fixing Linux Mint 18.3 for Meltdown and Spectre

Chat about anything related to Linux Mint
wpshooter
Level 5
Level 5
Posts: 552
Joined: Sun May 22, 2011 8:06 am

fixing Linux Mint 18.3 for Meltdown and Spectre

Post by wpshooter » Fri Jan 05, 2018 10:15 am

Are there any steps that a Linux Mint 18.3 OS user needs to take to mitigate
Meltdown and Spectre threats other than applying the latest available BIOS
update for their computer (in my case DELL bios A17 - June 2017) and also applying all available
kernel updates for the default Linux kernel version for 18.3 ?

Thanks.

User avatar
ClixTrix
Level 5
Level 5
Posts: 747
Joined: Wed Dec 09, 2015 11:40 am
Location: Columbus, Ohio, USA

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by ClixTrix » Fri Jan 05, 2018 10:28 am

I'm keeping an eye on the Kernel development issues for this among other needs. The only current kernels are "Mainstream" and not available using Update Manager. I believe they have a fix for Meltdown, but not Spectre (yet). Last I looked at kernel.org, the patch was on 4.14.11 and 4.15-rc. It will take awhile to trickle down to the older kernels, but I expect it will get applied to current-LTS Ubuntu kernels first.

I would check periodically for kernel updates for 4.10 and 4.13. Update Manager should post them as a Security Update as well as the available kernel list.

When I last checked at Ubuntu, no changes yet.
Linux Mint 18.3 x64 Cinnamon Kernel 4.15.0-36-generic
Gigabyte GA-AB350M-D3H (F20) / Ryzen 5 1600 / Micron Ballistix Sport DDR4 2400 2x8GB / XFX HD5450-1GB
NVMe-SSD Samsung 960 EVO 250GB / SATA-HDD WD1600BEKT 160GB / SATA-SSD Toshiba OCZ VX500 512GB

User avatar
Sir Charles
Level 7
Level 7
Posts: 1832
Joined: Thu Jan 04, 2018 1:00 pm

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by Sir Charles » Fri Jan 05, 2018 10:36 am

ClixTrix wrote: The only current kernels are "Mainstream" and not available using Update Manager. I believe they have a fix for Meltdown, but not Spectre (yet). Last I looked at kernel.org. The patch was on 4.14.11 and 4.15-rc. It will take awhile to trickle down to the older kernels, but I expect it will get applied to current-LTS Ubuntu kernels first.
Do you think it is a good idea to run 4.14.11 while waiting for the patches to come for the kernels in the Update Manager?
regards
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

User avatar
ClixTrix
Level 5
Level 5
Posts: 747
Joined: Wed Dec 09, 2015 11:40 am
Location: Columbus, Ohio, USA

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by ClixTrix » Fri Jan 05, 2018 10:45 am

I "had" a plan to adopt 4.14 because of Turbo support added for my Ryzen in that kernel. It's still getting heavily patched since release, so haven't used it yet. To install mainstream kernels, you can install the ukuu utility in Software Manager. That gives you a list of all kernels available from Ubuntu. Use that utility to install and remove the mainstream kernels from Ubuntu's repository.

If you decide to install and test 4.14.11 or newer, be sure to post any bug issues at kernel.org bugzilla.
Linux Mint 18.3 x64 Cinnamon Kernel 4.15.0-36-generic
Gigabyte GA-AB350M-D3H (F20) / Ryzen 5 1600 / Micron Ballistix Sport DDR4 2400 2x8GB / XFX HD5450-1GB
NVMe-SSD Samsung 960 EVO 250GB / SATA-HDD WD1600BEKT 160GB / SATA-SSD Toshiba OCZ VX500 512GB

User avatar
Pjotr
Level 20
Level 20
Posts: 10960
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by Pjotr » Fri Jan 05, 2018 10:47 am

Firefox 57.0.4 contains a (partial) fix for this:
https://www.mozilla.org/en-US/firefox/5 ... ox-browser

For the kernel: I advise to wait a few days. All supported kernel series will probably be patched this weekend.
Tip: 10 things to do after installing Linux Mint 19 Tara
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

wpshooter
Level 5
Level 5
Posts: 552
Joined: Sun May 22, 2011 8:06 am

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by wpshooter » Fri Jan 05, 2018 10:52 am

ClixTrix wrote:I'm keeping an eye on the Kernel development issues for this among other needs. The only current kernels are "Mainstream" and not available using Update Manager. I believe they have a fix for Meltdown, but not Spectre (yet). Last I looked at kernel.org, the patch was on 4.14.11 and 4.15-rc. It will take awhile to trickle down to the older kernels, but I expect it will get applied to current-LTS Ubuntu kernels first.

I would check periodically for kernel updates for 4.10 and 4.13. Update Manager should post them as a Security Update as well as the available kernel list.

When I last checked at Ubuntu, no changes yet.
Thanks for your reply.

If I am reading this correct, the kernel version for my 18.3 installation is 4.4.0-104-generic x86_64.
Is that older or newer than the 4.10 and 4.13 you refer to ?
If older, do I need to change to newer version or just wait ?
Thanks.

