Meltdown & Spectre patches ?

General questions.
Post Reply
subscriptionblocker
Posts: 18
Joined: May 4th, 2017, 1:50 pm

Meltdown & Spectre patches ?

Post by subscriptionblocker » January 4th, 2018, 6:38 pm

IPFire is a "most relied upon box" here. Any user should be worried right now.

http://www.linuxandubuntu.com/home/melt ... es-at-risk

https://www.reddit.com/r/linux/comments ... d_to_know/

fkienker
Posts: 89
Joined: March 3rd, 2011, 4:59 pm

Re: Meltdown & Spectre patches ?

Post by fkienker » January 5th, 2018, 8:13 am

It seems very likely this will be addressed quite quickly. It has always been this way in the past. My guess is there will be an update announced shortly.

Best regards,
Fred

Edwin
Posts: 104
Joined: March 19th, 2016, 12:02 pm

Re: Meltdown & Spectre patches ?

Post by Edwin » January 5th, 2018, 9:02 pm

The Snort subscriber rules already detect attacks targeting these vulnerabilities.
An update for IPFire would be nice though.
Image
Image

Hellfire
Posts: 452
Joined: November 8th, 2015, 8:54 am

Re: Meltdown & Spectre patches ?

Post by Hellfire » January 6th, 2018, 4:42 pm

Edwin wrote:
January 5th, 2018, 9:02 pm
The Snort subscriber rules already detect attacks targeting these vulnerabilities.
Hm, which one? Probelm is that the snort rules are somehow confusing regarding the vast amount of available rules and last but not least the handling within IPfire is not perfectly solved. At least when it comes to activate the sub-rules.

Michael
Image

User avatar
FischerM
Community Developer
Community Developer
Posts: 786
Joined: November 2nd, 2011, 12:28 pm

Re: Meltdown & Spectre patches ?

Post by FischerM » January 6th, 2018, 8:15 pm

Hi,

You'll have to pay for these:
http://blog.snort.org/ wrote:Friday, January 5, 2018
...
Snort Subscriber Rule Set Update for 01/04/2018, Release #2, Intel Vulnerabilities
...
In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users...
Best,
Matthias

dnl
Posts: 312
Joined: June 28th, 2013, 11:03 am

Re: Meltdown & Spectre patches ?

Post by dnl » January 7th, 2018, 3:13 am

FischerM wrote:
January 6th, 2018, 8:15 pm
Hi,

You'll have to pay for these:
http://blog.snort.org/ wrote:Friday, January 5, 2018
...
Snort Subscriber Rule Set Update for 01/04/2018, Release #2, Intel Vulnerabilities
...
And automate snort updates yourself, as IPFire sadly still doesn't do it. See all of Snort Rules Update thread.
Image

User avatar
Arne.F
Core Developer
Core Developer
Posts: 7830
Joined: May 7th, 2006, 8:57 am
Location: BS <-> NDH
Contact:

Re: Meltdown & Spectre patches ?

Post by Arne.F » January 7th, 2018, 11:37 am

Such rules detect only the two public demo exploits, they will not help against the real fault. This can only addressed by updating the affected systems. (All of them)

I have build an updated kernel for intel but this need testing and we can ship this not as core update until the arm config is finished so this need some time ...


https://people.ipfire.org/~arne_f/highl ... al/kernel/
Arne

Support the project on the IPFire whishlist!

Image

Image

Image
PS: I will not answer support questions via email and ignore IPFire related messages on my non IPFire.org mail addresses.

Edwin
Posts: 104
Joined: March 19th, 2016, 12:02 pm

Re: Meltdown & Spectre patches ?

Post by Edwin » January 7th, 2018, 12:20 pm

Hi,

The rule should be in the OS-OTHER ruleset. Subscriber ruleset, so you have to pay for this (a bit) indeed.
See https://www.snort.org/advisories/talos- ... 4-1-4-2018. I can't tell if this is only for demo-exploits, there is no mention of this.
I do agree with Hellfire is that the handling of these rules in IPFire is not perfectly solved.
Thank you arne for you work in this.
Image
Image

ava1ar
Posts: 3
Joined: October 31st, 2017, 4:18 am
Location: New York

Re: Meltdown & Spectre patches ?

Post by ava1ar » January 12th, 2018, 10:24 pm

Just read the blog post "Meltdown/Spectre - The chaotic story", where the following words attracted my attention:
IPFire is always based on an older kernel that is on long-term support and well maintained just like many other distributions.
And I have to say - this is NOT true. The kernel, which IPFire using right now if EOL for more than a year as for now! I don't really sure, may be IPFire team maintains it and backport stuff from new kernels to 3.14 branch, but officially this kernel is not LTS anymore.
Actually, I consider this the main problem of the IPFire distribution. Old kernels are not a problem by itself, but old unsupported kernels are! What is the official position of the development team regarding this? Do they consider 3.14.79 secure?
Image

Hellfire
Posts: 452
Joined: November 8th, 2015, 8:54 am

Re: Meltdown & Spectre patches ?

Post by Hellfire » January 13th, 2018, 8:57 am

Regarding the APU platform I got this link from the manufacturer: http://www.pcengines.ch/spectre.htm

It seems that the OS is responsible for locking down this security flaw, my understanding, however, differs from the above articles.

Michael
Image

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests