Security notice: Meltdown and Spectre

Releases and other announcements.
Please don't post support questions here
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics. Do not add support questions to threads here, use the appropriate support forum instead.
User avatar
clem
Level 12
Level 12
Posts: 4303
Joined: Wed Nov 15, 2006 8:34 am
Contact:

Security notice: Meltdown and Spectre

Post by clem »

Image
User avatar
vicium artis
Level 1
Level 1
Posts: 13
Joined: Mon Jan 08, 2018 5:09 am
Location: Europe/Croatia

Re: Security notice: Meltdown and Spectre

Post by vicium artis »

Excuse me but on my native language they assure me that tha does not involve me but your link is confusing because the same thing is combined with ubuntu so can you clarify to someone who obviously cant figure it out, why those patches are here and for what they stand for..?

Especially when on FAQ is said "yes you probably are affected"

AMD/INTEL/ARM based devices etc..stealing from us potentially passwords and other private things..?
CPU: Dual Core 11th Gen Intel Core i3-1115G4
Kernel: 5.15.0-41-generic x86_64
Storage: 476.94 GiB (3.6% used)
Mem: 1551.5/7692.2 MiB (20.2%)
stavpup
Level 1
Level 1
Posts: 29
Joined: Tue Jan 09, 2018 10:18 am

Re: Security notice: Meltdown and Spectre

Post by stavpup »

Make sure you enable "always show kenel updates" in the update manager :roll:
User avatar
vicium artis
Level 1
Level 1
Posts: 13
Joined: Mon Jan 08, 2018 5:09 am
Location: Europe/Croatia

Re: Security notice: Meltdown and Spectre

Post by vicium artis »

stavpup wrote:Make sure you enable "always show kenel updates" in the update manager :roll:
well it is shown but not as "always select securitiy/trusted") i am more satisfied with default kernel than with wersion proposed by update manager and somehow i think it is better to stick with the one that work better
CPU: Dual Core 11th Gen Intel Core i3-1115G4
Kernel: 5.15.0-41-generic x86_64
Storage: 476.94 GiB (3.6% used)
Mem: 1551.5/7692.2 MiB (20.2%)
ergosolvo

Re: Security notice: Meltdown and Spectre

Post by ergosolvo »

vicium artis wrote:
stavpup wrote:Make sure you enable "always show kenel updates" in the update manager :roll:
well it is shown but not as "always select securitiy/trusted") i am more satisfied with default kernel than with wersion proposed by update manager and somehow i think it is better to stick with the one that work better
This is a critical security update, because of Meltdown and Spectre, effecting EVERYONE, so the Mint team has pushed the update to EVERYONE, including those who have have been holding back some updates. They are pushing it to you because it is essential for your security. Normal kernel updates are often trivial, and I normally go with "If it aint broken, don't fix it", but Sir this is broken, and the only way to start fixing it is to install this update. I suggest installing this update, keep your preferred update settings, and know that the Mint team will only push higher level updates when they are absolutely necessary.

Best regards,
ErgoSolvo
ergosolvo

Re: Security notice: Meltdown and Spectre

Post by ergosolvo »

Has the live/install ISO been updated with these patches? I often run a live version of Mint to make repairs and sometimes that involves researching on the web or temporarily installing programs. Will this leave by devices vulnerable during live usb use or when updating during an install?

With appreciation,
ErgoSolvo

Update: Never mind. I didn't think this through before asking. I have self-realized the complications of Mint 18.x being implicated with Ubuntu's 16.04lts.
Last edited by ergosolvo on Thu Jan 11, 2018 5:22 am, edited 1 time in total.
momist
Level 4
Level 4
Posts: 248
Joined: Mon May 21, 2012 3:30 pm
Location: Lancashire, Northwest England

Re: Security notice: Meltdown and Spectre

Post by momist »

Just a note to say that I've updated my Mint 18.3 Cinnamon kernel to 4.13.0-26 today, as offered by the Update Manager. It seems to be working OK on my machine, YMMV.
Note to those not used to doing kernel updates: they will not take effect until the machine has had a restart.
momist : a follower of the Greek god Momer.
Hank New Bee
Level 2
Level 2
Posts: 86
Joined: Thu Aug 27, 2015 5:32 pm

