2018年6月,Canonical 发布了针对几乎所有 Ubuntu 版本的的 AMD 微代码固件更新以解决 Spectre 漏洞问题。包括Ubuntu 18.04 LTS(Bionic Beaver)、Ubuntu 17.10(Artful Aardvark)、Ubuntu 16.04 LTS(Xenial Xerus)和 Ubuntu 14.04 LTS(Trusty Tahr)。
本次更新的处理器微码固件导致某些电脑出现启动失败的问题,Canonical 已为此问题道歉并发布补丁以修复该回退,同时敦促用户立即更新他们的电脑。
“USN-3690-1 为 AMD 处理器提供了更新的微代码以解决 CVE-2017-5715(也就是 Spectre)。不幸的是,更新导致一些系统无法启动。此更新恢复了 Ubuntu 14.04 LTS 的更新,我们为此表示致歉“,Canonical 在安全公告中表示。
目前似乎只有 Ubuntu 14.04 LTS 用户受到影响,包括一系列衍生版本如 Kubuntu、Lubuntu、Xubuntu 等。为了解决这个问题,Canonical 敦促 Ubuntu 14.04 LTS 用户将 AMD 微码固件更新为 amd64-microcode-3.20180524.1~ubuntu0.14.04.2+really20130710.1 包,该软件包现已在官方软件库中提供。尚无看到 Ubuntu 18.04 LTS 用户出现此问题的报告,使用此操作系统的用户可以多关注下官方的动态。
用户进行更新可以下面的说明操作,并记住在安装新的微码版本后重启电脑。
Upgrades 1.Introduction Keeping your computer's software up to date is the single most important task for protecting your system. Ubuntu can alert you to pending updates, and also be configured to apply updates automatically. Security updates for Ubuntu are announced via Ubuntu Security Notices (USNs). 2.Desktop By default, users are notified daily for security updates and weekly for non-security updates. How Ubuntu alerts you as well as configuring your system to install updates automatically can be setup within Update Manager. You can access Update Manager anytime by pressing 'Alt+F2', entering 'update-manager' and pressing Enter. Its settings can be adjusted by pressing the 'Settings' button. Once Update Manager is open, you can review and select pending updates as well as check for new updates. Simply press the 'Install Updates' button to upgrade the selected packages to the updated version. 3.Server If the update-notifier-common package is installed, Ubuntu will alert you about pending updates via the message of the day (motd) upon console or remote login. After logging in, you can check for and apply new updates with: $ sudo apt-get update $ sudo apt-get dist-upgrade When performing an update, first review what apt is going to do, then confirm that you want to apply the updates (this is particularly true when running the development release). If you would prefer to have updates applied automatically, make sure the unattended-upgrades package is installed, then run 'sudo dpkg-reconfigure unattended-upgrades'. Please note that updates may restart services on your server, so this may not be appropriate for all environments.
相关主题 |