[RndTbl] Horrific CPU flaws (Meltdown / Spectre)
Gilles Detillieux
grdetil at scrc.umanitoba.ca
Thu Jan 4 17:13:04 CST 2018
I just updated our Scientific Linux systems, which means the RHEL
updates are out too, and presumably CentOS updates are too or will be
shortly. These updates included firmware/microcode packages, which I'm
assuming are loaded on reboot as well. Some of the reports I read
suggested that you'd need to reflash your BIOS/UEFI firmware once the PC
manufacturers release these updates. Are those reports in error,
confusing the two types of firmware, or are we going to have to hunt
down PC or mobo-specific firmware updates for this whole debacle too?
On 2018-01-04 17:00, Trevor Cordes wrote:
> FYI, Fedora has just released the latest kernel that has initial
> mitigation for Meltdown. I'm sure other distros are doing likewise.
> It'll be interesting to see the performance hits we all take on this.
> Of course you'll have to reboot for the update to take effect. I
> suspect we'll see rapidfire releases of kernels for the next few
> weeks...
>
> P.S. Alan Cox has stated that the Spectre-type flaw (I think) could be
> triggered with a JS attack, causing the browser to leak sensitive data
> outside the sandbox to malicious JS / websites. Proving once again we
> all need NoScript or equivalent.
--
Gilles R. Detillieux E-mail: <grdetil at scrc.umanitoba.ca>
Spinal Cord Research Centre WWW: http://www.scrc.umanitoba.ca/
Dept. of Physiology and Pathophysiology, Faculty of Health Sciences,
Univ. of Manitoba Winnipeg, MB R3E 0J9 (Canada)
More information about the Roundtable
mailing list