These days, everyone knows about the Meltdown and Spectre flaws which affect all the modern CPUs, including all Intel CPUs from the past decade, and certain ARM64 and AMD CPUs in case of Spectre. The team behind the Linux Mint project is warning users and giving useful recommendations on how to secure your Linux Mint machine.
If you are not aware about the Meltdown and Spectre vulnerabilities, we have covered them in detail in these two articles:
Advertisеment
- Microsoft is rolling out emergency fix for Meltdown and Spectre CPU flaws
- Here are Windows 7 and 8.1 fixes for Meltdown and Spectre CPU flaws
In short, both Meltdown and Spectre vulnerabilities allow a process to read the private data of any other process, even from outside a virtual machine. This is possible due to Intel's implementation of how their CPUs prefetch data. This cannot be fixed by patching the OS only. The fix involves updating the OS kernel, as well as a CPU microcode update and possibly even a UEFI/BIOS/firmware update for some devices, to fully mitigate the exploits.
Main recommendation, as expected, is to install all updates available to the OS.
Browsers
Updates include the recently released Firefox 57.0.4. This version of the browser has extra protection against the mentioned threats. Both attacks rely on precise timing, so disabling or reducing the precision of several time sources in Firefox helps. Refer to the following article: Firefox 57.0.4 released with Meltdown and Spectre attack workaround.
Note: If you are a Chromium/Google Chrome user, the fix for your browser is expected in the upcoming version 64. Currently, you can quickly secure the browser by enabling the Full Site Isolation feature. See the article Secure Google Chrome against Meltdown and Spectre vulnerabilities
The Opera browser has the same the Full Site Isolation feature. Type the address opera://flags/?search=enable-site-per-process in the address bar and enable the flag to protect yourself against the vulnerabilities.
Drivers
The second suggestion for Linux Mint users is to install NVIDIA drivers version 384.111 if you are using the proprietary drivers. In Linux Mint 17.x and 18.x, this update is available in the Update Manager. Linux Mint Debian Edition users can download the drivers from the NVIDIA Website.
Linux Kernel
The team is working to release an updated kernel for Linux Mint 18.x and Linux Mint 17.x. As of this writing, only the Debian edition of the OS has got the updated kernel, which is 3.16.51-3+deb8u1.
Generally, if you install all the available updates as soon as they become available, then you are protected. Since these vulnerabilities can be exploited using just JavaScript in the browser, consider avoiding untrusted web sites or keep JavaScript disabled or whitelisted using add-ons like NoScript for Firefox or ScriptBlock for Google Chrome/Chromium-based browsers.
That's it.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!
Advertisеment
You just mentioned “Linux kernel” twice..
Remove duplicate Drivers and Linux Kernel sections.
Thanks guys, fixed!