Spectre Meltdown checker

tracyanne · 10 August 2023 20:59

I get an update for spectre-meltdown-checker nearly every day.

What is going on?

cscs · 10 August 2023 21:21

Do you have the AUR (or some other) version installed?

pacman -Qi spectre-meltdown-checker

mithrial · 10 August 2023 21:34

I guess the new apocalyptic CPU vulnerabilities are added to it, so it requires updates.

ydar · 10 August 2023 21:53

There has been a lot of updates lately but I can only assume it’s been more actively maintained. The question is, would you rather they provide timely updates or not? Personally I prefer security type updates to come as fast as possible.

tracyanne · 10 August 2023 22:47

@ ydar The fact that there are timely updates is fine. I just wanted to know what was going on. It’s no biggie.

@ cscs Just standard from Extras

@ mithrial All good then

Aragorn · 11 August 2023 03:19

There has been one about two weeks ago, there was one yesterday, and there was another one today.

Considering that this is a security-related package, any update to the package gets pushed out immediately as it becomes available.

jcorporon · 11 August 2023 13:32

Hi, I found this topic interesting so I checked my installation of spectre-meltdown-checker. For some reason it is installed via the Official Repositories and AUR. If I try to remove the AUR version it also removes the Official Repositories version.

Here’s the results of pacman -Qi spectre-meltdown-checker on my system:

Name            : spectre-meltdown-checker
Version         : 0.46+10+gc1c1ac4-1
Description     : Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, Meltdown vulnerability/mitigation
                  checker
Architecture    : any
URL             : https://github.com/speed47/spectre-meltdown-checker
Licenses        : GPL3
Groups          : None
Provides        : None
Depends On      : sh  sqlite
Optional Deps   : None
Required By     : None
Optional For    : None
Conflicts With  : None
Replaces        : None
Installed Size  : 268.03 KiB
Packager        : Mark Wagie <mark@manjaro.org>
Build Date      : Thu 10 Aug 2023 10:02:47 AM EDT
Install Date    : Fri 11 Aug 2023 09:25:57 AM EDT
Install Reason  : Explicitly installed
Install Script  : No
Validated By    : Signature

Aragorn · 11 August 2023 13:37

That’s the official Manjaro repo version. The AUR version has version number 0.46-1. But if you have it installed twice, then maybe you’ve added another repo to your /etc/pacman.conf — Chaotic AUR perhaps?

Either way, package repository issues are a separate topic, so if you have more problems with that, then I recommend starting a new thread.

Teroh · 11 August 2023 15:09

So when can we expect the kernels with those exploits fixed in stable?

I know they are already in testing, but its been a few days since the exploits became known. Not sure if i would put manjaro responding to them as “swiftly”.

Aragorn · 11 August 2023 15:26

It all depends on how serious those exploits are, by which I mean to what extent they would pose an imminent threat to a Manjaro system.

The next update will also include microcode, by the way.

mithrial · 11 August 2023 16:54

The fixes should be in the respective microcode and not the kernel. It is not a bug on the kernel but CPU “drivers”.

It should be safe to install only this package from the testing branch, if you wish to do so.

system · 14 August 2023 06:55

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.