Spectre & Meltdown: Linux devs respond
Linux machines are susceptible to the flaws in their processors, and distro makers were quick to issue patches.
The scale of the Spectre and Meltdown flaws are worrying, but the response by software developers has at least been reassuring. Systems running Linux are vulnerable to the flaws, but the community has been working hard to mitigate the issues, with numerous kernel updates being released. For people running Linux distributions using the standard kernel on x86 hardware, you should make sure you have an updated kernel. If you’re comfortable doing so, getting a release candidate (RC) update from the main kernel tree will enable you to have the most up-to-date patches (at the time of writing 4.15-rc9 is the most current release). If you’re sticking to stable kernels, make sure you have at least 4.14.15. If you’re using LTS kernels, 4.4.113+ and 4.9.78+ are the ones to make sure you have installed.
For ARM64 hardware, 4.16-rc1 is worth installing, and if you’re running Android, check out the common Android Kernel tree at https:// android.googlesource.com/kernel/common. These patches include mitigations for Meltdown.
Spectre is a bit trickier, but in the middle of January Kernel 4.15-rc8 was released, which included the Retpoline coding technique created by Google to mitigate against the flaw. According to Google on its Security blog ( https://security. googleblog.com/2018/01/more-details-aboutmitigations-for-cpu_4.html), Retpoline is a binary modification technique that protects against “branch target injection” attacks. More can be read about Retpoline at https://support.google.com/ faqs/answer/7625886. Various distros have commented on the Spectre and Meltdown, as well as issuing their own mitigations, including Mint ( http://bit.ly/mintfix), Fedora ( http://bit.ly/fedora-fix) and Ubuntu ( http://bit.ly/ubuntu-fix).