[kwlug-disc] Meltown fix for Linux kernel

Bob Jonkman bjonkman at sobac.com
Mon Jan 22 17:51:43 EST 2018 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Um, Ubuntu and Debian both have packages "intel-microcode" that have
been a standard part of stable/updates for a long time, well before
the Spectre/Meltdown issues.

> Package: intel-microcode Version: 3.20180108.0~ubuntu16.04.2 
> Priority: extra Section: admin Origin: Ubuntu Maintainer: Ubuntu
> Developers <ubuntu-devel-discuss at lists.ubuntu.com> 
> Original-Maintainer: Henrique de Moraes Holschuh <hmh at debian.org> 
> Bugs: https://bugs.launchpad.net/ubuntu/+filebug Installed-Size:
> 1,507 kB Depends: iucode-tool (>= 1.0) Recommends: initramfs-tools
> (>= 0.113~) Conflicts: microcode.ctl (<< 0.18~0) Homepage:
> http://feeds.downloadcenter.intel.com/rss/?p=483&lang=eng 
> Supported: 5y Download-Size: 1,088 kB APT-Sources:
> http://mirror.csclub.uwaterloo.ca/ubuntu xenial-updates/main amd64
> Packages Description: Processor microcode firmware for Intel CPUs 
> This package contains updated system processor microcode for Intel
> i686 and Intel X86-64 processors.  Intel releases microcode updates
> to correct processor behavior as documented in the respective
> processor specification updates.

(yes, that's from the vulnerable one that's just been rolled back)

And if your were fortunate/clever enough to purchase AMD instead of
Intel then there's "amd64-microcode".

If you haven't been updating *-microcode then your CPU will use the
original, burned-in microcode, full of bugs present at original
manufacturing (unless you've been updating your BIOS/UEFI, which may
have supplied microcode patches for you).

I recommend that you install the *-microcode package (at the current
revision level), especially in today's environment of rampant hardware
vulnerabilities.

There's an explanation of how Debian handles microcode:
https://wiki.debian.org/Microcode

- --Bob, who is about to embark on another round of patching servers.



On 2018-01-22 04:23 PM, Khalid Baheyeldin wrote:
> On Mon, Jan 22, 2018 at 4:17 PM, Chris Irwin <chris at chrisirwin.ca>
> wrote:
> 
>> The Redhat issue was due to the intel microcode, as you
>> mentioned. At least on RHEL/CentOS/Fedora, this is not shipped in
>> the kernel, but in a separate package (microcode_ctl) which has
>> no dependency on kernel version. So you might be bitten by this
>> even if you did pin your kernel.
>> 
> 
> I don't have any packages installed with 'microcode' or 'intel' in
> their name (apart from the xorg and drm stuff).
> 
> So, this has not affected any of my desktops or servers, yet.
> 
> I run Ubuntu on everything.
> 
> 
> 
> _______________________________________________ kwlug-disc mailing
> list kwlug-disc at kwlug.org 
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> 

- -- 
Bob Jonkman <bjonkman at sobac.com>          Phone: +1-519-635-9413
SOBAC Microcomputer Services             http://sobac.com/sobac/
Software   ---   Office & Business Automation   ---   Consulting
GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Ensure confidentiality, authenticity, non-repudiability

iEYEARECAAYFAlpmavcACgkQuRKJsNLM5epzLACfYgTfDBNrKedNvz9u0V9SPofI
dZMAoNWMQFU5utWa8y4kx0qhnBlubnkb
=lakt
-----END PGP SIGNATURE-----

More information about the kwlug-disc mailing list