Linux

Instructions for how to update common Linux distributions with the fixes for Spectre and Meltdown can be found below.

After the update, verify again that browser and kernel have the minimal required version.

Check Tool

For Linux there are scripts that verify if both vulnerabilities are fixed on a system. Download the script spectre-meltdown-checker.sh (originally from here) and run it as root.

Microcode Updates

For Linux Intel also provides the CPU microcode in form of files. These microcode files provide additional functionality for newer CPUs that is required for resolving the Spectre issue. They can be downloaded from here:

Please read the releasenote file for details. Newer versions will probably follow in quick succession as Intel is fixing more and more old CPUs.

Intel has retracted the latest updates because some computers may have problems. ISG has deployed them on all servers and not found issues so far.

Red Hat Enterprise Linux

Upgrade your system with the following shell command as root

yum upgrade -y all
yum install -y microcode_ctl

and reboot the system if a new kernel package was installed.

For isginf managed workstations running Red Hat Enterprise Linux Workstation you can also simply reboot the system to install updates on startup.

For isginf managed servers running Red Hat Enterprise Linux isginf is taking care of the updates together with the ITCs.

Ubuntu

Updates are available only for 16.04 and 17.10 and newer. Other versions should be upgraded or re-installed with a supported version.

The 4.4.0-108.131 kernel for 16.04 apparently causes a lot of issues. Please skip it and directly update to the 4.4.0-109.132 kernel.

Upgrade your system with the following shell command:

sudo apt-get -y update  
sudo apt-get -y dist-upgrade
sudo apt-get -y install intel-microcode

and reboot the system if a new linux-... package was installed.

Fedora

Upgrade your system with the following shell command as root

dnf -y --refresh update
dnf -y install microcode_ctl

and reboot the system if a new kernel package was installed.

Page URL: https://www.isg.inf.ethz.ch/bin/view/Main/NewsSecurityMeltdownSpectreLinux
2019-09-18
© 2019 Eidgenössische Technische Hochschule Zürich