Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Debian: LTS 3.16.57-1 Critical: Linux Kernel Threat Mitigations

debian lts
Calendar Grey July 14, 2018
Dist Debian Esm H88
Multiple security flaws patched in the Linux kernel, affecting privilege elevation, denial of service issues, and potential information disclosure.
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks

Summary

CVE-2017-5715

Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.

This specific attack has been named Spectre variant 2 (branch
target injection) and is mitigated for the x86 architecture (amd64
and i386) by using new microcoded features.

This mitigation requires an update to the processor's microcode,
which is non-free. For recent Intel processors, this is included
in the intel-microcode package from version 3.20180425.1~deb8u1.
For other processors, it may be included in an update to the
system BIOS or UEFI firmware, or in a later update to the
amd64-microcode package.

This vulnerability was already mitigated for the x86 architecture
by the "retpoline" feature.

CVE-2017-5753

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: linux
Version: 3.16.57-1
CVE ID: CVE-2017-5715 CVE-2017-5753 CVE-2018-1066 CVE-2018-1093
Debian Bug: 898165

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here