https://news.softpedia.com/news/debian- ... 6047.shtml
The Debian Project has released patched versions of its Linux kernel and intel-microcode packages for the stable Debian GNU/Linux 9 "Stretch" operating system series to address the recently disclosed Intel MDS security vulnerabilities.
On May 14th, Intel disclosed four new security vulnerabilities affecting several of its Intel CPUs, which could allow attackers to leak sensitive information if the system remains unpatched. Intel has worked with major OS vendors and device manufactures to quickly deploy feasible solutions for mitigating these flaws, and now patches are available for users of the Debian GNU/Linux 9 "Stretch" operating system series.
The Debian Project urges all users of the stable Debian GNU/Linux 9 "Stretch" operating system series to update their installations as soon as possible to the latest Linux kernel version 4.9.168-1+deb9u2 and intel-microcode firmware 3.20190514.1~deb9u1. To fully mitigate these new security vulnerabilities, both packages need to be installed on your Debian GNU/Linux 9 "Stretch" computers.
Please note that the new intel-microcode version is only available in the Debian non-free repository, which you'll have to enable to patch your computer against the MSBDS, MFBDS, MLPDS and MDSUM (a.k.a. CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091) hardware vulnerabilities. The new Linux kernel update also includes a fix for a regression causing deadlocks inside the loopback driver.
All derivatives based on Debian Stretch (stable) are concerned.
Further reading :
https://news.softpedia.com/news/canonic ... 6031.shtml
Protecting your computer against Intel’s latest security flaw is easy, unless it isn’t
https://www.theverge.com/2019/5/17/1862 ... s-chromeos
Intel's Security Problems
Intel's Security Problems
Last edited by labbe5 on Wed 30 Oct 2019, 11:34, edited 1 time in total.
Soooo... the BIG question is how will Intel deal with this microcoode buffoonery on its newest MPU's/CPU's, and WHEN will such 'fully' patched processors come to market.
Regards
8Geee
Regards
8Geee
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
"Zuckerberg: a large city inhabited by mentally challenged people."
Intel's Security Problems
https://fudzilla.com/news/49677-intel-s ... going-away
Kroah-Hartman said that all the CPU bugs were potentially deadly for your security. RIDL and Zombieload, for example, can steal data across applications, virtual machines, even secure enclaves.
"The last is really funny, because [Intel Software Guard Extensions (SGX)] is what issupposed to be secure inside Intel chips [but, it turns out it's] really porous. You can see right through this thing."
To fix each problem as it pops up, you must patch both your Linux kernel and your CPU's BIOS and microcode. This is not a Linux problem, any operating system faces the same problem.
OpenBSD, a BSD Unix devoted to security first and foremost, Kroah-Hartman freely admits was the first to come up with what's currently the best answer for this class of security holes: Turn Intel's simultaneous multithreading (SMT) off and deal with the performance hit. Linux has adopted this method. But it's not enough, apparently. You must secure the operating system as each new way to exploit hyper-threading appears.
"The bad part of this is that you now must choose: Performance or security. And that is not a good option. If you are not using a supported Linux distribution kernel or a stable/long term kernel, you have an insecure system", Kroah-Hartman said.
Kroah-Hartman said that all the CPU bugs were potentially deadly for your security. RIDL and Zombieload, for example, can steal data across applications, virtual machines, even secure enclaves.
"The last is really funny, because [Intel Software Guard Extensions (SGX)] is what issupposed to be secure inside Intel chips [but, it turns out it's] really porous. You can see right through this thing."
To fix each problem as it pops up, you must patch both your Linux kernel and your CPU's BIOS and microcode. This is not a Linux problem, any operating system faces the same problem.
OpenBSD, a BSD Unix devoted to security first and foremost, Kroah-Hartman freely admits was the first to come up with what's currently the best answer for this class of security holes: Turn Intel's simultaneous multithreading (SMT) off and deal with the performance hit. Linux has adopted this method. But it's not enough, apparently. You must secure the operating system as each new way to exploit hyper-threading appears.
"The bad part of this is that you now must choose: Performance or security. And that is not a good option. If you are not using a supported Linux distribution kernel or a stable/long term kernel, you have an insecure system", Kroah-Hartman said.