Meltdown and Spectre Vulnerability

Forum Forums New users New Users and General Questions Meltdown and Spectre Vulnerability

  • This topic has 3 replies, 3 voices, and was last updated Jan 5-9:33 pm by Anonymous.
Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #4744
    Anonymous

      Hello Antix Forums,

      Saw this and wonder how this may affect Antix users and Firefox ESR.

      http://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/

      Thanks

      PoorGuy

      #4755
      Anonymous

        wonder how this may affect Antix users and Firefox ESR.

        (pointless to dredge through myriad overly-specific permutations)
        wonder how this may affect left-handed Antix users and PaleMoon
        wonder how this may affect southern-hemisphere Antix users and LibreOffice…

        Instead of wondering, for starters… please refer to the 5-page-long topic over at MX Linux forum.
        http://forum.mxlinux.org/viewtopic.php?f=6&t=43696

        ————————

        specific to firefox (and firefox-ESR)

        Mozilla released Firefox 57.0.4 to the Stable browser channel on January 4, 2018.
        The new version of Firefox comes with two timing-based mitigations designed to protect Firefox users against Meltdown and Spectre attacks.

        mozilla security advisory: http://www.mozilla.org/en-US/security/advisories/mfsa2018-01/

        Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. This includes both explicit sources, like performance.now(), and implicit sources that allow building high-resolution timers, viz., SharedArrayBuffer.
        […] The precision of performance.now() has been reduced from 5μs to 20μs, and the SharedArrayBuffer feature has been disabled because it can be used to construct a high-resolution timer. […] …SharedArrayBuffer is already disabled on Firefox 52 ESR

        #4756
        Forum Admin
        anticapitalista

          4.14.11 security fix kernel is in the antiX stretch repos (64 bit only).
          sid/testing versions should appear soon.

          security fixed 4.10.5 kernel (antiX-17) and 4.4 kernel (antiX-16) will be available once I can get the patches to build (this is far from trivial to do).

          • This reply was modified 6 years, 4 months ago by anticapitalista.

          Philosophers have interpreted the world in many ways; the point is to change it.

          antiX with runit - leaner and meaner.

          #4766
          Anonymous

            4.14.11 security fix kernel is in the antiX stretch repos (64 bit only).
            sid/testing versions should appear soon.

            security fixed 4.10.5 kernel (antiX-17) and 4.4 kernel (antiX-16) will be available once I can get the patches to build (this is far from trivial to do).

            Thanks anticapitalista for your reply.

          Viewing 4 posts - 1 through 4 (of 4 total)
          • You must be logged in to reply to this topic.