New and updated install still shows I have a meltdown vulnerability

deljones · January 14, 2021, 12:06pm

My YunoHost server

Hardware: Old laptop or computer …
YunoHost version: 4.1.4.4
I have access to my server : Through SSH | through the webadmin/Putty | direct access via keyboard / screen | …
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hello everyone and thanks for reading.

I have a brand new install of the latest YUNO HOST and fully updated. However, when I run the diagnostics I get the following:

You appear vulnerable to the Meltdown critical security vulnerability. (https://myhostnamehere.com/yunohost/admin/#details-basesystem-4)

To fix this, you should upgrade your system and reboot to load the new linux kernel (or contact your server provider if this doesn’t work). See https://meltdownattack.com/ for more infos.

I followed the instructions and run the diagnostics again but I still get the same error.

Everything else on the server is in good order. Love it… Would just like to get rid of this potentially dangerous error!

I have had a good look around and maybe I’m not looking hard enough

Also can anyone help with using a VPN to fix the reverse proxy. I note that there is a French-only version on the Yuno Host site, sadly my French is not that great.

Many many thanks

Derek

Aleks · January 14, 2021, 12:34pm

Eeeeh hmpf dunno what to do with this, the whole meltdown story is a bit mysterious … Maybe if you’re on an old computer it can be related to the CPU not being properly diagnosed or something … or maybe you’d need to update the bootloader or other tricky manipulation … or maybe we just need to update the script that checks this (it’s based on GitHub - speed47/spectre-meltdown-checker: Spectre, Meltdown, Foreshadow, Fallout, RIDL, ZombieLoad vulnerability/mitigation checker for Linux & BSD but it’s been a while we did not propagate new changes)

deljones · January 14, 2021, 1:23pm

Hi and thanks

I ran the script (with care) which produced the following:

Running as a Xen PV DomU: NO

STATUS: VULNERABLE (PTI is needed to mitigate the vulnerability)

CVE-2018-3640 aka ‘Variant 3a, rogue system register read’

CPU microcode mitigates the vulnerability: NO

STATUS: VULNERABLE (an up-to-date CPU microcode is needed to mitigate this v ulnerability)

CVE-2018-3639 aka ‘Variant 4, speculative store bypass’

Mitigated according to the /sys interface: NO (Vulnerable)
Kernel supports disabling speculative store bypass (SSB): YES (found in /pro c/self/status)
SSB mitigation is enabled and active: NO

STATUS: VULNERABLE (Your CPU doesn’t support SSBD)

I did note in the notes from the scripts README that ATOM CPUs can be vulnerable, I think thats what t meant!! Guess what my CPU is an ATOM.

Guess I’ll have to bin this idea.

Thanks again

Dj

system · January 29, 2021, 1:23pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.