Choose style:

Author Topic: #SpectreAndMeltdown  (Read 2129 times)

0 Members and 1 Guest are viewing this topic.

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5262
  • Karma: 942
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
#SpectreAndMeltdown
« on: January 05, 2018, 11:52:22 pm »
2018 Jan 04: Canonical publicly communicates the planned update schedule




Quote
At its heart, this vulnerability is a CPU hardware architecture design issue.  But there are billions of affected hardware devices, and replacing CPUs is simply unreasonable.  As a result, operating system kernels — Windows, MacOS, Linux, and many others — are being patched to mitigate the critical security vulnerability.

Ubuntu users of the 64-bit x86 architecture (aka, amd64) can expect updated kernels by the original January 9, 2018 coordinated release date, and sooner if possible. 

Updates will be available for:
  • Ubuntu 17.10 (Artful) — Linux 4.13 HWE
  • Ubuntu 16.04 LTS (Xenial) — Linux 4.4 (and 4.4 HWE)
  • Ubuntu 14.04 LTS (Trusty) — Linux 3.13
  • Ubuntu 12.04 ESM** (Precise) — Linux 3.2
Note that an Ubuntu Advantage license is required for the 12.04 ESM kernel update, as Ubuntu 12.04 LTS is past its end-of-life

Ubuntu 18.04 LTS (Bionic) will release in April of 2018, and will ship a 4.15 kernel, which includes the KPTI patchset as integrated upstream.
« Last Edit: January 06, 2018, 12:10:30 am by VinDSL, Reason: Addendum »

Offline DAMIEN1307

  • Member
  • ***
  • Posts: 154
  • Karma: 11
  • non illigitamus carborundum est
    • View Profile
  • Peppermint version(s): Peppermint 8.5 (Respin) 64 bit
Re: #SpectreAndMeltdown
« Reply #1 on: January 06, 2018, 12:19:44 am »
i have taken note that the 4.10 series kernels that many of us are using is not mentioned in this forthcoming kernel security update...DAMIEN
ORDO AB CHAO

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5262
  • Karma: 942
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: #SpectreAndMeltdown
« Reply #2 on: January 06, 2018, 12:22:00 am »
NOTE: I've been running the Linux 4.13 HWE Kernel in Peppermint 7 for awhile now, with zero problems.

That's the route I'll continue to go ...  ;)


Spoiler (click here to view / hide)
╭─vindsl@Boogaloo-5 ~ 
╰─➤  inxi -v1
System:    Host: Boogaloo-5 Kernel: 4.13.0-22-generic x86_64 (64 bit)
           Desktop: N/A Distro: Peppermint Seven
CPU:       Quad core Intel Core i5-3470 (-MCP-) speed/max: 3192/3600 MHz
Graphics:  Card: NVIDIA GK208 [GeForce GT 710B]
           Display Server: X.Org 1.19.5 drivers: nvidia (unloaded: fbdev,vesa,nouveau)
           Resolution: 1920x1080@60.00hz, 1920x1080@60.00hz, 2560x1080@60.00hz
           GLX Renderer: GeForce GT 710/PCIe/SSE2
           GLX Version: 4.6.0 NVIDIA 387.34
Drives:    HDD Total Size: 1250.3GB (11.4% used)
Info:      Processes: 204 Uptime: 7:10 Memory: 2250.8/15999.2MB
           Client: Shell (zsh) inxi: 2.2.35
[close]

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1825
  • Karma: 252
    • View Profile
Re: #SpectreAndMeltdown
« Reply #3 on: January 06, 2018, 12:23:27 am »
I'm on 4.14.12 kernel with KTPI patch on my Void box since a few hours ago.
Can't say I could notice any performance difference. But, I've not compiled anything from source.
Will be updating my Peppermint 7 system as soon as I have time!

Skickat från min SM-G900F via Tapatalk


Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25502
  • Karma: 2808
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: #SpectreAndMeltdown
« Reply #4 on: January 06, 2018, 03:33:29 pm »
i have taken note that the 4.10 series kernels that many of us are using is not mentioned in this forthcoming kernel security update...DAMIEN

Don't panic, the 4.4 HWE (where our 4.10 kernel comes from) will get the patches too.

