• Welcome to Peterborough Linux User Group (Canada) Forum.
 

Ubuntu updates released for Spectre and Meltdown CPU bugs

Started by Jason, January 10, 2018, 12:47:43 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Jason

In my screenshot below, it shows my Linux Mint 18.3 desktop with 3 pending updates. Click on it for a full-sized version. The top two are regarding the recent flaws revealed in processors with speculative processing and fix them and it also looks like they might also have code to handle the AMD issue, judging by the release notes.

Still, these are serious patches. The urgency is marked as low for them probably because there haven't been any vulnerabilities in the wild (yet), though the CVE rates this issue as Medium. But the bigger thing here is that the impact is 4. Note that the numbers used beside updates in LM isn't the priority, it's the impact on the system as a whole. And because these are kernel-related updates, things could break.

Apply them one at a time as recommended in the legend and do an image beforehand. I assume this means to apply an update and then reboot and use your computer enough to make sure it works before applying another update. With level 4 updates, I tend to just install one each day until they're all done. Timeshift, which comes with Linux Mint 18.3 is great for backing up an image, btw. But you could use Clonezilla if you prefer.

These updates are upstream from Ubuntu so other Ubuntu-derived distros should have them now, too.

This is one of the features I like about Linux Mint. Any other distro, you might apply all these patches together and not prepare an image backup beforehand and end up with an unbootable system. The impact level warns you of this.

* Zorin OS 17.1 Core and Windows 11 Pro on a Dell Precision 3630 Tower with an
i5-8600 3.1 GHz 6-core processor, dual 22" displays, 16 GB of RAM, 512 GB Nvme and a Geforce 1060 6 GB card
* Motorola Edge (2022) phone with Android 13

buster

Checked my up-to-date openSuse system. The kernel is a 4.4 variant! Just a wee bit behind. And it is the default. And auto updates (with notification) is set to on.

Just read - This is a long term kernel (or whatever), same as used in Mint, and it appears to be up to date.
Growing up from childhood and becoming an adult is highly overrated.

Jason

Yeah, it is. I forgot I updated my kernel a while back in LM to 4.13 series. I don't recall why :D But there are also updates for 4.4 kernel series.

You don't want to have auto-update on for at least the next little while unless it's just a VM (then you can do a snapshot before you apply them to roll back). You should apply these updates carefully and not carte-blanche unless you really just like living life dangerously.

I noticed now I have an update for microcode today but it's rated as impact 2.
* Zorin OS 17.1 Core and Windows 11 Pro on a Dell Precision 3630 Tower with an
i5-8600 3.1 GHz 6-core processor, dual 22" displays, 16 GB of RAM, 512 GB Nvme and a Geforce 1060 6 GB card
* Motorola Edge (2022) phone with Android 13

Jason

If you want the latest greatest OpenSUSE system, you have to use the Tumblewood version instead of Leap. It's rolling release like Arch is.
* Zorin OS 17.1 Core and Windows 11 Pro on a Dell Precision 3630 Tower with an
i5-8600 3.1 GHz 6-core processor, dual 22" displays, 16 GB of RAM, 512 GB Nvme and a Geforce 1060 6 GB card
* Motorola Edge (2022) phone with Android 13

Jason

Just noticed this Security Notice blog post on the Linux Mint site. Meltdown and Spectre are already forcing updates to several programs and the blog post talks about them. Expect lots more in the future. It also has some good advice at the bottom of the post which I'll share here:

QuoteGeneral Advice

Locally, you should backup your personal data and set up daily system snapshots (timeshift is recommended for that).

Apply security updates as they become available on all your devices.

Review any sensitive information stored online.

Stay away from 3rd party applications, proprietary in particular and do not visit websites you don’t trust on devices which haven’t been patched.

Consider securing access to your important data (your email account in particular) with 2 factor authentication.
* Zorin OS 17.1 Core and Windows 11 Pro on a Dell Precision 3630 Tower with an
i5-8600 3.1 GHz 6-core processor, dual 22" displays, 16 GB of RAM, 512 GB Nvme and a Geforce 1060 6 GB card
* Motorola Edge (2022) phone with Android 13