Security notice: Meltdown and Spectre

Releases and other announcements.
Please don't post support questions here
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics.Please do not add support questions to threads here,use the appropriate support forum instead
User avatar
clem
Level 12
Level 12
Posts: 4050
Joined: Wed Nov 15, 2006 8:34 am
Contact:

Security notice: Meltdown and Spectre

Post by clem » Tue Jan 09, 2018 2:22 pm

Image

User avatar
vicium artis
Level 1
Level 1
Posts: 9
Joined: Mon Jan 08, 2018 5:09 am
Location: Europe/Croatia

Re: Security notice: Meltdown and Spectre

Post by vicium artis » Wed Jan 10, 2018 12:45 pm

Excuse me but on my native language they assure me that tha does not involve me but your link is confusing because the same thing is combined with ubuntu so can you clarify to someone who obviously cant figure it out, why those patches are here and for what they stand for..?

Especially when on FAQ is said "yes you probably are affected"

AMD/INTEL/ARM based devices etc..stealing from us potentially passwords and other private things..?
Acer ES1-520
amd dual-core E-2500 (1.4Ghz)
amd radeon HD8240
4gb DDR3 l Memory
500GB HDD
LM 18.3 xfce/peppermintos

stavpup
Level 1
Level 1
Posts: 28
Joined: Tue Jan 09, 2018 10:18 am

Re: Security notice: Meltdown and Spectre

Post by stavpup » Wed Jan 10, 2018 2:37 pm

Make sure you enable "always show kenel updates" in the update manager :roll:

User avatar
vicium artis
Level 1
Level 1
Posts: 9
Joined: Mon Jan 08, 2018 5:09 am
Location: Europe/Croatia

Re: Security notice: Meltdown and Spectre

Post by vicium artis » Wed Jan 10, 2018 2:41 pm

stavpup wrote:Make sure you enable "always show kenel updates" in the update manager :roll:
well it is shown but not as "always select securitiy/trusted") i am more satisfied with default kernel than with wersion proposed by update manager and somehow i think it is better to stick with the one that work better
Acer ES1-520
amd dual-core E-2500 (1.4Ghz)
amd radeon HD8240
4gb DDR3 l Memory
500GB HDD
LM 18.3 xfce/peppermintos

ergosolvo
Level 1
Level 1
Posts: 2
Joined: Tue May 23, 2017 4:10 pm

Re: Security notice: Meltdown and Spectre

Post by ergosolvo » Wed Jan 10, 2018 5:13 pm

vicium artis wrote:
stavpup wrote:Make sure you enable "always show kenel updates" in the update manager :roll:
well it is shown but not as "always select securitiy/trusted") i am more satisfied with default kernel than with wersion proposed by update manager and somehow i think it is better to stick with the one that work better
This is a critical security update, because of Meltdown and Spectre, effecting EVERYONE, so the Mint team has pushed the update to EVERYONE, including those who have have been holding back some updates. They are pushing it to you because it is essential for your security. Normal kernel updates are often trivial, and I normally go with "If it aint broken, don't fix it", but Sir this is broken, and the only way to start fixing it is to install this update. I suggest installing this update, keep your preferred update settings, and know that the Mint team will only push higher level updates when they are absolutely necessary.

Best regards,
ErgoSolvo

ergosolvo
Level 1
Level 1
Posts: 2
Joined: Tue May 23, 2017 4:10 pm

Re: Security notice: Meltdown and Spectre

Post by ergosolvo » Wed Jan 10, 2018 5:25 pm

Has the live/install ISO been updated with these patches? I often run a live version of Mint to make repairs and sometimes that involves researching on the web or temporarily installing programs. Will this leave by devices vulnerable during live usb use or when updating during an install?

With appreciation,
ErgoSolvo

Update: Never mind. I didn't think this through before asking. I have self-realized the complications of Mint 18.x being implicated with Ubuntu's 16.04lts.
Last edited by ergosolvo on Thu Jan 11, 2018 5:22 am, edited 1 time in total.

momist
Level 3
Level 3
Posts: 154
Joined: Mon May 21, 2012 3:30 pm
Location: Lancashire, Northwest England

Re: Security notice: Meltdown and Spectre

Post by momist » Wed Jan 10, 2018 5:33 pm

Just a note to say that I've updated my Mint 18.3 Cinnamon kernel to 4.13.0-26 today, as offered by the Update Manager. It seems to be working OK on my machine, YMMV.
Note to those not used to doing kernel updates: they will not take effect until the machine has had a restart.
momist : a follower of the Greek god Momer.