Re: Security notice: Meltdown and Spectre

Post by Hank New Bee »

Today I updated my kernel to 4.13.0-26. It booted OK but the VirtualBox I had obtained from the repository stopped working. Trying to use VirtualBox resulted in a hung computer, requiring a hard reboot. I didn't check much else, but rather reverted to 4.10.0-42, and now everything is working fine. I did not remove 4.13.0, just left it as inactive. My system is Mint Cinnamon 18.3 and otherwise up to date. Hardware is Dell Inspiron, 8GB RAM, Intel Core I7 processor. Hopefully the kernel updates for Meltdown and Spectre will soon be cleaned up a bit.
rpgman

Re: Security notice: Meltdown and Spectre

Post by rpgman »

I updated my kernel to 4.13.0-26.

Using a Toshiba Satellite L775.

So far so good, everything is working fine.

Linux xxxxxx-Satellite-L775 4.13.0-26-generic #29~16.04.2-Ubuntu SMP Tue Jan 9 22:00:44 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

DISTRIB_ID=LinuxMint
DISTRIB_RELEASE=18.3
DISTRIB_CODENAME=sylvia
DISTRIB_DESCRIPTION="Linux Mint 18.3 Sylvia"
NAME="Linux Mint"
VERSION="18.3 (Sylvia)"
ID=linuxmint
ID_LIKE=ubuntu
PRETTY_NAME="Linux Mint 18.3"
VERSION_ID="18.3"
HOME_URL="http://www.linuxmint.com/"
SUPPORT_URL="http://forums.linuxmint.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/linuxmint/"
VERSION_CODENAME=sylvia
UBUNTU_CODENAME=xenial
cat: /etc/upstream-release: Is a directory
Jim Hauser

Re: Security notice: Meltdown and Spectre

Post by Jim Hauser »

Hank New Bee wrote:Today I updated my kernel to 4.13.0-26. It booted OK but the VirtualBox I had obtained from the repository stopped working. Trying to use VirtualBox resulted in a hung computer, requiring a hard reboot. I didn't check much else, but rather reverted to 4.10.0-42, and now everything is working fine. I did not remove 4.13.0, just left it as inactive. My system is Mint Cinnamon 18.3 and otherwise up to date. Hardware is Dell Inspiron, 8GB RAM, Intel Core I7 processor. Hopefully the kernel updates for Meltdown and Spectre will soon be cleaned up a bit.
The repository Virtual Box is outdated. I followed the experts advice and downloaded a more current version (Version 5.2.2 r119230 (Qt5.6.1)) from here:

https://www.virtualbox.org/wiki/Downloads

It is not the most current edition but it works fine with the 4.13.0-26 kernel on MINT KDE 18.3
weslowsk
Level 2
Level 2
Posts: 88
Joined: Wed Jun 23, 2010 1:06 am

Re: Security notice: Meltdown and Spectre

Post by weslowsk »

My update to kernel 4.13.0-26 was unsuccessful. It resulted in a black screen on boot up.

Someone else has reported this over at Ubuntu forums:

https://ubuntuforums.org/showthread.php?t=2382209

Is there a thread on the Linux Mint forums already addressing this issue?
User avatar
vicium artis
Level 1
Level 1
Posts: 13
Joined: Mon Jan 08, 2018 5:09 am
Location: Europe/Croatia

Re: Security notice: Meltdown and Spectre

Post by vicium artis »

ergosolvo wrote:
vicium artis wrote:
stavpup wrote:Make sure you enable "always show kenel updates" in the update manager :roll:
well it is shown but not as "always select securitiy/trusted") i am more satisfied with default kernel than with wersion proposed by update manager and somehow i think it is better to stick with the one that work better
This is a critical security update, because of Meltdown and Spectre, effecting EVERYONE, so the Mint team has pushed the update to EVERYONE, including those who have have been holding back some updates. They are pushing it to you because it is essential for your security. Normal kernel updates are often trivial, and I normally go with "If it aint broken, don't fix it", but Sir this is broken, and the only way to start fixing it is to install this update. I suggest installing this update, keep your preferred update settings, and know that the Mint team will only push higher level updates when they are absolutely necessary.

