Dear all, While I don't want to be the paranoid one here, the situation here seems to demand it.
3 Days back the Register broke the story of a chip vulnerability - https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ While it seeked to paint only Intel, it is now learnt that the issue is across the board, i.e. Intel, AMD, ARM all have the same vulnerability It defeats or compromises KASLR which itself is just 4 years old technology. AFAIK it would need two solutions, one is the appropriate microcode for your chip architecture, I know Intel and AMD have the respective intel-microcode and amd64-microcode % aptitude search microcode p amd64-microcode - Processor microcode firmware for AMD CPUs i intel-microcode - Processor microcode firmware for Intel CPUs p microcode.ctl - Intel IA32/IA64 CPU Microcode Utility (transitional package) % apt-cache policy intel-microcode intel-microcode: Installed: 3.20171215.1 Candidate: 3.20171215.1 Version table: *** 3.20171215.1 100 1 http://httpredir.debian.org/debian unstable/non-free amd64 Packages 100 /var/lib/dpkg/status 3.20171117.1 900 900 http://httpredir.debian.org/debian buster/non-free amd64 Packages According to Henrique it would take another week to have the whole thing on the microcode side of the things - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886367 On top of that you would need a newer kernel which mitigates some more of the effects. Techcrunch did a detailed blog post on the subject alongwith some idea of the timeline https://techcrunch.com/2018/01/03/kernel-panic-what-are-meltdown-and-spectre-the-bugs-affecting-nearly-every-computer-and-device/ The only good thing is that it doesn't increase any remote attack vector than before but it does mean that people should be more circumspect about any software they download at least till the next couple of weeks when kernel updates and cpu-microcodes should take some of the steam off. The bad news is that it will take some of the performance of the table but that is to be expected. An interesting side-story which has developed also talks about the current Intel CEO's doings https://techcrunch.com/2018/01/04/after-meltdown-and-spectre-revelation-questions-arise-about-timing-of-intel-ceos-stock-sales/ Hope everybody does the right thing, get the latest microcodes and update your kernel as fast as you can. -- Regards, Shirish Agarwal शिरीष अग्रवाल My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8 _______________________________________________ plug-mail mailing list plug-mail@plug.org.in http://list.plug.org.in/listinfo/plug-mail