Hank New Bee
Level 2
Level 2
Posts: 52
Joined: Thu Aug 27, 2015 5:32 pm

Re: Security notice: Meltdown and Spectre

Post by Hank New Bee » Wed Jan 10, 2018 7:18 pm

Today I updated my kernel to 4.13.0-26. It booted OK but the VirtualBox I had obtained from the repository stopped working. Trying to use VirtualBox resulted in a hung computer, requiring a hard reboot. I didn't check much else, but rather reverted to 4.10.0-42, and now everything is working fine. I did not remove 4.13.0, just left it as inactive. My system is Mint Cinnamon 18.3 and otherwise up to date. Hardware is Dell Inspiron, 8GB RAM, Intel Core I7 processor. Hopefully the kernel updates for Meltdown and Spectre will soon be cleaned up a bit.

rpgman
Level 1
Level 1
Posts: 3
Joined: Wed Jan 10, 2018 9:24 pm

Re: Security notice: Meltdown and Spectre

Post by rpgman » Wed Jan 10, 2018 9:43 pm

I updated my kernel to 4.13.0-26.

Using a Toshiba Satellite L775.

So far so good, everything is working fine.

Linux xxxxxx-Satellite-L775 4.13.0-26-generic #29~16.04.2-Ubuntu SMP Tue Jan 9 22:00:44 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

DISTRIB_ID=LinuxMint
DISTRIB_RELEASE=18.3
DISTRIB_CODENAME=sylvia
DISTRIB_DESCRIPTION="Linux Mint 18.3 Sylvia"
NAME="Linux Mint"
VERSION="18.3 (Sylvia)"
ID=linuxmint
ID_LIKE=ubuntu
PRETTY_NAME="Linux Mint 18.3"
VERSION_ID="18.3"
HOME_URL="http://www.linuxmint.com/"
SUPPORT_URL="http://forums.linuxmint.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/linuxmint/"
VERSION_CODENAME=sylvia
UBUNTU_CODENAME=xenial
cat: /etc/upstream-release: Is a directory

User avatar
Jim Hauser
Level 5
Level 5
Posts: 506
Joined: Mon Jun 30, 2014 10:08 pm
Location: Pascagoula, Mississippi

Re: Security notice: Meltdown and Spectre

Post by Jim Hauser » Wed Jan 10, 2018 10:39 pm

Hank New Bee wrote:Today I updated my kernel to 4.13.0-26. It booted OK but the VirtualBox I had obtained from the repository stopped working. Trying to use VirtualBox resulted in a hung computer, requiring a hard reboot. I didn't check much else, but rather reverted to 4.10.0-42, and now everything is working fine. I did not remove 4.13.0, just left it as inactive. My system is Mint Cinnamon 18.3 and otherwise up to date. Hardware is Dell Inspiron, 8GB RAM, Intel Core I7 processor. Hopefully the kernel updates for Meltdown and Spectre will soon be cleaned up a bit.
The repository Virtual Box is outdated. I followed the experts advice and downloaded a more current version (Version 5.2.2 r119230 (Qt5.6.1)) from here:

https://www.virtualbox.org/wiki/Downloads

It is not the most current edition but it works fine with the 4.13.0-26 kernel on MINT KDE 18.3

weslowsk
Level 1
Level 1
Posts: 41
Joined: Wed Jun 23, 2010 1:06 am

Re: Security notice: Meltdown and Spectre

Post by weslowsk » Thu Jan 11, 2018 1:19 am

My update to kernel 4.13.0-26 was unsuccessful. It resulted in a black screen on boot up.

Someone else has reported this over at Ubuntu forums:

https://ubuntuforums.org/showthread.php?t=2382209

Is there a thread on the Linux Mint forums already addressing this issue?

User avatar
vicium artis
Level 1
Level 1
Posts: 9
Joined: Mon Jan 08, 2018 5:09 am
Location: Europe/Croatia

Re: Security notice: Meltdown and Spectre

Post by vicium artis » Thu Jan 11, 2018 5:02 am

ergosolvo wrote:
vicium artis wrote:
stavpup wrote:Make sure you enable "always show kenel updates" in the update manager :roll:
well it is shown but not as "always select securitiy/trusted") i am more satisfied with default kernel than with wersion proposed by update manager and somehow i think it is better to stick with the one that work better
This is a critical security update, because of Meltdown and Spectre, effecting EVERYONE, so the Mint team has pushed the update to EVERYONE, including those who have have been holding back some updates. They are pushing it to you because it is essential for your security. Normal kernel updates are often trivial, and I normally go with "If it aint broken, don't fix it", but Sir this is broken, and the only way to start fixing it is to install this update. I suggest installing this update, keep your preferred update settings, and know that the Mint team will only push higher level updates when they are absolutely necessary.

