---

Security-Oriented Container Linux Gets Patched Against Latest Intel CPU Flaws

CoreOS Container Linux 2247.7.0 is here as the latest stable version of the security-oriented, minimal operating system for running containerized workloads securely and at scale, which was acquired by Red Hat last year and will soon become Fedora CoreOS. This release includes fixes for the CVE-2019-11135 and CVE-2018-12207 security vulnerabilities affecting Intel CPUs. According to the release notes, CoreOS Container Linux 2247.7.0 fixes Intel CPU disclosure of memory to user process, but the complete mitigation requires manually disabling TSX or SMT on affected processors. Additionally, is also fixes Intel CPU denial of service by a malicious guest VM, and a CFS scheduler bug throttling highly-threaded I/O-bound applications.