Best regards,
ErgoSolvo
Thank you for your answer i did it but i had manually remove the generic one 4.10.38 from synaptic because it did not take effect when i did install through update manager.I did sudo grub-install/update-grub and then the proposed one is the only now in grub..i did not notice nor improvements nor worsening..
CPU: Dual Core 11th Gen Intel Core i3-1115G4
Kernel: 5.15.0-41-generic x86_64
Storage: 476.94 GiB (3.6% used)
Mem: 1551.5/7692.2 MiB (20.2%)
Longbottom

Re: Security notice: Meltdown and Spectre

Post by Longbottom »

Hi!

2 questions about the kernel update:

- What is the difference between HWE and LTS? That is: which should I use? I use 18.3 MATE, updated in-system from 18.0.
- It says that there were problems with "4.4.0-108 issues in particular were fixed since in 4.4.0-109". What does this mean? Are the issues in 108 fixed, or should I rather use 109?

SInce this is such an important security update, I would be happy for clearer communication from the Mint team. Not everyone "lives" with mint - many people like me just use it since it works well, but don't know the technical side of it. Easy, step by step instructions are simple to write, and help so many people!
User avatar
Moem
Level 22
Level 22
Posts: 16226
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Security notice: Meltdown and Spectre

Post by Moem »

Longbottom wrote:Easy, step by step instructions are simple to write, and help so many people!
Hi Longbottom,
While I disagree that easy instructions are easy to write, I feel that Xenopeek has done a pretty good job here, so I suggest that you check it out and see if you feel the same way. These instructions tell you explicitly which kernels to use.

If you read somewhere that 'issues with X were fixed in Y', that generally means that you should use Y and not X. A fixed version of X is a different version and so it gets a new number; in this example, Y.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Longbottom

Re: Security notice: Meltdown and Spectre

Post by Longbottom »

Thanks for the link! I will check it out immediately.
elmarts
Level 4
Level 4
Posts: 245
Joined: Mon Aug 08, 2016 6:46 pm

Re: Security notice: Meltdown and Spectre

Post by elmarts »

Tried the kernal update via UKCC, and on bootup got a set of error messages that went by too fast to see, then got my Mate desktop, but my second monitor was gone, and the kernal could not identify my main monitor as anything other than unknown. So I rebooted into 4.10, and all works well again. Something is not quite right with the 4.13 on my hardware -

Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
NVIDIA GeForce GTX 1060 6GB
Motherboard ASRock H170M PRO4
BIOS American Megatrends Inc. version P7.10

BTW - how do I get Mint to give me a hardware scan? (edit - found it: inxi -F)
- Elmar
Dual boot win 10 & Linux Mint
Release Linux Mint 21.3 Virginia 64-bit
Kernel Linux 5.15.0-91-generic x86_64
MATE 1.26.0
rlwa32

Re: Security notice: Meltdown and Spectre

Post by rlwa32 »

The guidance in the blog advises to unconditionally update NVIDIA drivers to 384.111. However, when I check the NVIDIA website for the latest drivers for my GeForce 8500GT the currently installed 340.102 drivers are identified as the latest available.

Is this a timing issue with NVIDIA or should the blog guidance be clarified?
Mattyboy

Re: Security notice: Meltdown and Spectre

Post by Mattyboy »

Can confirm 4.4.0-109 killed this system. Cinnamon crash unrecoverable. Reverted back.

