[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal: Rebuilding 4.19 from Upstream LTS kernel

On Wed, 2022-08-31 at 13:10 +0200, Leon Gehling wrote:
> Hello everybody.
> It seems like the newest side-channel Attacks regarding speculative code 
> executing https://www.debian.org/security/2022/dsa-5207 arent fixed yet 
> in the current Buster kernel.  The are fixies in the upstream 4.19 LTS 
> Kernel
> I am no Maintainer or anything, can somebody initiate this ?

I will update the 4.19 package soon, and will include a fix for the
PBRSB (CVE-2022-26373) issue.  However, RETbleed (CVE-2022-29900 and
CVE-2022-29901) has not been fixed for 4.19 and probably never will be.
If you are hosting untrusted VMs then I strongly encourage you to use
Linux 5.10 or later.


Ben Hutchings
Unix is many things to many people,
but it's never been everything to anybody.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: