Linux Mint security notice on Meltdown and Spectre
A security notice was posted on the official Linux Mint blog on January 9, 2017. It informs users of the Linux distribution about the recently discovered security issues in modern processors called Meltdown and Spectre, and how these affect Linux Mint.
The notice contains instructions to protect Linux Mint systems from potential attacks that target the vulnerabilities. It covers web browsers, Nvidia drivers, and the Linux kernel.
Mozilla Firefox is the default web browser on Linux Mint. The team suggests that users upgrade to Firefox 57.0.4 which shipped recently. Firefox 57.0.4 mitigates the vulnerabilities by disabling or reducing the precision of time sources that attacks rely on. If the update is not picked up by the Update Manager, try switching sources.
Google has not yet updated Chrome. A consequence of that is that any other Chromium-based browser is also not protected at the time. A workaround for users of a Chromium-based browser is to enable Strict Site Isolation in the browser.
Strict Site Isolation is an experimentation feature of Chromium that you need to enable in the following way:
- Type chrome://flags in the address bar and hit the Enter-key.
- Use the search at the top to locate Strict Site Isolation.
- Select Enable.
- Restart the web browser.
This works in most Chromium-based browsers including Google Chrome, Opera and Vivaldi.
Linux Mint systems with proprietary Nvidia drivers should upgrade the drivers to version 384.111. The updates are available in the Linux Mint Update Manager. Linux Mint Debian systems require an update as well which can be downloaded from the Nvidia website.
Work on an updated Linux kernel has started for Linux Mint 17.x and Linux Mint 18.x but the team did not reveal when the updated kernel will become available.
Linux Mint Debian systems can get the kernel upgrade already through the Update Manager. The kernel has the version 3.16.51-3+deb8u1.
Other updates should become available in the future as well. The Linux Mint team suggests that users create a backup of personal data, use daily system snapshots, and apply security updates when they become available.