Best regards,
ErgoSolvo
Thank you for your answer i did it but i had manually remove the generic one 4.10.38 from synaptic because it did not take effect when i did install through update manager.I did sudo grub-install/update-grub and then the proposed one is the only now in grub..i did not notice nor improvements nor worsening..
Acer ES1-520
amd dual-core E-2500 (1.4Ghz)
amd radeon HD8240
4gb DDR3 l Memory
500GB HDD
LM 18.3 xfce/peppermintos

Longbottom
Level 1
Level 1
Posts: 12
Joined: Mon Sep 05, 2016 10:26 am

Re: Security notice: Meltdown and Spectre

Post by Longbottom » Thu Jan 11, 2018 6:08 am

Hi!

2 questions about the kernel update:

- What is the difference between HWE and LTS? That is: which should I use? I use 18.3 MATE, updated in-system from 18.0.
- It says that there were problems with "4.4.0-108 issues in particular were fixed since in 4.4.0-109". What does this mean? Are the issues in 108 fixed, or should I rather use 109?

SInce this is such an important security update, I would be happy for clearer communication from the Mint team. Not everyone "lives" with mint - many people like me just use it since it works well, but don't know the technical side of it. Easy, step by step instructions are simple to write, and help so many people!

User avatar
Moem
Level 15
Level 15
Posts: 5618
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Security notice: Meltdown and Spectre

Post by Moem » Thu Jan 11, 2018 6:28 am

Longbottom wrote:Easy, step by step instructions are simple to write, and help so many people!
Hi Longbottom,
While I disagree that easy instructions are easy to write, I feel that Xenopeek has done a pretty good job here, so I suggest that you check it out and see if you feel the same way. These instructions tell you explicitly which kernels to use.

If you read somewhere that 'issues with X were fixed in Y', that generally means that you should use Y and not X. A fixed version of X is a different version and so it gets a new number; in this example, Y.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

Longbottom
Level 1
Level 1
Posts: 12
Joined: Mon Sep 05, 2016 10:26 am

Re: Security notice: Meltdown and Spectre

Post by Longbottom » Thu Jan 11, 2018 7:22 am

Thanks for the link! I will check it out immediately.

elmarts
Level 2
Level 2
Posts: 93
Joined: Mon Aug 08, 2016 6:46 pm

Re: Security notice: Meltdown and Spectre

Post by elmarts » Thu Jan 11, 2018 11:10 am

Tried the kernal update via UKCC, and on bootup got a set of error messages that went by too fast to see, then got my Mate desktop, but my second monitor was gone, and the kernal could not identify my main monitor as anything other than unknown. So I rebooted into 4.10, and all works well again. Something is not quite right with the 4.13 on my hardware -

Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
NVIDIA GeForce GTX 1060 6GB
Motherboard ASRock H170M PRO4
BIOS American Megatrends Inc. version P7.10

BTW - how do I get Mint to give me a hardware scan? (edit - found it: inxi -F)
- Elmar
Dual boot win 7 & Linux Mint 18.3 Silvia 64-bit
Kernel: 4.10.0-42-generic x86_64 (64 bit gcc: 5.4.0)
Desktop: MATE 1.18.0 (Gtk 3.18.9-1ubuntu3.3)

rlwa32
Level 1
Level 1
Posts: 32
Joined: Thu Aug 03, 2017 8:06 am

Re: Security notice: Meltdown and Spectre

Post by rlwa32 » Thu Jan 11, 2018 11:43 am

The guidance in the blog advises to unconditionally update NVIDIA drivers to 384.111. However, when I check the NVIDIA website for the latest drivers for my GeForce 8500GT the currently installed 340.102 drivers are identified as the latest available.

Is this a timing issue with NVIDIA or should the blog guidance be clarified?

Mattyboy
Level 5
Level 5
Posts: 922
Joined: Thu Mar 26, 2015 2:17 pm

Re: Security notice: Meltdown and Spectre

Post by Mattyboy » Thu Jan 11, 2018 4:39 pm

Can confirm 4.4.0-109 killed this system. Cinnamon crash unrecoverable. Reverted back.

