Tableau Software is evaluating the vulnerabilities disclosed on January 4th, 2018: Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715)

 

The Tableau Software security team is investigating how these vulnerabilities may or may not manifest in Tableau products.

 

 

2018-01-05 Update:

On-Premise Products:

The Tableau Software security team is investigating how these vulnerabilities may or may not manifest in Tableau products. Be sure to update your operating systems according to your patching and security program requirements.  See "Additional Resources" below.

 

Tableau Online and Public:

Tableau Operations team is working to apply the published patches for these vulnerabilities in Tableau Online and Public infrastructure. No customer action is required.

 

2018-02-22 Update:

On-Premise Products:

The Tableau Software security team has identified areas within Tableau products that may run untrusted JavaScript and are possibly vulnerable to Spectre-related side-channel attacks. Please see the following important security bulletin for more information: [Important] ADV-2018-002: Spectre Vulnerability in Tableau Desktop and Tableau Server

 

Tableau Online and Public:

The Tableau Operations team is continuing to monitor vendor responses to these vulnerabilities and apply updates as they are released. The maintenance release containing the above Tableau product patch has been applied in all Online environments. No customer action is required.

 

Additional Resources:

For more information on these vulnerabilities and their remediation, see: