This backport does not include the following binary packages:
hyperv-daemons libcpupower1 libcpupower-dev libusbip-dev
linux-compiler-gcc-4.9-x86 linux-cpupower linux-libc-dev usbip
Older versions of most of those are built from other source packages
in Debian 8.
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
CVE-2017-5753
Further instances of code that was vulnerable to Spectre variant 1
(bounds-check bypass) have been mitigated.
CVE-2017-18255
It was discovered that the performance events subsystem did not
properly validate the value of the
kernel.perf_cpu_time_max_percent sysctl. Setting a large value
could have an unspecified security impact. However, only a
privileged user can set this sysctl.
CVE-2018-1118
The syzbot software found that the vhost driver did not initialise
message buffers which would later be read by user processes. A
Get the latest Linux and open source security news straight to your inbox.