<div dir="ltr"><p>멜트다운과 스펙터 취약점 패치에 대한 공지가 나왔습니다.<br> 패키지 관리자로 패키지를 업데이트 하시면 적용 됩니다.<br> 커널 부분 수정이 많기 때문에, 라이브 패치는 제공되지 않는다고 합니다.(라이브 패치를 사용하는 사용자도 재부팅 필요)<br> 17.04 는 지원기간이 지나서 패치가 없습니다.</p><div class="inbox-inbox-text_exposed_show"><p> Nvidia 그래픽 드라이버 스팩터 취약점 패치 공지 <br> <a href="https://usn.ubuntu.com/usn/usn-3521-1/" target="_blank" rel="nofollow">https://usn.ubuntu.com/usn/usn-3521-1/</a></p><p> 14.04 LTS - 멜트다운 취약점 패치 공지 - 대상 패키지 : linux<br> <a href="https://l.facebook.com/l.php?u=https%3A%2F%2Fusn.ubuntu.com%2Fusn%2Fusn-3524-1%2F&h=ATM-AV9ioZMpDeRrUAt4bPvqSpiggmlB3M-d0WMSHL8vVEavYqz0bCC_wRIMqcPpV-1Uoyb2epOduVEiRaasb5qD-XyCmRsjznVooHnHKWUP_C2xJ3eiLbhjegBu_Irk4woxazHgCpFJ5gc8nkhn7C9LAP9oiB3c7aEXMk-XoJqoNQ5lszpfvmb2tKWJpHKO_Fk-U6BafIlTRKb0uVmkM7aQjrKZqa8w3z5N5GwJYp_V9L53-iq2k1C5xZBpF38XXFe0CkEIvpccEGZYqvEfrA781m8" target="_blank" rel="nofollow">https://usn.ubuntu.com/usn/usn-3524-1/</a></p><p> 14.04 LTS - 멜트다운 취약점 패치 공지 - 대상 패키지 : linux-aws, linux-lts-xenial<br> <a href="https://usn.ubuntu.com/usn/usn-3522-2/" target="_blank" rel="nofollow">https://usn.ubuntu.com/usn/usn-3522-2/</a></p><p> 16.04 LTS - 멜트다운 취약점 패치 공지 - 대상 패키지 : linux, linux-aws, linux-euclid, linux-kvm<br> <a href="https://usn.ubuntu.com/usn/usn-3522-1/" target="_blank" rel="nofollow">https://usn.ubuntu.com/usn/usn-3522-1/</a></p><p> 17.10 - 멜트다운 취약점 패치 공지 - 대상 패키지 : linux<br> <a href="https://usn.ubuntu.com/usn/usn-3523-1/" target="_blank" rel="nofollow">https://usn.ubuntu.com/usn/usn-3523-1/</a></p></div></div><br><div class="gmail_quote"><div dir="ltr">2018년 1월 5일 (금) 오후 3:14, 한영빈(Youngbin Han) <<a href="mailto:sukso96100@gmail.com">sukso96100@gmail.com</a>>님이 작성:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">최근 인텔 CPU 멜트다운과 스펙터 취약점이 화제가 되고 있습니다.<br>특히 멜트다운의 경우 인텔 CPU 의 버그로 최근 10년간 제조된 인텔 CPU 에 영향을 미치는 점과,<br>이를 해결하기 위한 패치를 적용하면 성능 저하가 발생하는 점 때문에 더 크게 이슈가 되고 있습니다.<br><br>각 OS 별로 취약점 패치가 제공되는 방식으로 하여 취약점을 해결하고 있는데요.<br>우분투의 경우 1월 4일에 취약점 관련 캐노니컬의 공지사항이 게시 되었습니다.<br><br><a href="https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities/" target="_blank">https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities/</a><br><br>공지사항 게시물에 따르면, 캐노니컬은 이 취약점에 대해서 작년(2017년) 11월 부터 작업을 해 왔으며,<br>우분투 17.10, 16.04 LTS, 14.04 LTS 에 대해 취약점 문제를 해결한 커널 업데이트를 1월 9일에 제공할 예정이라고 합니다.<br>18.04 LTS 는 취약점이 해결된 리눅스 커널 4.15 를 포함할 예정이라고 합니다.<br><br>우분투에서의 해당 취약점 해결 현황은 아래 링크를 이용하시면 바로 아실 수 있습니다.<br>CVE 추적 페이지는 영향을 받는 패키지 정보와 각 패키지별 작업 현황까지 표시 되므로, 더 자세한 정보를 열람하실 수 있습니다.<br>CVE 추적 페이지 에서 DNE(Do Not Exist) 는 "영향을 받지 않음" needs-triage 는 분류 필요, pending 은 작업 완료 후 대기, released 는 배포됨 정도로 이해 하시면 되겠습니다. released 로 표시된 부분이 취약점 해결 업데이트가 배포된 항목입니다.<br><br>해당 취약점 타임라인<br><a href="https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown" target="_blank">https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown</a><br><br>멜트다운 이슈 CVE 추적 페이지<br><a href="https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5754.html" target="_blank">https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5754.html</a><br><br>스펙터 이슈 CVE 추적 페이지<br><a href="https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5715.html" target="_blank">https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5715.html</a><br><a href="https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5753.html" target="_blank">https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5753.html</a><br><br>가능하면 업데이트 배포를 앞당기려고 노력하고 있으며, 업데이트가 배포되면 USN(Ubuntu Security Notices - <a href="https://usn.ubuntu.com/usn" target="_blank">https://usn.ubuntu.com/usn</a>) 을 통해 공지가 나갈 예정이라 합니다.<br>다들 참고 하셔서 제때 취약점 업데이트를 완료 하시면 되겠습니다.<br></div><br clear="all"><br>-- <br><div dir="ltr" class="m_5971812306416173254gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">한영빈 / Youngbin Han / 韓永斌 <div><a href="mailto:sukso96100@gmail.com" target="_blank">sukso96100@gmail.com</a> / <a href="http://youngbin.xyz" target="_blank">youngbin.xyz</a></div></div></div></blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">한영빈 / Youngbin Han / 韓永斌 <div><a href="mailto:sukso96100@gmail.com">sukso96100@gmail.com</a> / <a href="http://youngbin.xyz">youngbin.xyz</a></div></div></div>