11.6.0 wasn't mentioned as vulnerable to Meltdown and Spectre?

Question

Dear all,&nbsp;
in the advisory from https://support.f5.com/csp/article/K91229003
11.6.0 WAS NOT mentioned to be affected. So, customer asked if his 11.6.0 isn't affected. I have advised customer to call F5 support for an official answer.&nbsp;
Anyone has any idea?&nbsp;
I wanted to say this version is not affected but I dare not confirm because it doesn’t make sense for a minor release (E.g. 11.6.1) be affected and yet its base version (11.6.0) isn’t affected. &nbsp;
This vulnerability is not a software vulnerability in F5, it’s a hardware feature in modern CPUs that can be exploited with malware. All modern computers with Intel chips reportedly produced in the last 10 years appear to be affected, including those running Windows and Linux. &nbsp;
F5 software 11.6.0 was released on 25-Aug-2014, definitely within 10 years of modern CPUs used appliances such as the 4000s.
(https://support.f5.com/csp/article/K9412)&nbsp;
&nbsp;
&nbsp;

jg · Answer

According to K5903: BIG-IP software support policy, 11.6.0 has past the "End of Life" date.&nbsp;

Forum Discussion

11.6.0 wasn't mentioned as vulnerable to Meltdown and Spectre?

1 Reply

Recent Discussions

Reliable resources for identifying IP addresses

Maximum throughput of f5 ltm

Issue on license renewal

iRule cookie persistence and pool redirect

redirect not working

Related Content

Lightboard Lessons: Explaining the Spectre and Meltdown Vulnerabilities

Coordinated Vulnerability Disclosure: A Balanced Approach

Meltdown and Spectre Web Application Risk Management

OWASP Automated Threats - OAT-014 Vulnerability Scanning

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server