How to Live Aligned with Specter-related security issues became known a long time ago which has given much to talk about during these months.
Though many of the security bugs that lead to Specter have been fixed In Linux, new bugs and especially new variants have been developed.
For those readers who are unaware of this vulnerability, I can tell you that Specter is a vulnerability that affects modern microprocessors that use hop prediction.
In most processors, speculative execution that arises from a forecast failure can leave observable effects collaterals that can reveal private information to an attacker.
For example, if the pattern of memory accesses made by the aforementioned speculative execution depends on private data, the resulting state of the data cache constitutes a side channel through which an attacker may be able to obtain information about the private data. employing a timed attack.
Rather than a single, easy-to-fix vulnerability, the Specter document describes an entire class of potential vulnerabilities.
All those vulnerabilities are based on exploiting the side effects of speculative execution, a technique commonly used to combat memory latency and thus speed up performance on modern microprocessors.
En particular, Specter focuses on jump prediction, a special case of speculative execution.
Unlike the Meltdown vulnerability released on the same date, Specter does not depend on a particular memory management feature specific processor or how it protects access to that memory, but has a more general approach.
Debian released security fixes
Recently the development group in charge of the Debian Project released a firmware Intel micro code Updated for Debian OS series users GNU / Linux 9 "Stretch" to mitigate two of the latest Specter vulnerabilities on more Intel CPUs.
Last month, more precisely on August 16, Moritz Muehlenhoff announced the availability of an update to Intel's microcode that provides support for SSBD (Speculative Store Bypass Disable (SSBD) needed to address the Specter Variant 4 security vulnerabilities and Specter Variant 3a.
However, the Intel microcode update released last month was only available for some types of Intel processors.
Because of this, The Debian Project has released an updated Intel microcode firmware that implements support for additional Intel CPU SSBD models for users of the newest version of the system which is Debian 9 Stretch to fix two of the most recent Specter vulnerabilities discovered in more Intel CPUs.
On the announcement mailing list, Moritz Muehlenhoff said:
«This update comes with updated cpu microcode for additional intel cpus models that have not yet been covered by the intel microcode update, released as dsa-4273-1 (and therefore provides support for ssbd (required to direct 'specter v4' and fixes to 'specter v3a') «.
For the Debian 9 Stretch stable distribution these problems have been fixed in
version 3.20180807a.1 ~ deb9u1.
We recommend that you update your intel-microcode packages.
The Debian Project invite all Debian OS Stretch series users using Intel CPUs to update microcode firmware to version 3.20180807a.1 ~ deb9u1, which can be downloaded immediately from main archives.
In addition, to fully fix both Specter vulnerabilities, users will also need to install the latest kernel update.
Widely known as Specter variant 3A (CVE-2018-3640) "Rogue System Register Read" and Specter variant 4 CVE-2018-3639 "Speculative Store Bypass", both are Side-Channel vulnerabilities that can allow invaders to gain access to information confidential about vulnerable systems. They are serious flaws and must be corrected as quickly as possible.
Finally, it is enough to have our system fully updated with the recent versions of its components.
Very good news