Canonical has released preliminary kernel updates to mitigate both variants of the Spectre security vulnerability in all supported Ubuntu Linux operating systems, including all official flavors.
The company promised last week that it would release new kernel updates on Monday, January 15, 2018, for all supported Ubuntu releases. But it didn’t happen as they needed more time to thoroughly test and prepare the patches that would presumably address variant 1 and 2 of the Spectre exploit, which is harder to fix than Meltdown, so that it won’t cause any issues.
“Canonical holds Ubuntu to the highest standards of security and quality. This week we published candidate Ubuntu kernels providing mitigation for CVE-2017-5715 and CVE-2017-5753 (ie, Spectre / Variants 1 & 2) to their respective -proposed pockets for Ubuntu 17.10 (Artful), 16.04 LTS (Xenial), and 14.04 LTS (Trusty),” says Dustin Kirkland, VP, Product Development for Ubuntu.
Here’s how to test the Spectre mitigation patches
Ubuntu users interesting of patching their systems against both variants of the Spectre security vulnerability ahead of anyone else, are invited to enable the pre-released updates (ubuntu-proposed) repositories in the “Developer Options” tab of the Software & Updates utility. Then simply update their installation, reboot, test if everything works, and provide feedback to Canonical.
The new kernel versions are linux-4.13.0-30.33 for Ubuntu 17.10 (Artful Aardvark), linux-4.4.0-111.134 for Ubuntu 16.04 LTS (Xenial Xerus), and linux-3.13.0-140.189 for Ubuntu 14.04 LTS (Trusty Tahr). Supported architectures include 64-bit, as well as public cloud systems like Amazon Web Services (AWS), Google Cloud Engine, and Microsoft Azure, and HWE (Hardware Enablement) kernels.
To fully mitigate Spectre, Canonical recommends users to also install the latest Intel microcode firmware update. The ETA for these updates is now January 22, 2018, when all Ubuntu users with a supported release will be able to patch their systems against both variants of the Spectre security vulnerability. After applying the updates, don’t forget to check if your Linux PC is protected or not.