search

tcp-nanqinlang / general

general mode via module loading
469 stars 300 forks source link

Fix the Meltdown on platform Debian #12

Closed nanqinlang closed 6 years ago

nanqinlang commented 6 years ago

till now, Debian has still not release a fix patch for issue Spectre.

there is the according:
https://security-tracker.debian.org/tracker/CVE-2017-5715
https://security-tracker.debian.org/tracker/CVE-2017-5753

but for one issue - CVE-2017-5754, there is a fix version released,
the according is in there:
https://security-tracker.debian.org/tracker/CVE-2017-5754

to fix this issue, you should upgrade your Debian9 to 4.9.65-3+deb9u2 by running this:

apt-get update
apt-get dist-upgrade
reboot

the according of above solution is there: https://www.cyberciti.biz/faq/patch-spectre-vulnerability-cve-2017-5753-cve-2017-5715-linux/

nanqinlang commented 6 years ago

according: http://www.linuxandubuntu.com/home/meltdown-and-spectre-cpu-flaws-put-computers-laptops-phones-at-risk

UPDATE - Canonical says that the actual date to announce the vulnerabilities was Jan 9 so it was preparing to release updates before the date.

"The original coordinated disclosure date was planned for January 9 and we have been driving toward that date to release fixes. Due to the early disclosure, we are trying to accelerate the release, but we don't yet have an earlier ETA when the updates will be released. We will release Ubuntu Security Notices when the updates are available", Ubuntu said.

The security patches for Meltdown and Spectre from Ubuntu are yet to be announced.

nanqinlang commented 6 years ago

default this is my example, running the above directive on Debian9, tencent cloud.

nanqinlang commented 6 years ago

to use this script, you just need to run this:

wget https://github.com/nanqinlang-tcp/tcp_nanqinlang/releases/download/20180105-aptupgrade/20180105-aptupgrade-to-fixmeltdown.sh
bash 20180105-aptupgrade-to-fixmeltdown.sh

the following is the source of script:

#!/bin/bash
Green_font="\033[32m" && Red_font="\033[31m" && Font_suffix="\033[0m"
Info="${Green_font}[Info]${Font_suffix}"
Error="${Red_font}[Error]${Font_suffix}"

check_system(){
    [[ -z "`cat /etc/issue | grep -iE "debian"`" ]] && echo -e "${Error} only support Debian !" && exit 1
}

check_root(){
    [[ "`id -u`" != "0" ]] && echo -e "${Error} must be root user !" && exit 1
}

check_kvm(){
    apt-get install -y virt-what
    [[ "`virt-what`" != "kvm" ]] && echo -e "${Error} only support KVM !" && exit 1
}

apt-source-get(){
    cd /etc/apt
    mv sources.list  sources.list.bak
    wget -O sources.list https://raw.githubusercontent.com/nanqinlang/sources.list/master/us.sources_stretch.list
}

upgrade(){
    apt-get update
    apt-get dist-upgrade -y
}

apt-source-restore(){
    mv -f /etc/apt/sources.list.bak  /etc/apt/sources.list
}

restart(){
    echo -e "${Info} please ensure the above progress has not mistake, then reboot your device ."
    echo -e "${Info} so are you sure you want a reboot ?"
    echo -e "1.yes\n2.no"
    read -p "(please choose):" sure
    [[ "${sure}" = "1" ]] && reboot
}

echo -e "${Info} now will start Debian Meltdown fixing process via apt-upgrade :"
check_system
check_root
apt-get update
check_kvm
apt-source-get
upgrade
apt-source-restore
restart