These days, everyone knows about the Meltdown and Spectre flaws which affect all the modern CPUs, including all Intel CPUs from the past decade, and certain ARM64 and AMD CPUs in case of Spectre. The team behind the Linux Mint project is warning users and giving useful recommendations on how to secure your Linux Mint machine.
If you are not aware about the Meltdown and Spectre vulnerabilities, we have covered them in detail in these two articles:
- Microsoft is rolling out emergency fix for Meltdown and Spectre CPU flaws
- Here are Windows 7 and 8.1 fixes for Meltdown and Spectre CPU flaws
In short, both Meltdown and Spectre vulnerabilities allow a process to read the private data of any other process, even from outside a virtual machine. This is possible due to Intel's implementation of how their CPUs prefetch data. This cannot be fixed by patching the OS only. The fix involves updating the OS kernel, as well as a CPU microcode update and possibly even a UEFI/BIOS/firmware update for some devices, to fully mitigate the exploits.
Main recommendation, as expected, is to install all updates available to the OS.
Updates include the recently released Firefox 57.0.4. This version of the browser has extra protection against the mentioned threats. Both attacks rely on precise timing, so disabling or reducing the precision of several time sources in Firefox helps. Refer to the following article: Firefox 57.0.4 released with Meltdown and Spectre attack workaround.
Note: If you are a Chromium/Google Chrome user, the fix for your browser is expected in the upcoming version 64. Currently, you can quickly secure the browser by enabling the Full Site Isolation feature. See the article Secure Google Chrome against Meltdown and Spectre vulnerabilities
The Opera browser has the same the Full Site Isolation feature. Type the address
opera://flags/?search=enable-site-per-process in the address bar and enable the flag to protect yourself against the vulnerabilities.
The second suggestion for Linux Mint users is to install NVIDIA drivers version 384.111 if you are using the proprietary drivers. In Linux Mint 17.x and 18.x, this update is available in the Update Manager. Linux Mint Debian Edition users can download the drivers from the NVIDIA Website.
The team is working to release an updated kernel for Linux Mint 18.x and Linux Mint 17.x. As of this writing, only the Debian edition of the OS has got the updated kernel, which is 3.16.51-3+deb8u1.