marc.linster_enterprisedb.com's picture
Author: Marc Linster
1/5/2018

To our valued EDB Postgres subscribers:

By now, you have likely heard the recent news of the Meltdown and Spectre vulnerabilities. Almost every computing system — desktops, laptops, smartphones, and cloud servers — is affected by Spectre. Meltdown appears to be specific to chips made by Intel. Although such exploits are not directly related to EDB Postgres, we seek to be proactive by informing you of vulnerabilities that can be exploited on devices that may be running our software. For more details on these vulnerabilities, see https://meltdownattack.com.

EDB has been monitoring these developments closely because there is a risk that the Meltdown and Spectre vulnerabilities could be exploited for malicious purposes. The security of your EDB Postgres software is important to us and our team is proactively investigating any potential vulnerabilities that may affect you.

At this time, we are unaware of any successful attempts to exploit EDB Postgres using either the Meltdown or Spectre vulnerabilities. However, our priority is to identify and resolve any issues as quickly and practically as possible.

To mitigate your potential risk from these two vulnerabilities, we recommend the following:

Meltdown Vulnerability Remediation:
This vulnerability has already been addressed for most operating systems, including Linux, Windows, and macOS. We recommend you ensure you are running the most recent version of your operating system, and then apply the latest patch. We have observed that applying the Meltdown patch can result in a modest performance impact, but the extent of this impact will vary by workload.

Spectre Vulnerability Remediation:
Operating system vendors and hardware manufacturers are working on mitigating the impact of the Spectre vulnerability. We recommend that you continue to monitor updates from your OS vendor or system manufacturer and promptly apply any updates they provide as soon as they become available. Although EDB is not aware of any Postgres-specific exploits tied to Spectre at this time, we will continue to monitor developments closely given the potential impact of this vulnerability.

We remain committed to supporting you as more is learned about these vulnerabilities and as always, are here to help. Should you have any questions or concerns, please visit our Support page for complete contact information — https://www.enterprisedb.com/services/support — or email us at support@enterprisedb.com.

Sincerely,

Marc Linster, Ph.D.
Senior Vice President, Product Development
EnterpriseDB