OH RUDDY HECK. This whole Spectre/Meltdown extravaganza isn’t exactly making waves outside the tech industry and it’s being quietly patched from within, but inside, it’s like someone just announced La La Land for Best Picture.
This time it’s Canonical, makers of Ubuntu. The company was one of the first to patch its operating system. But then it all went a bit wrong.
Users of 16.04 LTS Xenial Xerus started to complain that they, like some AMD users with Windows, weren’t able to boot after the update (4.4.0-108) and could only fix the problem with a rollback, citing a problem with the previous kernel image.
No worries though. Ever quick off the mark, Canonical has released a new patch – this one has a new kernel image 4.4.0-109.
The latest advisory reads:
“USN-3522-1 fixed a vulnerability in the Linux kernel to address
Meltdown (CVE-2017-5754). Unfortunately, that update introduced
a regression where a few systems failed to boot successfully. This
update fixes the problem.
We apologise for the inconvenience.”
The Meltdown/Spectre vulnerabilities which have caused a less than happy new year for Intel in particular, which has an intrinsic physical flaw in many of its chips that can’t be fixed, only patched at a software level, are causing an ongoing headache.
IBM is preparing to release its own patches and firmware upgrades, while AMD that has been affected less seriously, should be fully patched very quickly.
Nvidia has added that it, too is affected and is working to roll out updates, and the Linux Mint distro is patched up to kernel 3.16. A fix for 3.17 and 3.18 is incoming so stay tuned.
It’s worth remembering that, for example, if you have a gaming machine with an Intel CPU, a Nvidia GPU and two partitions, you need to get both patches for both partitions before you’re completely safe.
This is the problem – you can’t fix the chip. Every chip that is vulnerable will always be vulnerable. It’s how they interact with the rest of the machine that gets changed at a software level, and that will take more than just one patch.
Thankfully, so far, it doesn’t appear that either vulnerability has been exploited. µ
Source : Inquirer