Spectre / Meltdown chip bugs and Linux?

PattiMichelle · January 18, 2018, 9:09pm

Does anyone know how the linux community has/is responding to this?
TY, Pattim

https://krebsonsecurity.com/2018/01/scary-chip-flaws-raise-spectre-of-meltdown/#more-42139
*
The Meltdown bug affects every Intel processor shipped since 1995 (with the exception of Intel Itanium and Intel Atom before 2013), although researchers said the flaw could impact other chip makers. Spectre is a far more wide-ranging and troublesome flaw, impacting desktops, laptops, cloud servers and smartphones from a variety of vendors.*

Patches to address this flaw in Linux systems were released last month.

deano_ferrari · January 18, 2018, 9:23pm

Yes, lots of discussion both here and outside the forums if you search. Some patches released already. Have you fully updated your system(s) yet?

https://news.opensuse.org/2018/01/04/current-status-opensuse-and-spectre-meltdown-vulnerabilities/

malcolmlewis · January 18, 2018, 9:26pm

Hi
Your about two weeks late… Updates have been done and released, still a few niggles around though. Might have to get microcode updates from your cpu vendor…

Worth a read;
http://forums.opensuse.org/showthread.php?t=528900
https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
https://www.suse.com/support/kb/doc/?id=7022512 (maybe slow if it’s being updated)
https://www.techarp.com/guides/complete-meltdown-spectre-cpu-list/

deano_ferrari · January 18, 2018, 9:27pm

Just one of a number of threads…
https://forums.opensuse.org/showthread.php/528929-CPU-critical-bugs-Meltdown-and-Spectre

PattiMichelle · January 18, 2018, 9:42pm

Thanks for the links, Malcom. I get confused by email chains and prefer such links.

PattiMichelle · January 18, 2018, 9:44pm

I still wish there was a “Security” forum on here…

Apparently these sorts of issues are highly regarded as threats to our global system…
http://reports.weforum.org/global-risks-2018/shareable-infographics/
http://reports.weforum.org/global-risks-2018/global-risks-2018-fractures-fears-and-failures/

malcolmlewis · January 18, 2018, 9:57pm

Hi
Realistically if someone has physical access to your hardware… nothing is safe…

Your more likely to have your details and information leaked by a third party…

PattiMichelle · January 19, 2018, 12:06am

The whole Win* and Mac infosphere is beyond fragile - I see it as sort of emblematic of the overall failure of the for-profit approach.
I shudder every time I see someone banking using a cell phone or Win/Mac.
And most of our banks are either Windows or Mac based, I think.

I was just curious how the linux infosphere was doing on this - Krebsonsecurity is all about Win/Mac, so it’s hard to get equivalently in-depth information for linux.

deano_ferrari · January 19, 2018, 1:01am

Apart from the mailing lists (which I tend not to frequent), here’s some good websites…

http://www.zdnet.com/topic/linux/
In particular
http://www.zdnet.com/article/major-linux-distros-have-meltdown-patches-but-thats-only-part-of-the-fix/

http://www.linuxsecurity.com/content/blogcategory/100/112/
In particular
http://www.linuxsecurity.com/content/view/209855/170/

https://www.linuxtoday.com/security/

Of general interest…
https://www.theverge.com/2018/1/11/16878670/meltdown-spectre-disclosure-embargo-google-microsoft-linux

ravas · January 23, 2018, 4:11am

http://kroah.com/log/blog/2018/01/19/meltdown-status-2/