Quote
Ubuntu users of the 64-bit x86 architecture (aka, amd64) can expect updated kernels by the original January 9, 2018 coordinated release date, and sooner if possible.  Updates will be available for:

    Ubuntu 17.10 (Artful) — Linux 4.13 HWE
    Ubuntu 16.04 LTS (Xenial) — Linux 4.4 (and 4.4 HWE)
    Ubuntu 14.04 LTS (Trusty) — Linux 3.13
    Ubuntu 12.04 ESM** (Precise) — Linux 3.2
« Last Edit: January 06, 2018, 04:34:20 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5262
  • Karma: 942
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: #SpectreAndMeltdown
« Reply #5 on: January 07, 2018, 10:05:50 am »
NOTE: I've been running the Linux 4.13 HWE Kernel in Peppermint 7 for awhile now, with zero problems.

   That's the route I'll continue to go ...  ;)   

Pin's comment (above) got me thinking about Linux 4.14.x

Greg Kroah-Hartman's musings (over here) convinced me.

Quote
<SNIP>

Right now, Linus’s kernel tree contains all of the fixes we currently know about to handle the Meltdown vulnerability for the x86 architecture. Go enable the CONFIG_PAGE_TABLE_ISOLATION kernel build option, and rebuild and reboot and all should be fine.

However, Linus’s tree is currently at 4.15-rc6 + some outstanding patches. 4.15-rc7 should be out tomorrow, with those outstanding patches to resolve some issues, but most people do not run a -rc kernel in a “normal” environment.

Because of this, the x86 kernel developers have done a wonderful job in their development of the page table isolation code, so much so that the backport to the latest stable kernel, 4.14, has been almost trivial for me to do. This means that the latest 4.14 release (4.14.12 at this moment in time), is what you should be running. 4.14.13 will be out in a few more days, with some additional fixes in it that are needed for some systems that have boot-time problems with 4.14.12 (it’s an obvious problem, if it does not boot, just add the patches now queued up.)

<SNIP>

If you rely on any other kernel tree other than 4.4, 4.9, or 4.14 right now, and you do not have a distribution supporting you, you are out of luck. The lack of patches to resolve the Meltdown problem is so minor compared to the hundreds of other known exploits and bugs that your kernel version currently contains. You need to worry about that more than anything else at this moment, and get your systems up to date first.

Also, go yell at the people who forced you to run an obsoleted and insecure kernel version, they are the ones that need to learn that doing so is a totally reckless act.

<SNIP>

Conclusion

Again, update your kernels, don’t delay, and don’t stop.
The updates to resolve these problems will be continuing to come for a long period of time. Also, there are still lots of other bugs and security issues being resolved in the stable and LTS kernel releases that are totally independent of these types of issues, so keeping up to date is always a good idea.


I updated all my machines to the Linux 4.14.12 Kernel yesterday, and it's all good, so that's the route I'll be taking ...   8)

Thx pin !
« Last Edit: January 07, 2018, 10:38:13 am by VinDSL, Reason: Added Emphasis »

Offline Slim.Fatz

  • Trusted User
  • Veteran
  • *****
  • Posts: 1755
  • Karma: 468
  • Where's the mouse?
    • View Profile
  • Peppermint version(s): Peppermint 7, 8.5 & 10 - 64bit
Re: #SpectreAndMeltdown
« Reply #6 on: January 07, 2018, 10:22:35 am »
Hi everyone,

I too have the Linux 4.14.12 kernel on my Peppermint 6 and Seven machines and can also say that it is running just perfectly for me. I guess I'll go on and put it on my Peppermint 8-Respins too.

Regards,

-- Slim  8)
"Life first -- Peppermint a close 2nd!" -- Zeb

Tread lightly: Fluxbox, JWM, i3, Openbox, awesome

Offline cfx795

  • Member
  • ***
  • Posts: 187
  • Karma: 7
  • cab driver and computer novice
    • View Profile
  • Peppermint version(s): 7
Re: #SpectreAndMeltdown
« Reply #7 on: January 08, 2018, 03:46:42 am »
I'm not sure what kernal I'm using. I'm running Peppermint 7. I will say that I have had my update manager preferences set so that it only gives me levels 1 and 2 updates, and I unchecked the box that said "always show security updates" because (as I remember) I was getting level 4 and 5 "security updates" which made no sense to me. Please let me know if there's something else I should be aware of, here, and doing differently. I don't recall seeing any updates popping up there in the last, say, 48hrs... thanks!