User avatar
Sir Charles
Level 7
Level 7
Posts: 1832
Joined: Thu Jan 04, 2018 1:00 pm

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by Sir Charles » Fri Jan 05, 2018 11:13 am

Pjotr wrote:Firefox 57.0.4 contains a (partial) fix for this:
https://www.mozilla.org/en-US/firefox/5 ... ox-browser

For the kernel: I advise to wait a few days. All supported kernel series will probably be patched this weekend.
Yes, you are right. There is probably no need to panic since I don't think I run the risk of an imminent attack.
Thanks for the tips on Firefox, I'll have look at it.
Do you know if there will be a fix for Chromium as well?
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

User avatar
Sir Charles
Level 7
Level 7
Posts: 1832
Joined: Thu Jan 04, 2018 1:00 pm

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by Sir Charles » Fri Jan 05, 2018 11:26 am

ClixTrix wrote: If you decide to install and test 4.14.11 or newer, be sure to post any bug issues at kernel.org bugzilla.
Actually I have 4.14.11 installed, but since I realized that it is not supported through Update Manager yet, I rolled back to 4.13.0-21 which is the most recent supported version. Anyhow, during the short while I was running 4.14.11 I didn't notice any problem and it seemed to work fine. Maybe I would give it a shot from time to time and if I run to any bugs I will surely post that.
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

wpshooter
Level 5
Level 5
Posts: 552
Joined: Sun May 22, 2011 8:06 am

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by wpshooter » Fri Jan 05, 2018 11:52 am

Am I correct that these security issues do NOT apply to 32 bit systems ?

Thanks.

User avatar
ClixTrix
Level 5
Level 5
Posts: 747
Joined: Wed Dec 09, 2015 11:40 am
Location: Columbus, Ohio, USA

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by ClixTrix » Fri Jan 05, 2018 11:55 am

Marziano wrote:
ClixTrix wrote: If you decide to install and test 4.14.11 or newer, be sure to post any bug issues at kernel.org bugzilla.
Actually I have 4.14.11 installed, but since I realized that it is not supported through Update Manager yet, I rolled back to 4.13.0-21 which is the most recent supported version. Anyhow, during the short while I was running 4.14.11 I didn't notice any problem and it seemed to work fine. Maybe I would give it a shot from time to time and if I run to any bugs I will surely post that.
Yeah, was thinking of trying 4.14.11 or 12. Just busy since the holidays. Thanks for the tip.
Linux Mint 18.3 x64 Cinnamon Kernel 4.15.0-36-generic
Gigabyte GA-AB350M-D3H (F20) / Ryzen 5 1600 / Micron Ballistix Sport DDR4 2400 2x8GB / XFX HD5450-1GB
NVMe-SSD Samsung 960 EVO 250GB / SATA-HDD WD1600BEKT 160GB / SATA-SSD Toshiba OCZ VX500 512GB

User avatar
ClixTrix
Level 5
Level 5
Posts: 747
Joined: Wed Dec 09, 2015 11:40 am
Location: Columbus, Ohio, USA

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by ClixTrix » Fri Jan 05, 2018 12:02 pm

wpshooter wrote:Am I correct that these security issues do NOT apply to 32 bit systems ? Thanks.
Problem exists on all Intel processors back to Pentium Pro (1995).
Linux Mint 18.3 x64 Cinnamon Kernel 4.15.0-36-generic
Gigabyte GA-AB350M-D3H (F20) / Ryzen 5 1600 / Micron Ballistix Sport DDR4 2400 2x8GB / XFX HD5450-1GB
NVMe-SSD Samsung 960 EVO 250GB / SATA-HDD WD1600BEKT 160GB / SATA-SSD Toshiba OCZ VX500 512GB

wpshooter
Level 5
Level 5
Posts: 552
Joined: Sun May 22, 2011 8:06 am

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by wpshooter » Fri Jan 05, 2018 1:29 pm

ClixTrix wrote:
wpshooter wrote:Am I correct that these security issues do NOT apply to 32 bit systems ? Thanks.
Problem exists on all Intel processors back to Pentium Pro (1995).
Some of the articles I have been reading regarding these problems "SEEMS" to indication
that it may be only on 64 bit processors, in one article it refers to "MODERN" processors but
is not really specific.

Thanks.

User avatar
Sir Charles
Level 7
Level 7
Posts: 1832
Joined: Thu Jan 04, 2018 1:00 pm

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by Sir Charles » Fri Jan 05, 2018 1:43 pm

wpshooter wrote: If I am reading this correct, the kernel version for my 18.3 installation is 4.4.0-104-generic x86_64.
Is that older or newer than the 4.10 and 4.13 you refer to ?
If older, do I need to change to newer version or just wait ?
If I am not mistaken, 18.3 comes with 4.10.38 as its default kernel. You can always install more recent kernel version through Update Manager > View > Linux kernels, without the older ones being removed from your system. The most recent supported version in the Update Manger is 4.13.0-21. I am not in a position to advise you for or against kernel upgrades, since it involves extensive modification of your system. Currently I am running 4.13.0-21 and up until now it seems to run fine on my rather low spec machine. It seems even to be running slightly more smoothly or at least that's my impression.
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

