Hi Alex, Alex Vong <alexvong1...@gmail.com> writes: > I hope this is on topic. Recently, 2 critical vulnerabilities (see > https://meltdownattack.com/) affecting virtually all intel cpus are > discovered. I am running libreboot x200 (see > https://www.fsf.org/ryf). What should I do right now to patch my laptop?
I haven't yet had time to properly study this, but so far I'd strongly recommend updating to linux-libre-4.14.12, which contains an important mitigation called kernel page-table isolation (KPTI). linux-libre-4.9.75 also contains backported mitigations, but I'm not sure if they're as comprehensive. Alan Cox also says that Javascript can be used to remotely exploit these vulnerabilities, so you should use the NoScript web browser extension if you're not already doing so. Enable Javascript only when you must. He wrote: What you do need to care about _big_ _time_ is javascript because the exploit can be remotely used by javascript on web pages to steal stuff from your system memory. Mozilla and Chrome both have pending updates. and some recommendations about protection. Also consider things like Adblockers and extensions like noscript that can stop a lot of junk running in the first place. Do that ASAP. https://plus.google.com/+AlanCoxLinux/posts/Z6inLSq4iqH We (GNU Guix developers) should also start investigating how to deploy the "Retpoline" mitigation technique, which apparently involves patching our linker and recompiling our entire system with it, but it will take some time to do that. https://support.google.com/faqs/answer/7625886 Mark