How to fix vulnerabilities related to Spectre and Meltdown bugs in Ubuntu?
Does this mean that the fix for such bug is not available for Ubuntu?
The fix is not available in the Ubuntu repos yet. You can check this page to see the status. The page is updated by the Ubuntu security team. It's about both vulnerabilities, contains links to the various CVEs.
Updates are available now !
- 2017 Nov 09: the Ubuntu Security team is notified by Intel under NDA
- 2018 Jan 03: issue becomes public a few days before the CRD
- 2018 Jan 09: Ubuntu kernel updates available (for patching Meltdown) for Ubuntu 16.04 LTS, Ubuntu 17.10, Ubuntu 14.04 LTS (HWE) and Ubuntu 14.04 LTS.
- 2018 Jan 10: Cloud images are available (for patching Meltdown) from http://cloud-images.ubuntu.com:
- <TBD>: Core image updates
Source : Ubuntu Wiki & Blog post
As previously stated, as of now (January 4, 2018) there are no official fixes available for Ubuntu, what you can do though is to update your kernel to the latest release manually. Keep in mind that updating the kernel will only fix Meltdown, since there's no known fix for Spectre yet. The latest kernel stable is 4.14.11, you can download the compiled files from the Kernel PPA here: http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.14.11/
If your system is 32-bit you'll want these files:
linux-headers-4.14.11-041411_4.14.11-041411.201801022143_all.deb
linux-headers-4.14.11-041411-generic_4.14.11-041411.201801022143_i386.deb
linux-image-4.14.11-041411-generic_4.14.11-041411.201801022143_i386.deb
If your system is 64-bit you'll want these files:
linux-headers-4.14.11-041411_4.14.11-041411.201801022143_all.deb
linux-headers-4.14.11-041411-generic_4.14.11-041411.201801022143_amd64.deb
linux-image-4.14.11-041411-generic_4.14.11-041411.201801022143_amd64.deb
Just download the three for your system, put them in a folder and do sudo dpkg -i *.deb, then reboot your PC.
Another thing you could consider (which is what I do), you can try using a rolling release distro. Antergos (https://antergos.com/) is great because it allows you to use pretty much any desktop environment with no setup (except for Unity) and it's Arch Linux based.