Code: Select all

$ inxi -Fxz
System:    Host: eric-To-be-filled-by-O-E-M Kernel: 3.19.0-32-generic x86_64 (64 bit gcc: 4.8.2)
           Desktop: Cinnamon 2.8.8 (Gtk 3.10.8~8+qiana)
           Distro: Linux Mint 17.3 Rosa
Machine:   System: Gigabyte product: N/A
           Mobo: Gigabyte model: 970A-UD3P v: x.x
           Bios: American Megatrends v: F1 date: 08/06/2013
CPU:       Hexa core AMD FX-6300 Six-Core (-MCP-) cache: 12288 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm) bmips: 42193
           clock speeds: max: 3500 MHz 1: 1400 MHz 2: 2000 MHz 3: 2000 MHz
           4: 1400 MHz 5: 1400 MHz 6: 1400 MHz
Graphics:  Card: Advanced Micro Devices [AMD/ATI] Curacao XT [Radeon R7 370 / R9 270X/370 OEM]
           bus-ID: 01:00.0
           Display Server: X.Org 1.17.1 drivers: ati,fglrx (unloaded: fbdev,vesa,radeon)
           Resolution: 1280x1024@60.0hz
           GLX Renderer: AMD Radeon R9 200 Series
           GLX Version: 4.5.13399 - CPC 15.201.1151 Direct Rendering: Yes
Audio:     Card-1 Advanced Micro Devices [AMD/ATI] SBx00 Azalia (Intel HDA)
           driver: snd_hda_intel bus-ID: 00:14.2
           Card-2 Advanced Micro Devices [AMD/ATI] Cape Verde/Pitcairn HDMI Audio [Radeon HD 7700/7800 Series]
           driver: snd_hda_intel bus-ID: 01:00.1
           Sound: Advanced Linux Sound Architecture v: k3.19.0-32-generic
Network:   Card-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
           driver: r8169 v: 2.3LK-NAPI port: d000 bus-ID: 03:00.0
           IF: eth0 state: down mac: <filter>
           Card-2: Ralink RT2070 Wireless Adapter
           driver: rt2800usb v: 2.3.0 usb-ID: 002-002
           IF: wlan0 state: N/A mac: N/A
Drives:    HDD Total Size: 250.1GB (10.7% used)
User avatar
AndyMH
Level 21
Level 21
Posts: 13575
Joined: Fri Mar 04, 2016 5:23 pm
Location: Wiltshire

Re: Security notice: Meltdown and Spectre

Post by AndyMH »

Wasted about three hours this evening to get back to where I started from.

Running 18.3 cinnamon on a T430 (64bit), kernel 4.4.0-53. I've got virtualbox V5.0.40 (the one in the repositories) running win7. VB works fine (except for USB ports, that did work and now don't, but a different story for a different post).

Given comments in earlier posts about incompatibility between later kernels and VB5.0 I thought I would update VB before doing the kernel. Downloaded VB V5.2.4 - worked, also tried V5.2.2 - also worked. BUT both versions would NOT work in seamless mode. Instead of seeing the windows taskbar above mint's panel all I got was a thin grey line. Click where the win icon is to open up the win menu, menu opens but it's just grey. Ended up reverting back to VB 5.0.40 and reinstalling via the s/w manager.

So, anybody know if I upgrade the kernel will this problem go away with the later 5.2+ versions of VB? Also echo earlier post, what's LTS and HWE, and should I switch from the 4.4 series kernel to 4.13?

And finally, given comments in the press (that on some systems the security fixes could result in a 30% performance hit), will these updates slow down the machine?

EDIT - well worked some things out, LTS = long term stable and HWE = hardware enabled, which sounds like the latest bleeding edge kernel with latest h/w drivers. Can confirm that 4.13.0.26 works, but not with virtualbox which hangs and only way out is to power off. Currently now running 4.4.0-53 generic and about to try 4.4.0-109 which is the latest showing in the 4.4 series. Note - to switch kernels on boot hold down the shift key to bring up grub and advanced options gives a list of available kernels to boot from - learning quite a lot today.

EDIT2 - now running 4.4.0-109 and it works with the version of virtualbox in the repositories (V5.0.40). Have removed 4.13.0.26 from my system. Can't say my first experience messing around with kernels has been painless.
Thinkcentre M720Q - LM21.3 cinnamon, 4 x T430 - LM21.3 cinnamon, Homebrew desktop i5-8400+GTX1080 Cinnamon 19.0
Lanser

Re: Security notice: Meltdown and Spectre

Post by Lanser »

The major HW Manufacturers have released / (will release) patched UEFI BIOS's for their main stream products.
If the BIOS is patched, is an updated Kernel still a priority ?
Lanser
Locked

Return to “Releases & Announcements”