Ubuntu 17.10 Patches The Raspberry Pi 2 Kernel Security Vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
linux, linux-raspi2 vulnerabilities
Ubuntu 17.10: Several security issues were fixed in the Linux kernel.
- linux - Linux kernel
- linux-raspi2 - Linux kernel for Raspberry Pi 2
DetailsUSNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Original advisory details:
Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754) and (CVE-2017-5715, CVE-2017-5753)
Update instructionsThe problem can be corrected by updating your system to the following package versions:
- linux-image-4.13.0-1015-raspi2 - 4.13.0-1015.16
- linux-image-4.13.0-37-generic - 4.13.0-37.42
- linux-image-4.13.0-37-generic-lpae - 4.13.0-37.42
- linux-image-4.13.0-37-lowlatency - 4.13.0-37.42
- linux-image-generic - 184.108.40.206.40
- linux-image-generic-lpae - 220.127.116.11.40
- linux-image-lowlatency - 18.104.22.168.40
- linux-image-raspi2 - 22.214.171.1245.13
Update:Linux kernel for Raspberry Pi 2If the update-notifier-common package is installed, Ubuntu will alert you about pending updates via the message of the day (motd) upon console or remote login.
After logging in, you can check for and apply new updates with:
$ sudo apt-get update
$ sudo apt-get dist-upgrade
When performing an update, first review what apt is going to do, then confirm that you want to apply the updates (this is particularly true when running the development release).
If you would prefer to have updates applied automatically, make sure the unattended-upgrades package is installed, then run 'sudo dpkg-reconfigure unattended-upgrades'. Please note that updates may restart services on your server, so this may not be appropriate for all environments.
To update your system, please follow these instructions here.
After a standard system update you need to reboot your computer to make all the necessary changes.