User avatar
ClixTrix
Level 5
Level 5
Posts: 747
Joined: Wed Dec 09, 2015 11:40 am
Location: Columbus, Ohio, USA

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by ClixTrix » Fri Jan 05, 2018 1:46 pm

I've seen the older pre-2000 processors mentioned in a number of articles. I think this article targets the exact cause and why.

https://arstechnica.com/gadgets/2018/01 ... s-patches/

Speculative execution is the problem and it was introduced back with the Pentium Pro in 1995....just as other articles have suggested, that's pre-x64.
Linux Mint 18.3 x64 Cinnamon Kernel 4.15.0-36-generic
Gigabyte GA-AB350M-D3H (F20) / Ryzen 5 1600 / Micron Ballistix Sport DDR4 2400 2x8GB / XFX HD5450-1GB
NVMe-SSD Samsung 960 EVO 250GB / SATA-HDD WD1600BEKT 160GB / SATA-SSD Toshiba OCZ VX500 512GB

User avatar
Sir Charles
Level 7
Level 7
Posts: 1832
Joined: Thu Jan 04, 2018 1:00 pm

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by Sir Charles » Fri Jan 05, 2018 2:07 pm

Very good, informative article, thanks for posting the link!
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

User avatar
ClixTrix
Level 5
Level 5
Posts: 747
Joined: Wed Dec 09, 2015 11:40 am
Location: Columbus, Ohio, USA

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by ClixTrix » Fri Jan 05, 2018 4:33 pm

For those running Chromium/Chrome, this feature helps against Spectre.

https://support.google.com/chrome/answer/7623121

Found it here:

http://fortune.com/2018/01/05/spectre-s ... -explorer/
Linux Mint 18.3 x64 Cinnamon Kernel 4.15.0-36-generic
Gigabyte GA-AB350M-D3H (F20) / Ryzen 5 1600 / Micron Ballistix Sport DDR4 2400 2x8GB / XFX HD5450-1GB
NVMe-SSD Samsung 960 EVO 250GB / SATA-HDD WD1600BEKT 160GB / SATA-SSD Toshiba OCZ VX500 512GB

User avatar
Pepi
Level 5
Level 5
Posts: 716
Joined: Wed Nov 18, 2009 7:47 pm

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by Pepi » Fri Jan 05, 2018 4:43 pm

Pjotr wrote:Firefox 57.0.4 contains a (partial) fix for this:
https://www.mozilla.org/en-US/firefox/5 ... ox-browser

For the kernel: I advise to wait a few days. All supported kernel series will probably be patched this weekend.
Wonder why this hasn't been released to us yet? I know I can get it but I like doing everything via Update Manger

User avatar
Sir Charles
Level 7
Level 7
Posts: 1832
Joined: Thu Jan 04, 2018 1:00 pm

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by Sir Charles » Fri Jan 05, 2018 4:58 pm

ClixTrix wrote:For those running Chromium/Chrome, this feature helps against Spectre.
https://support.google.com/chrome/answer/7623121
Found it here:
http://fortune.com/2018/01/05/spectre-s ... -explorer/
Do you think script blocker extensions can be of any help to some extent?
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

User avatar
ClixTrix
Level 5
Level 5
Posts: 747
Joined: Wed Dec 09, 2015 11:40 am
Location: Columbus, Ohio, USA

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by ClixTrix » Fri Jan 05, 2018 5:07 pm

Marziano wrote:Do you think script blocker extensions can be of any help to some extent?
Since the discussed vulnerability is via JavaScript, I suppose. However, most websites use JavaScript. I'd at least give the feature a chance, as Google was part of the team that discovered Spectre and Meltdown.

I've turned-on the "Strict-Site-Isolation" on my Chromium for now to see if that experimental feature has any problems.
Linux Mint 18.3 x64 Cinnamon Kernel 4.15.0-36-generic
Gigabyte GA-AB350M-D3H (F20) / Ryzen 5 1600 / Micron Ballistix Sport DDR4 2400 2x8GB / XFX HD5450-1GB
NVMe-SSD Samsung 960 EVO 250GB / SATA-HDD WD1600BEKT 160GB / SATA-SSD Toshiba OCZ VX500 512GB

User avatar
Sir Charles
Level 7
Level 7
Posts: 1832
Joined: Thu Jan 04, 2018 1:00 pm

Re: fixing Linux Mint 18.3 for Meltdown and Spectre

Post by Sir Charles » Fri Jan 05, 2018 5:25 pm

ClixTrix wrote: I've turned-on the "Strict-Site-Isolation" on my Chromium for now to see if that experimental feature has any problems.
I have done the same. We just have to wait and see what comes next.

"Chrome's JavaScript engine, V8, will include mitigations starting with Chrome 64, which will be released on or around January 23rd 2018. Future Chrome releases will include additional mitigations and hardening measures which will further reduce the impact of this class of attack. Additionally, the SharedArrayBuffer feature is being disabled by default. The mitigations may incur a performance penalty." (source: https://www.chromium.org/Home/chromium-security/ssca)
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

Post Reply

Return to “Chat about Linux Mint”