Code: Select all

$ inxi -Fxz
System:    Host: eric-To-be-filled-by-O-E-M Kernel: 3.19.0-32-generic x86_64 (64 bit gcc: 4.8.2)
           Desktop: Cinnamon 2.8.8 (Gtk 3.10.8~8+qiana)
           Distro: Linux Mint 17.3 Rosa
Machine:   System: Gigabyte product: N/A
           Mobo: Gigabyte model: 970A-UD3P v: x.x
           Bios: American Megatrends v: F1 date: 08/06/2013
CPU:       Hexa core AMD FX-6300 Six-Core (-MCP-) cache: 12288 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm) bmips: 42193
           clock speeds: max: 3500 MHz 1: 1400 MHz 2: 2000 MHz 3: 2000 MHz
           4: 1400 MHz 5: 1400 MHz 6: 1400 MHz
Graphics:  Card: Advanced Micro Devices [AMD/ATI] Curacao XT [Radeon R7 370 / R9 270X/370 OEM]
           bus-ID: 01:00.0
           Display Server: X.Org 1.17.1 drivers: ati,fglrx (unloaded: fbdev,vesa,radeon)
           Resolution: 1280x1024@60.0hz
           GLX Renderer: AMD Radeon R9 200 Series
           GLX Version: 4.5.13399 - CPC 15.201.1151 Direct Rendering: Yes
Audio:     Card-1 Advanced Micro Devices [AMD/ATI] SBx00 Azalia (Intel HDA)
           driver: snd_hda_intel bus-ID: 00:14.2
           Card-2 Advanced Micro Devices [AMD/ATI] Cape Verde/Pitcairn HDMI Audio [Radeon HD 7700/7800 Series]
           driver: snd_hda_intel bus-ID: 01:00.1
           Sound: Advanced Linux Sound Architecture v: k3.19.0-32-generic
Network:   Card-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
           driver: r8169 v: 2.3LK-NAPI port: d000 bus-ID: 03:00.0
           IF: eth0 state: down mac: <filter>
           Card-2: Ralink RT2070 Wireless Adapter
           driver: rt2800usb v: 2.3.0 usb-ID: 002-002
           IF: wlan0 state: N/A mac: N/A
Drives:    HDD Total Size: 250.1GB (10.7% used)

User avatar
AndyMH
Level 4
Level 4
Posts: 302
Joined: Fri Mar 04, 2016 5:23 pm
Location: Wiltshire

Re: Security notice: Meltdown and Spectre

Post by AndyMH » Thu Jan 11, 2018 6:35 pm

Wasted about three hours this evening to get back to where I started from.

Running 18.3 cinnamon on a T430 (64bit), kernel 4.4.0-53. I've got virtualbox V5.0.40 (the one in the repositories) running win7. VB works fine (except for USB ports, that did work and now don't, but a different story for a different post).

Given comments in earlier posts about incompatibility between later kernels and VB5.0 I thought I would update VB before doing the kernel. Downloaded VB V5.2.4 - worked, also tried V5.2.2 - also worked. BUT both versions would NOT work in seamless mode. Instead of seeing the windows taskbar above mint's panel all I got was a thin grey line. Click where the win icon is to open up the win menu, menu opens but it's just grey. Ended up reverting back to VB 5.0.40 and reinstalling via the s/w manager.

So, anybody know if I upgrade the kernel will this problem go away with the later 5.2+ versions of VB? Also echo earlier post, what's LTS and HWE, and should I switch from the 4.4 series kernel to 4.13?

And finally, given comments in the press (that on some systems the security fixes could result in a 30% performance hit), will these updates slow down the machine?

EDIT - well worked some things out, LTS = long term stable and HWE = hardware enabled, which sounds like the latest bleeding edge kernel with latest h/w drivers. Can confirm that 4.13.0.26 works, but not with virtualbox which hangs and only way out is to power off. Currently now running 4.4.0-53 generic and about to try 4.4.0-109 which is the latest showing in the 4.4 series. Note - to switch kernels on boot hold down the shift key to bring up grub and advanced options gives a list of available kernels to boot from - learning quite a lot today.

EDIT2 - now running 4.4.0-109 and it works with the version of virtualbox in the repositories (V5.0.40). Have removed 4.13.0.26 from my system. Can't say my first experience messing around with kernels has been painless.
Thinkpad T430 i7-3632 Cinnamon 18.3, Thinkpad T410 Cinnamon 17.3, Thinkpad T60 18.0 Mate

User avatar
Lanser
Level 4
Level 4
Posts: 260
Joined: Mon Mar 08, 2010 5:12 am
Location: Salzburg Austria

Re: Security notice: Meltdown and Spectre

Post by Lanser » Fri Jan 12, 2018 12:13 pm

The major HW Manufacturers have released / (will release) patched UEFI BIOS's for their main stream products.
If the BIOS is patched, is an updated Kernel still a priority ?
Lanser
Please Don't Charge the Particles. It Only Gets Them Excited.

Locked

Return to “Releases & Announcements”