0

Can any one help me What Kernel Version to be Upgraded or considered for Ubuntu 'm using Ubuntu 14.04 with Linux version 3.16.0-30-generic in mitigating Spectre & Meltdown. Followed the advisory link updates however i couldn't find. We are not in favor of doing distr upgrades hence we wanted to stick to the same parent version level.

Can any one help me in understanding the steps here. Thanks much.

RAMANA PERI
  • 9
  • https://insights.ubuntu.com/2018/01/12/meltdown-and-spectre-status-update/ but note however status updates are made regularly .. (https://insights.ubuntu.com/2018/01/24/meltdown-spectre-and-ubuntu-what-you-need-to-know/ is later but doesn't mention 14.04 specifically) -- from this site https://askubuntu.com/questions/992232/what-is-ubuntus-status-on-the-meltdown-and-spectre-vulnerabilities – guiverc Jan 25 '18 at 10:05
  • 1
    If you do not already update your systems why bother with the update for spectre? Both problems require gaining access to the target machine with permission to run code before exploiting the vulnerability. Unless you own your own cloud you are not going to get affected by this bug. Yes, it is a serious bug. But the impact is close to 0 for the common user. But even then: you update the kernel you use. There should be no "picking a kernel" by you. – Rinzwind Jan 25 '18 at 10:08
  • Hi i think my question refers to what kernel version to be considered for upgrade when we have existing kernel version 3.16.0-30-generic, if there is any specific link which can be referred please share. Thanks much. – RAMANA PERI Jan 25 '18 at 10:12
  • 1
    No there isn't. You upgrade your current system and that's it. In general: when the kernel is updated you will get a new kernel entry at the boot options; most times the 3rd or 4th digit in the kernel id goes up and that one is selected by default. You revert to the old unpatched kernel by selecting that one in case of problems with the upgrade. Sorry but I really do not understand the question. – Rinzwind Jan 25 '18 at 10:25
  • Thanks a lot for the update. Let me rephrase my question. Have followed the advisory link https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown, but it clear states or advices that if at all we have kernel version 3.13 then upgrade to 3.13.0.141.151 which was clearly mentioned. However if we have kernel version as 3.16.0-30 then even when i verify the upgraded version it will land up in 3.16.XX value as example but not recommended versions as per advisory. – RAMANA PERI Jan 25 '18 at 10:30
  • 1
    3.16 is one of the four LTS (Long Term Support) kernels patched with Meltdown support early January 2018. The exact version was 3.16.52 on January 2 and then 3.16.53 with bug fixes on January 9: http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.16.53/ You can read more at: https://askubuntu.com/questions/992232/what-is-ubuntus-status-on-the-meltdown-and-spectre-vulnerabilities/992459#992459 – WinEunuuchs2Unix Jan 25 '18 at 11:51

1 Answers1

0

See https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown for the current status of mitigations across all releases of Ubuntu, and the official blog post covering the issues for a high-level analysis.

kiko
  • 358