Meltdown and Spectre security updates

Google researchers discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.

To avoid the security risk, please performs a complete kernel and software upgrade. Depending on the nature of the work loads, performance penalty might occur from the Spectre patches. Please refer to this detailed Phoronix benchmark for further information. For Windows, please prefer to this latest Microsoft blog.

Note: A distribution upgrade is required if the system runs a very old version of Fedora Core. This might trigger new technical issue(s) such as graphic driver incompatibility for out of date Nvidia card. For assistance, please contact techsupport@aslab.com prior to performing the updates.

Note: A motherboard BIOS update is required to fix Spectre Variant 2 bug. Please contact techsupport@aslab.com for further information.

Fedora Core 26/27

The security patch for Meltdown (PAGE_TABLE_ISOLATION) has been released under kernel 4.14.11-200. To verify the current kernel version, run 'uname -a'. To update the kernel and the required packages, perform these steps:

$ sudo systemctl set-default multi-user.target
$ sudo dnf update
$ sudo reboot

After Linux boots into a text console, log in and test the X server by running 'startx'. If the X Server starts properly, restore the graphical logging:

$ sudo systemctl set-default graphical.target

Note: The step above is not required if the system always boot into the text mode.

CentOS 7.4

The security patch for Meltdown has been released under kernel 3.10.0-693.11.6.el7. To verify the current kernel version, run 'uname -a'. To update the kernel and the required packages, perform these steps:

$ sudo systemctl set-default multi-user.target
$ sudo yum update
$ sudo reboot

After Linux boots into a text console, log in and test the X server by running 'startx'. If the X Server starts properly, restore the graphical logging:

$ sudo systemctl set-default graphical.target

Note: The step above is not required if the system always boot into the text mode.

CentOS 6.9

The security patch for Meltdown has been released under kernel 2.6.32-696.18.7.el6. To verify the current version, run 'uname -a'. To update the kernel and the required packages, perform these steps:

$ sudo systemctl set-default multi-user.target
$ sudo yum update
$ sudo reboot

After Linux boots into a text console, log in and test the X server by running 'startx'. If the X Server starts properly, restore the graphical logging:

$ sudo systemctl set-default graphical.target

Note: The step above is not required if the system always boot into the text mode.

Ubuntu 16.04 LTS

The security patch for Meltdown has been released under kernel 4.13.0-26-generic. Firefox and Nvidia binary driver have also been updated. Latest information can be found here.

To install the security updates, please refer to this documentation.