Re: Security update in Jessie for intel-microcode and linux?
On 5/15/19 2:51 PM, Ben Hutchings wrote:
> On Wed, 2019-05-15 at 13:59 +0200, Thomas Goirand wrote:
>> Probably Ben will reply to this one...
>> Is it planned to upgrade intel-microcode and the kernel in Jessie,
>> regarding CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091?
> I plan to update linux, and I have backported the mitigation to 3.16.
> However I will need to do more testing of this before uploading, and
> will probably wait until it has been through the stable review process.
> I have already uploaded linux-4.9 to match the stable security update.
> I expect that Henrique will handle the intel-microcode update as he has
> done before.
> Note that stable branches older than 4.9 are not getting the
> speculation mitigations for KVM, and should not be used with untrusted
> guests (at least on Intel hardware).
Thanks for your detailed answer.
Thomas Goirand (zigo)