3363.42
**Release Date**: November 29, 2017
- Periodic Ubuntu stemcells update
## <a id="3363-24"></a>3363.24
**Release Date**: May 22, 2017
- Periodic Ubuntu stemcells update
## <a id="3363-20"></a>3363.20
**Release Date**: April 25, 2017
- Bump Ubuntu stemcells for USN-3265-2: Linux kernel (Xenial HWE) vulnerabilities
## <a id="3363-15"></a>3363.15
**Release Date**: April 5, 2017
- Bump Ubuntu stemcells for USN-3256-2: Linux kernel (HWE) vulnerability
Misc:
- Made AWS AMI backing snapshot public to support encryption of boot disks
## <a id="3363-14"></a>3363.14
**Release Date**: March 31, 2017
- Bump Ubuntu stemcells for USN-3249-2: Linux kernel (Xenial HWE) vulnerability
## <a id="3363-10"></a>3363.10
**Release Date**: March 9, 2017
- Bumps Ubuntu stemcells for USN-3220-2: Linux kernel (Xenial HWE) vulnerability
## <a id="3363"></a>3363
**Release Date**: February 16, 2017
Reported Problems:
- DO NOT USE _azure_ stemcell as it may cause data loss.
- [Out of memory errors still exists in Kernel 4.4.0.62](https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1655842)
- will be fixed around Feb 20.
- rsyslog version updated to 8.24.0, regressing on issue #1537
- AWS Light stemcell has incorrect name once imported
- BOSH SSH does not work on BOSH Lite
Changes:
- Add more auditd rules
- Fix CentOS initramfs to load necessary kernel modules
- Disable boot loader login
- Increasing tcp_max_sync_backlog
- Disabling any DSA host keys
- Add `bosh_sshers` group and assign it to vcap user
- Only allow users in `bosh_sshers` group to SSH
Agent:
- Log Agent API access events in CEF format to syslog (vcap.agent topic)
- Allow configuring swap size through `env.bosh.swap_size` (example: `env.bosh.swap_size: 0`)
- Prepare for SHA2 releases
- Allow setting fetching to work with base64 encoded user data
- Do not delaycompress in logrotate