Security

Ubuntu 16.04.5 LTS adds support for Spectre Variant 2 Mitigation for Pentium Silver N/J5xxx, Celeron N/J4xxx, Xeon E5/E7 v4 and Core i7-69xx/68xx

Ubuntu has just released the version 16.04.5 desktop and server install images of its Linux operating system. The developers have announced that just like its preceding LTS versions, this latest version incorporates hardware enablement stacks to be used on newer devices of all structures except for 32-bit PowerPC. Appuals has been following this release extensively and the latest and greatest changes introduced as well as details regarding the upgrade from a configuration perspective were covered by our GNU/Linux expert, John Rendace. On the security side of things, the most prominent upgrade of interest to us is the incorporated Spectre Variant 2 mitigation microcode data file.

The Ubuntu 16.04.5 release incorporates a new upstream microcode data file 20180425 which is specially designed to provide Indirect Branch Restricted Speculation (IBRS), Indirect Branch Predicter Barrier (IBPB), and Single Thread Indirect Branch Predictor (STIBP) microcode support for the mitigation of Spectre variant 2 attacks. This update provides mitigation for Pentium Silver N/J5xxx, Celeron N/J4xxx (sig 0x000706a1), and Xeon E5/E7 v4. This vulnerability was also mitigated through the upgrade package intel-microcode – 3.20180425.1~ubuntu0.18.04.1.

The Spectre Variant 2 attacks exploit a fundamental design flaw in Intel’s processors and cause involuntary reboots, instability, and data loss or data corruption. In March, Intel announced that it would redesign future processors to avoid the Spectre Variant 2 and Meltdown vulnerabilities. This release of Ubuntu takes a step in that same direction by providing the latest mitigation support for the vulnerabilities as provided by Intel. This mitigation includes the firmware change in which the branch speculation CPU instructions are removed. This mitigation technique is already seen employed by Windows in its operating system to combat the branch target injection vulnerability.

As this release comes packed with all the recently released updates already incorporated into the install, users don’t need to update definitions through update installers separately. These updates resolve several “high-impact” security bugs that were encountered in previous Ubuntu products and this new release resolves the known vulnerabilities for a clean, simple, and fresh installation.

Ubuntu has released the complete list of files needed for these installations including BitTorrent links for some kinds. An image burning how-to guide has also been published which outlines the process for Windows 7/8/8.1, Windows 2000 or newer, Windows XP or newer, Mac OSX, Ubuntu, and Kubuntu.


Close