Keeping computer systems secure is one of those never ending tasks. You could be forgiven for thinking of it like "Painting the Forth Bridge". Most of the time it's 'put new software' in place, and you're good. Every now and then it’s, well, a bit more complicated.
The first week of January saw two flaws announced, called “Meltdown” and “Spectre.” Both involved the hardware at the heart of more or less every computing device on the planet – the processor. There is a great in-depth review of the two flaws here. You can also find some additional information in this blog by Red Hatter Jon Masters.
In the complex world of IT, keeping on top of security can be less painful with the help of an easy automation tool. One of our Ansible engineers, Sam Doran, has written a couple of Ansible plays to patch systems. While Meltdown and Spectre are not completely mitigated, we'd like to share these plays with you to demonstrate how to easily deploy the patches that are available; you can find them here:
If you make any improvements to them we'd welcome pull requests!