Linux Mint security notice on Meltdown and Spectre

Martin Brinkmann
Jan 10, 2018
Linux
|
7

A security notice was posted on the official Linux Mint blog on January 9, 2017. It informs users of the Linux distribution about the recently discovered security issues in modern processors called Meltdown and Spectre, and how these affect Linux Mint.

The notice contains instructions to protect Linux Mint systems from potential attacks that target the vulnerabilities. It covers web browsers, Nvidia drivers, and the Linux kernel.

Mozilla Firefox is the default web browser on Linux Mint. The team suggests that users upgrade to Firefox 57.0.4 which shipped recently. Firefox 57.0.4 mitigates the vulnerabilities by disabling or reducing the precision of time sources that attacks rely on. If the update is not picked up by the Update Manager, try switching sources.

Google has not yet updated Chrome. A consequence of that is that any other Chromium-based browser is also not protected at the time. A workaround for users of a Chromium-based browser is to enable Strict Site Isolation in the browser.

strict site isolation

Strict Site Isolation is an experimentation feature of Chromium that you need to enable in the following way:

  1. Type chrome://flags in the address bar and hit the Enter-key.
  2. Use the search at the top to locate Strict Site Isolation.
  3. Select Enable.
  4. Restart the web browser.

This works in most Chromium-based browsers including Google Chrome, Opera and Vivaldi.

Linux Mint systems with proprietary Nvidia drivers should upgrade the drivers to version 384.111. The updates are available in the Linux Mint Update Manager. Linux Mint Debian systems require an update as well which can be downloaded from the Nvidia website.

Work on an updated Linux kernel has started for Linux Mint 17.x and Linux Mint 18.x but the team did not reveal when the updated kernel will become available.

Linux Mint Debian systems can get the kernel upgrade already through the Update Manager. The kernel has the version 3.16.51-3+deb8u1.

Other updates should become available in the future as well. The Linux Mint team suggests that users create a backup of personal data, use daily system snapshots, and apply security updates when they become available.

 

Summary
Linux Mint security notice on Meltdown and Spectre
Article Name
Linux Mint security notice on Meltdown and Spectre
Description
A security notice was posted on the official Linux Mint blog on January 9, 2017. It informs users of the Linux distribution about the recently discovered security issues in modern processors called Meltdown and Spectre, and how these affect Linux Mint.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. James said on January 13, 2018 at 8:01 pm
    Reply

    grep CONFIG_PAGE_TABLE_ISOLATION /boot/config-`uname -r` && \
    echo “patched :)” || echo “unpatched :(“

  2. dark said on January 11, 2018 at 1:05 pm
    Reply

    If you want to check for meltdown and spectre vulnerabilities on Linux. :)

    Download spectre-meltdown-checker.sh from here: github.com/speed47/spectre-meltdown-checker

    Then open terminal and “sudo sh spectre-meltdown-checker.sh” where you downloaded the file.

    1. Martin Brinkmann said on January 11, 2018 at 1:16 pm
      Reply
  3. dark said on January 10, 2018 at 11:49 pm
    Reply

    Linux Mint kernel update will become available when Canonical Ubuntu makes it available i guess.

  4. yossarian said on January 10, 2018 at 11:46 am
    Reply

    Palemoon is not affected with this timing thing :))
    http://bit.ly/2DePL44

    1. A different Martin said on January 12, 2018 at 10:55 pm
      Reply

      Pale Moon isn’t in Linux Mint’s repository — I seem to recall that it is in Arch’s — but the generic Pale Moon for Linux Installer (pminstaller) works great in Linux Mint for both installs and updates. (I don’t think I’ve ever used its uninstall routine.) And Pale Moon itself works great in Linux Mint. It’s still my default browser in Windows 7 and my preferred browser in Linux Mint.

  5. leanon said on January 10, 2018 at 8:40 am
    Reply

    I jumped to kernel 4.15 about 2 days after installing but that was just to see if it would break something..,it didnt. ): Do you happen to know what kernel is immune?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.