Canonical, the company behind the popular Ubuntu distribution of Linux, has been forced to reissue its hastily released patch for Spectre and Meltdown after users of the 16.04 LTS version of its Linux operating system complained that it borked their systems
The company was one of the first to issue a patch, but users of the operating system code-named Xenial Xerus found that they weren't able to boot-up following the update (4.4.0-108). Fortunately, they were able to fix the problem with a rollback.
Canonical has rapidly released a new patch - this one has a new kernel image 4.4.0-109.
The latest advisory reads:
"USN-3522-1 fixed a vulnerability in the Linux kernel to address
Meltdown (CVE-2017-5754). Unfortunately, that update introduced
a regression where a few systems failed to boot successfully. This
update fixes the problem."
The Meltdown/Spectre vulnerabilities revealed last week has made it a less than happy new year for Intel, in particular, which has an intrinsic physical flaw (labelled Meltdown) in most of its CPUs that can only be patched at a software level.
These patches, though, are causing ongoing performance issues for both desktop PCs and servers, especially in cloud computing environments.
IBM is preparing to release its own patches and firmware upgrades, while AMD CPUs have been affected less seriously - by the Spectre flaw, not Meltdown - and its patches should be out very soon.
Nvidia has added that it, too is affected and is working to roll out updates, and the Linux Mint distro is patched up to kernel 3.16. A fix for 3.17 and 3.18 is incoming so stay tuned.
It should be noted that if you have a gaming machine with an Intel CPU, a Nvidia GPU and two partitions, you need to get both patches for both partitions before you can consider your machine fully patched.
This is the esence of the problem, especially for Intel: you can't fix the chip. Every chip that is vulnerable will always be vulnerable. It's how they interact with the rest of the machine that gets changed at a software level, and that will take more than just one patch.
It could take 18 months for the flaw to be designed out of new CPUs, given the lead times for designing, testing and manufacturing new chips. In the meantime, launch schedules for both AMD and Intel (in particular) could be affected.
Wikileaks Vault 7 suspect Joshua Schulte fingered by FBI after re-using smartphone passwords on his PCs
Joshua Schulte indicted on 13 counts relating to Vault 7 leaks and trading in images of child abuse
Alexa for Hospitality will link with existing systems so guests can order room service and control the air con
Massive volcanic eruptions could have warmed Mars' surface sufficiently for oceans to form
Examination of fruit flies' brains generated more than one billion data points for scientists to analyse