This willChange rapidly and may contain errors. I'm collecting notes on the patch status in various software products. or (both pages serve identical content)The bug is in the hardware, but mitigations in operating systems are possible and are gettingShipped now. Brought up the Screen Settings properties again, and the second screen Im seeing is. Today I will be taking a quick look at installing Citrix Receiver on Mac OS X (10.13, aka High Sierra).I have 2 different size monitors that I am using in dual monitor setup.Linux: Red Hat Check Script - get the latest version from the diagnose tab of the main Red Hat vulnerability article. Linux: Stéphane Lesimple put together a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs. Spectre & Meltdown Checkers
2018 Citrix Receiver 10.13.2 Ation Failed Code Demonstrating ALongterm support kernels Version 4.9.75 and 4.4.110 contain KPTI backports. Dag-Erling Smørgrav published a Meltdown PoC for FreeBSD.Is a mitigation in the Linux Kernel, originally named KAISER. The LSDS group at Imperial College London has published sample code demonstrating a Spectre-like attack against an Intel SGX enclave. In a recent tweet, Jann Horn (Google's Project Zero) has announced that the PoC code referenced in their recent blogpost about CPUs is now public. In a recent tweet, Moritz Lipp (Graz University of Technology) has announced the release of their PoC implementations for Meltdown. Microsoft Windows: See the Windows section in this document containing the link to the official Powershell script.Understanding the performance impact of Spectre and Meltdown mitigations on Windows SystemsMicrosoft has reports of some customers with AMD devices getting into an unbootable state after installing this KB. Protecting guest virtual machines from CVE-2017-5715 (branch target injection) Note: both links include a Powershell tool to query the status of Windows mitigations for CVE-2017-5715 (branch target injection) and CVE-2017-5754 (rogue data cache load). Windows Server Guidance and Windows Client Guidance. If you have experienced an unbootable state or for more information see KB4073707. Microsoft is working with AMD to resolve this issue and resume Windows OS security updates to the affected AMD devices via Windows Update and WSUS as soon as possible. Athlon and Sempron) at this time. Safari 11.0.2 for Mac OS X El Capitan 10.11.6 and macOS Sierra 10.12.6Based on the Apple's response posted here, Meltdown (CVE-2017-5754) is currently only addressed in iOS 11.2, macOS 10.13.2, and tvOS 11.2. macOS High Sierra 10.13.2 Supplemental Update Update to Disable Mitigation against Spectre, Variant 2Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown.Apple has released security improvements to Safari and WebKit to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715): Red Hat Check Script Get the latest version from the diagnose tab of the main Red Hat vulnerability article. Speculative Execution Exploit Performance Impacts - Describing the performance impacts to security patches for CVE-2017-5754 CVE-2017-5753 and CVE-2017-5715 This means that at this given time there are NO patches for 10.11.x (El Capitan) or 10.12.x (Sierra). The same can be said for Spectre (CVE-2017-5753 and CVE-2017-5715) and any updates for Safari. Best teleprompter program for macUbuntu (tl dr: Patches for Meltdown now available subsequent patches for Spectre are coming in the future before the kernels are pushed to official release branch)The first set of updates for 14.04 / 16.04 was broken on some systems, please make sure you update to the very latest kernel packages and avoid the broken ones.Release candidate kernels 4.4.x (Trusty HWE / Xenial GA) and 4.13.x (Xenial HWE-edge / Artful GA / Artful HWE) are now publicly available from a dedicated Launchpad PPA and currently contain patches for CVE-2017-5754 aka Meltdown, with support only some architactures. They contain the update to upstream 2.1-15.20180108 and include fix for Spectre. Fedora - Fixed in FEDORA-2018-8ed5eff2c0 (Fedora 26) and FEDORA-2018-22d5fa8a90 (Fedora 27).Fedora has pushed to testing new microcode_ctl packages for F26 and F27. 6 - CESA-2018:0008 (kernel), CESA-2018:0013 (microcode_ctl), CESA-2018:0024 (qemu-kvm), CESA-2018:0030 (libvirt) Details about CVE-2017-5753 (variant 1, aka "Spectre") Ubuntu Insights blog - Ubuntu Updates for the Meltdown / Spectre Vulnerabilities The migration will occur concurrently to the push of patched kernels to the main distribution repositories.In addition, Ubuntu 17.04, aka Zesty Zapus, will reach End Of Life on Sat and will not receive any kind kernel patch support. Announced that, in order to speed up the patching process for all supported distribution versions and branches, the 4.10.x Xenial HWE kernel will be migrated early to version 4.13.x, thus leaving no supported kernel branch exposed to vulnerabilities. "Spectre" mitigations are a work in progress. Debian: "Meltdown" fixed in stretch (4.9.65-3+deb9u2, DSA-4078-1), jessie (3.16.51-3+deb8u1, DSA-4082-1) and wheezy (3.2.96-3, DLA-1232-1). Details about CVE-2017-5754 (variant 3, aka "Meltdown") Auto-updated systems will receive the releases containing the patch on. CoreOS Container Linux: Fixes for Meltdown are available in all release channels now (Alpha 1649.0.0, Beta 1632.1.0, Stable 1576.5.0). 6 - SLSA-2018:0008-1 (kernel), SLSA-2018:0013-1 (microcode_ctl) Bugtracker - Bug#643228 - Security Tracking Bug Gentoo Wiki - Project:Security/Vulnerabilities/Meltdown and Spectre NixOS: According to #33414, KPTI is in nixpkgs since 1e129a3. XEN - XSA-254 and Xen Project Spectre/Meltdown FAQ, no patches yet Manjaro: Detail about Kernel Page-Table Isolation, patched with stable update. It contains the fix for Meltdown and partial mitigation for Spectre. Tails: Tails 3.4 has been released. Wind River Linux and Pulsar Linux: Wind River Security Vulnerability Notice: Meltdown and Spectre Side-Channel Attacks - (CVE-2017-5754, CVE-2017-5753 and CVE-2017-5715) for Wind River Linux and Pulsar Parrot Security OS: meltdown/spectre security patches VMware currently advises patching to the levels provided in VMSA-2018-0002. Please see for affected systems & “tmp” workaround for those who’ve applied microcode update until new updates are available from Intel. VMSA-2018-0004 - Update 01/13/18: All of the ESXi patches associated with VMSA-2018-0004 have been PULLED from the online repository after Intel notified VMware of faulty microcode updates for certain Haswell/Broadwell CPUs.
0 Comments
Leave a Reply. |
AuthorPam ArchivesCategories |