Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Debian 8 Jessie DLA-1422-2 Critical: Linux Kernel Security Fix

debian lts
Calendar Grey July 15, 2018
Dist Debian Esm H88
Fixes the unsuccessful compilation for the armhf architecture, incorporating various security enhancements and suggestions for improvements.
The previous update to linux failed to build for the armhf (ARM EABI hard-float) architecture

Summary

CVE-2017-5715

Multiple researchers have discovered a vulnerability in various
processors supporting speculative execution, enabling an attacker
controlling an unprivileged process to read memory from arbitrary
addresses, including from the kernel and all other processes
running on the system.

This specific attack has been named Spectre variant 2 (branch
target injection) and is mitigated for the x86 architecture (amd64
and i386) by using new microcoded features.

This mitigation requires an update to the processor's microcode,
which is non-free. For recent Intel processors, this is included
in the intel-microcode package from version 3.20180425.1~deb8u1.
For other processors, it may be included in an update to the
system BIOS or UEFI firmware, or in a later update to the
amd64-microcode package.

This vulnerability was already mitigated for the x86 architecture
by the "retpoline" feature.

CVE-2017-5753

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

<pre><font face="Courier">Package: linux
Version: 3.16.57-2
CVE ID: CVE-2017-5715 CVE-2017-5753 CVE-2018-1066 CVE-2018-1093
Debian Bug: 898165

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here