[PLUG] Meltdown, Spectre and Debian

shirish शिरीष shirishag75 at gmail.com
Fri Jan 5 23:10:30 IST 2018 

addition at bottom :-

On 05/01/2018, shirish शिरीष <shirishag75 at gmail.com> wrote:
> Dear all,
>
> While I don't want to be the paranoid one here, the situation here
> seems to demand it.
>
> 3 Days back the Register broke the story of a chip vulnerability -
>
> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>
> While it seeked to paint only Intel, it is now learnt that the issue
> is across the board, i.e. Intel, AMD, ARM all have the same
> vulnerability
>
> It defeats or compromises KASLR which itself is just 4 years old
> technology.
>
> AFAIK it would need two solutions, one is the appropriate microcode
> for your chip architecture, I know Intel and AMD have the respective
> intel-microcode and amd64-microcode
>
> % aptitude search microcode
> p   amd64-microcode
>              - Processor microcode firmware for AMD CPUs
> i   intel-microcode
>              - Processor microcode firmware for Intel CPUs
> p   microcode.ctl
>              - Intel IA32/IA64 CPU Microcode Utility (transitional
> package)
>
> % apt-cache policy intel-microcode
> intel-microcode:
>   Installed: 3.20171215.1
>   Candidate: 3.20171215.1
>   Version table:
>  *** 3.20171215.1 100
>           1 http://httpredir.debian.org/debian unstable/non-free amd64
> Packages
>         100 /var/lib/dpkg/status
>      3.20171117.1 900
>         900 http://httpredir.debian.org/debian buster/non-free amd64
> Packages
>
>
> According to Henrique it would take another week to have the whole
> thing on the microcode side of the things -
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886367
>
> On top of that you would need a newer kernel which mitigates some more
> of the effects.
>
> Techcrunch did a detailed blog post on the subject alongwith some idea
> of the timeline
>
> https://techcrunch.com/2018/01/03/kernel-panic-what-are-meltdown-and-spectre-the-bugs-affecting-nearly-every-computer-and-device/
>
> The only good thing is that it doesn't increase any remote attack
> vector than before but it does mean that people should be more
> circumspect about any software they download at least till the next
> couple of weeks when kernel updates and cpu-microcodes should take
> some of the steam off.
>
> The bad news is that it will take some of the performance of the table
> but that is to be expected.
>
> An interesting side-story which has developed also talks about the
> current Intel CEO's doings
>
> https://techcrunch.com/2018/01/04/after-meltdown-and-spectre-revelation-questions-arise-about-timing-of-intel-ceos-stock-sales/
>
> Hope everybody does the right thing, get the latest microcodes and
> update your kernel as fast as you can.
>
> --
>           Regards,
>           Shirish Agarwal  शिरीष अग्रवाल
>   My quotes in this email licensed under CC 3.0
> http://creativecommons.org/licenses/by-nc/3.0/
> http://flossexperiences.wordpress.com
> EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8
>

See also -

https://lwn.net/Articles/743246/#Comments

-- 
          Regards,
          Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8

More information about the plug-mail mailing list