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1825
  • Karma: 252
    • View Profile
Re: #SpectreAndMeltdown
« Reply #8 on: January 08, 2018, 04:40:09 am »
To know the kernel you are running type
Code: [Select]
uname -a
or
Code: [Select]
uname -r
Peppermint 7 should be on 4.4.0-X, unless you've manually installed another kernel. I know my Peppermint 7 is on 4.4.0-104.
I would allow all updates, at least during the coming months! Or just run
Code: [Select]
sudo apt-get update
and
Code: [Select]
sudo apt-get dist-upgrade
every two days or so.
Ubuntu is releasing the patches today, I think!? tomorrow.
By the way, don't worry about the slowdown. As mentioned above, I've been using the patched kernel on my Void system for a few days now, and haven’t noticed any issues. Actually, the kernels in Void have been rolled out almost on a daily basis for the last 3 days, so far no issues. Currently on 4.14.12-3.
But, I haven’t compiled anything from source yet, so it might be that I'm missjudging the slowdown?!
« Last Edit: January 08, 2018, 05:27:57 am by pin »

Offline cfx795

  • Member
  • ***
  • Posts: 187
  • Karma: 7
  • cab driver and computer novice
    • View Profile
  • Peppermint version(s): 7
Re: #SpectreAndMeltdown
« Reply #9 on: January 08, 2018, 08:22:29 am »
Ok, thanks much. I think for know I'll just do the manual install in the terminal window that you suggested. I might start a new topic regarding the update manager, because I never really understood it.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25502
  • Karma: 2808
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: #SpectreAndMeltdown
« Reply #10 on: January 08, 2018, 08:58:07 am »
Personally I'd advise you stick with the default kernel and just await the patched kernel updates.

I'd also advise you re-enable level 3,4,and 5 updates .. there is going to be WAY more to this than a single kernel update.
(we chose the Ubuntu update policy rather than Mints precisely for scenarios like this)

Even more importantly, re-enable "always show security updates" as disabling it will stop ALL security updates.
« Last Edit: January 08, 2018, 09:04:33 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline scifidude79

  • Global Moderator
  • Hero
  • *****
  • Posts: 4029
  • Karma: 863
    • View Profile
  • Peppermint version(s): Peppermint 9
Re: #SpectreAndMeltdown
« Reply #11 on: January 08, 2018, 09:50:56 am »
I'm not sure what kernal I'm using. I'm running Peppermint 7. I will say that I have had my update manager preferences set so that it only gives me levels 1 and 2 updates, and I unchecked the box that said "always show security updates" because (as I remember) I was getting level 4 and 5 "security updates" which made no sense to me. Please let me know if there's something else I should be aware of, here, and doing differently. I don't recall seeing any updates popping up there in the last, say, 48hrs... thanks!

The level 4 and 5 thing is some weird thing that Mint does.  We only use their update manager, not their settings.  Those updates are NOT dangerous and every security update should always be installed.  Period.  Security updates are call that because they are updates to the security of your system.  Without those updates, your system's security could be compromised.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25502
  • Karma: 2808
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: #SpectreAndMeltdown
« Reply #12 on: January 08, 2018, 10:14:11 am »
Even Mint don't disable updates from the security repo .. erm do they ?, surely not that would be absurd.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline scifidude79

  • Global Moderator
  • Hero
  • *****
  • Posts: 4029
  • Karma: 863
    • View Profile
  • Peppermint version(s): Peppermint 9
Re: #SpectreAndMeltdown
« Reply #13 on: January 08, 2018, 11:26:50 am »
Even Mint don't disable updates from the security repo .. erm do they ?, surely not that would be absurd.

I don't think so, that wouldn't be a good move, though it's been too long since I ran Mint to be sure.

Offline cfx795

  • Member
  • ***
  • Posts: 187
  • Karma: 7
  • cab driver and computer novice
    • View Profile
  • Peppermint version(s): 7
Re: #SpectreAndMeltdown
« Reply #14 on: January 08, 2018, 04:14:14 pm »
Personally I'd advise you stick with the default kernel and just await the patched kernel updates.

I'd also advise you re-enable level 3,4,and 5 updates .. there is going to be WAY more to this than a single kernel update.
(we chose the Ubuntu update policy rather than Mints precisely for scenarios like this)

Even more importantly, re-enable "always show security updates" as disabling it will stop ALL security updates.

Ok. I guess that answers my questions, really. I sort of had the sneaking suspicion that this was what I should be doing, allowing all updates, but I wanted to hear it straight from folks more knowledgeable than myself, before I started enabling things with exotic labels like "unsafe" and "dangerous." I enabled 3, 4, and 5 and re-enabled all security updates. My system is up to date.
« Last Edit: January 08, 2018, 05:11:09 pm by cfx795 »