11.6.0 wasn't mentioned as vulnerable to Meltdown and Spectre?

Question

Dear all,&nbsp;
in the advisory from https://support.f5.com/csp/article/K91229003
11.6.0 WAS NOT mentioned to be affected. So, customer asked if his 11.6.0 isn't affected. I have advised customer to call F5 support for an official answer.&nbsp;
Anyone has any idea?&nbsp;
I wanted to say this version is not affected but I dare not confirm because it doesn’t make sense for a minor release (E.g. 11.6.1) be affected and yet its base version (11.6.0) isn’t affected. &nbsp;
This vulnerability is not a software vulnerability in F5, it’s a hardware feature in modern CPUs that can be exploited with malware. All modern computers with Intel chips reportedly produced in the last 10 years appear to be affected, including those running Windows and Linux. &nbsp;
F5 software 11.6.0 was released on 25-Aug-2014, definitely within 10 years of modern CPUs used appliances such as the 4000s.
(https://support.f5.com/csp/article/K9412)&nbsp;
&nbsp;
&nbsp;

jg · Answer

According to K5903: BIG-IP software support policy, 11.6.0 has past the "End of Life" date.&nbsp;

Forum Discussion

11.6.0 wasn't mentioned as vulnerable to Meltdown and Spectre?

Recent Discussions

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

Related Content

Lightboard Lessons: Explaining the Spectre and Meltdown Vulnerabilities

Coordinated Vulnerability Disclosure: A Balanced Approach

Windows Critical RCE Vulnerability, Malicious Solana-py, and EDRKillShifter

Meltdown and Spectre Web Application Risk Management

Enhancing Software Security with Rust: A Solution to Common Vulnerabilities

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS