Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 20 Nov 2019, 11:23
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Intel's Security Problems
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [3 Posts]  
Author Message
labbe5

Joined: 13 Nov 2013
Posts: 2052
Location: Canada

PostPosted: Sat 18 May 2019, 18:33    Post subject:  Intel's Security Problems
Subject description: MDS, RDDL, Fallout, Zombieland A Security vs performance issue
 

https://news.softpedia.com/news/debian-patches-new-intel-mds-security-vulnerabilities-in-debian-linux-stretch-526047.shtml

The Debian Project has released patched versions of its Linux kernel and intel-microcode packages for the stable Debian GNU/Linux 9 "Stretch" operating system series to address the recently disclosed Intel MDS security vulnerabilities.

On May 14th, Intel disclosed four new security vulnerabilities affecting several of its Intel CPUs, which could allow attackers to leak sensitive information if the system remains unpatched. Intel has worked with major OS vendors and device manufactures to quickly deploy feasible solutions for mitigating these flaws, and now patches are available for users of the Debian GNU/Linux 9 "Stretch" operating system series.

The Debian Project urges all users of the stable Debian GNU/Linux 9 "Stretch" operating system series to update their installations as soon as possible to the latest Linux kernel version 4.9.168-1+deb9u2 and intel-microcode firmware 3.20190514.1~deb9u1. To fully mitigate these new security vulnerabilities, both packages need to be installed on your Debian GNU/Linux 9 "Stretch" computers.

Please note that the new intel-microcode version is only available in the Debian non-free repository, which you'll have to enable to patch your computer against the MSBDS, MFBDS, MLPDS and MDSUM (a.k.a. CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091) hardware vulnerabilities. The new Linux kernel update also includes a fix for a regression causing deadlocks inside the loopback driver.


All derivatives based on Debian Stretch (stable) are concerned.

Further reading :
https://news.softpedia.com/news/canonical-releases-ubuntu-updates-to-mitigate-new-mds-security-vulnerabilities-526031.shtml
Protecting your computer against Intel’s latest security flaw is easy, unless it isn’t
https://www.theverge.com/2019/5/17/18628568/how-to-secure-mds-intel-zombieload-apple-windows-chromeos

Last edited by labbe5 on Wed 30 Oct 2019, 07:34; edited 1 time in total
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 2088
Location: N.E. USA

PostPosted: Sun 19 May 2019, 23:17    Post subject:  

Soooo... the BIG question is how will Intel deal with this microcoode buffoonery on its newest MPU's/CPU's, and WHEN will such 'fully' patched processors come to market.

Regards
8Geee

_________________
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 2052
Location: Canada

PostPosted: Wed 30 Oct 2019, 07:31    Post subject: Intel's Security Problems
Subject description: MDS, RDDL, Fallout, Zombieland: All variants of the same basic problem
 

https://fudzilla.com/news/49677-intel-s-security-problems-are-not-going-away

Kroah-Hartman said that all the CPU bugs were potentially deadly for your security. RIDL and Zombieload, for example, can steal data across applications, virtual machines, even secure enclaves.
"The last is really funny, because [Intel Software Guard Extensions (SGX)] is what issupposed to be secure inside Intel chips [but, it turns out it's] really porous. You can see right through this thing."

To fix each problem as it pops up, you must patch both your Linux kernel and your CPU's BIOS and microcode. This is not a Linux problem, any operating system faces the same problem.

OpenBSD, a BSD Unix devoted to security first and foremost, Kroah-Hartman freely admits was the first to come up with what's currently the best answer for this class of security holes: Turn Intel's simultaneous multithreading (SMT) off and deal with the performance hit. Linux has adopted this method. But it's not enough, apparently. You must secure the operating system as each new way to exploit hyper-threading appears.

"The bad part of this is that you now must choose: Performance or security. And that is not a good option. If you are not using a supported Linux distribution kernel or a stable/long term kernel, you have an insecure system", Kroah-Hartman said.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [3 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0312s ][ Queries: 11 (0.0045s) ][ GZIP on ]