Video: Why microprocessor systems' architecture needs to go open source
Canonical, the company that makes Linux distro Ubuntu, has re-released its Meltdown update for Ubuntu 16.04 LTS Xenial users after the first attempt tripped up machines.
Canonical managed to get its fix for the Meltdown CPU bug out on Tuesday as scheduled, but was forced to issue a new release after discovering some 16.04 LTS Xenial users couldn't boot their machines once the update was installed.
Several users reported the same problem after installing Ubuntu 16.04 LTS with the kernel image 4.4.0-108, with some reverting to the previous working kernel to resolve the issue.
"Just got the Meltdown update to kernel linux-image-4.4.0-108-generic but this doesn't boot at all. It just hangs after grub," wrote one user in a bug report.
On Wednesday, Canonical posted a new security notice confirming the problem, as well as a second update with a new Linux kernel image, 4.4.0-109.
"USN-3522-1 fixed a vulnerability in the Linux kernel to address Meltdown (CVE-2017-5754). Unfortunately, that update introduced a regression where a few systems failed to boot successfully. This update fixes the problem. We apologize for the inconvenience," Ubuntu said in the new notice USN-3522-3.
Several users on Ubuntu forums have since confirmed that the update with the 4.4.0-109 Linux kernel image resolves the freezing issue.
"I can confirm that the new 4.4.0-109 kernel is working fine, so if anyone is still trying to get their machine running straight from boot-up, simply do your normal update to get the new version, then purge 4.4.0-108, as it seems to be useless for many users, perhaps just Intel CPUs," wrote one user.
Download now: Securing Linux policy
Canonical developers plan to address the two other related CPU vulnerabilities known as Spectre in a future update, Canonical's Dustin Kirkland, VP of Ubuntu product development, said last week.
The Meltdown and Spectre attacks primarily impact CPUs from Intel and to a lesser extent those from AMD and Arm. However, IBM this week also began releasing firmware patches for its Power CPUs and will follow up next month with operating system patches.
Microsoft this week halted its CPU fixes for AMD systems after its update caused booting problems. Microsoft said some AMD chipsets didn't conform to the documentation that was given to Microsoft when it was developing patches for the issues.
The company is cautiously delivering its Meltdown and Spectre fixes to Windows PCs, restricting the updates to machines running third-party antivirus that are compatible with its fixes due to the risk of triggering Blue Screen of Death errors.
The Linux vs Meltdown and Spectre battle continues
Fixing Meltdown and Spectre will take Linux -- and all other operating systems -- programmers a long, long time. Here's where the Linux developers are now.
Spectre and Meltdown: Insecurity at the heart of modern CPU design
Newly discovered flaws in many processors threaten performance hits and continued security headaches. Here's how they work, how they got there and what they mean for the future.
Meltdown and Spectre: The looming death of security (and what to do about it)
These latest flaws show once again that security is a mirage. It's time for a better approach.
Windows emergency Meltdown patch: Microsoft stops update for AMD PCs after crash reports (TechRepublic)
Following claims the patches trapped some AMD PCs in an endless loop, Microsoft today announced the Windows updates would not be rolled out to affected machines.
How to protect yourself from Meltdown and Spectre CPU flaws (CNET)
Practically every modern processor is vulnerable. We're updating this list of fixes as they become available.