Meltdown and Spectre Vulnerability

This topic has 3 replies, 3 voices, and was last updated Jan 5-9:33 pm by Anonymous.

Viewing 4 posts - 1 through 4 (of 4 total)

Author

Posts
January 5, 2018 at 6:08 am #4744
Anonymous
Hello Antix Forums,

Saw this and wonder how this may affect Antix users and Firefox ESR.

https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/

Thanks

PoorGuy
January 5, 2018 at 10:30 am #4755
Anonymous
Helpful
Up
0
::
wonder how this may affect Antix users and Firefox ESR.

(pointless to dredge through myriad overly-specific permutations)
wonder how this may affect left-handed Antix users and PaleMoon
wonder how this may affect southern-hemisphere Antix users and LibreOffice…

Instead of wondering, for starters… please refer to the 5-page-long topic over at MX Linux forum.
http://forum.mxlinux.org/viewtopic.php?f=6&t=43696

————————

specific to firefox (and firefox-ESR)

Mozilla released Firefox 57.0.4 to the Stable browser channel on January 4, 2018.
The new version of Firefox comes with two timing-based mitigations designed to protect Firefox users against Meltdown and Spectre attacks.

mozilla security advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/

Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. This includes both explicit sources, like performance.now(), and implicit sources that allow building high-resolution timers, viz., SharedArrayBuffer.
[…] The precision of performance.now() has been reduced from 5μs to 20μs, and the SharedArrayBuffer feature has been disabled because it can be used to construct a high-resolution timer. […] …SharedArrayBuffer is already disabled on Firefox 52 ESR
January 5, 2018 at 10:48 am #4756
Forum Admin
anticapitalista
Helpful
Up
0
::
4.14.11 security fix kernel is in the antiX stretch repos (64 bit only).
sid/testing versions should appear soon.

security fixed 4.10.5 kernel (antiX-17) and 4.4 kernel (antiX-16) will be available once I can get the patches to build (this is far from trivial to do).
- This reply was modified 5 years, 4 months ago by anticapitalista.
Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - leaner and meaner.
January 5, 2018 at 9:33 pm #4766
Anonymous
Helpful
Up
0
::

anticapitalista wrote:

4.14.11 security fix kernel is in the antiX stretch repos (64 bit only).
sid/testing versions should appear soon.

security fixed 4.10.5 kernel (antiX-17) and 4.4 kernel (antiX-16) will be available once I can get the patches to build (this is far from trivial to do).

Thanks anticapitalista for your reply.
Author

Posts

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.