Security notice: Meltdown and Spectre

Security updates are now available for Meltdown and Spectre.

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.

If you haven’t already done so, please read “Meltdown and Spectre“.

These vulnerabilities are critical. They expose all memory data present on the computer to any application running locally (including to scripts run by your web browser).

Note: Meltdown and Spectre also affect smart phones and tablets. Please seek information on how to protect your mobile devices.

Firefox 57.0.4

Firefox was patched. Please use the Update Manager to upgrade it to version to 57.0.4.

https://usn.ubuntu.com/usn/usn-3516-1/

https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/

NVIDIA 384.111

If you are using the NVIDIA proprietary drivers, upgrade them to version 384.111.

In Linux Mint 17.x and 18.x, this update is available in the Update Manager.

In LMDE, it is available on the NVIDIA Website.

https://forums.geforce.com/default/topic/1033210/nvidias-response-to-speculative-side-channels-cve-2017-5753-cve-2017-5715-and-cve-2017-5754/

https://usn.ubuntu.com/usn/usn-3521-1/

Chrome Site Isolation

If you are using Google Chrome or Chromium, please follow the steps below:

  • Type chrome://flags in the address bar and press Enter.
  • Scroll down the page and find “Strict site isolation” and press the Enable button.
  • Restart the Chrome browser.

https://www.chromium.org/Home/chromium-security/ssca

Opera

If you are using the Opera browser, visit opera://flags/?search=enable-site-per-process, click Enable and restart Opera.

Linux Kernel

Please use the Update Manager to upgrade your Linux kernel.

The following versions were patched:

  • 3.13 series (Linux Mint 17 LTS): patched in 3.13.0-139
  • 3.16 series (LMDE): patched in 3.16.51-3+deb8u1
  • 4.4 series (Linux Mint 17 HWE and Linux Mint 18 LTS): patched in 4.4.0-108
  • 4.13 series (Linux Mint 18 HWE): patched in 4.13.0-25

Note: The current HWE series in Linux Mint 18 moved from 4.10 to 4.13.

Some users reported issues with early kernel updates (4.4.0-108 issues in particular were fixed since in 4.4.0-109). We strongly recommend you use Timeshift to create a system snapshot before applying the updates. Timeshift is installed by default in Linux Mint 18.3 and available in the repositories for all Linux Mint 17.x and 18.x releases.

https://security-tracker.debian.org/tracker/CVE-2017-5754

https://usn.ubuntu.com/usn/usn-3524-1/

https://usn.ubuntu.com/usn/usn-3522-2/

https://usn.ubuntu.com/usn/usn-3522-1/

Intel Microcode

Please use the Update Manager to upgrade intel-microcode to version 3.20180108.0.

Note: If intel-microcode isn’t installed on your computer, run the Driver Manager to see if it’s needed.

https://usn.ubuntu.com/usn/usn-3531-1/

Other Updates

Other updates should become available in the near future, make sure to often apply all security updates.

General Advice

Locally, you should backup your personal data and set up daily system snapshots (timeshift is recommended for that).

Check for available security updates often, and apply them as they become available. In your Update Manager these are marked with a red exclamation mark.

Review any sensitive information stored online.

Stay away from 3rd party applications, proprietary in particular and do not visit websites you don’t trust on devices which haven’t been patched.

Consider securing access to your important data (your email account in particular) with 2 factor authentication.