I see a patch here: https://lkml.org/lkml/2017/12/4/709
Due to the severity of the exploit, will this patch be rolled into PureOS asap?
Also, please keep your browsers updated people, Firefox 57.0.4 has a temp fix: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
Thanks, I should have checked the blog!
To anyone with an existing installation - running:
sudo apt-get update && sudo apt-get upgrade
and
sudo apt-get full-upgrade
will only update the OS to protect against Meltdown. For Spectre (specifically variant 2), you also need to install microcodes, which involves adding a non-free Intel repo and running update commands. Instructions here:
I’ve done this step to protect against variant 2, but now when I boot my machine, my hard drive buzzes, and sometimes shuts down the laptop. Anyone else having this issue?
What is the expected microcode version?
After applying the update as described is this post
I get
cat /proc/cpuinfo | grep microcode
microcode : 0xc2
microcode : 0xc2
microcode : 0xc2
microcode : 0xc2
and
uname -a
Linux <computer_name> 4.14.0-3-amd64 #1 SMP Debian 4.14.13-1 (2018-01-14) x86_64 GNU/Linux
But a Spectre & Meltdown checker script tells me that I might still be vulnerable:
So how can I ensure that the microcode update is correct?