Re: CVE-2017-5754 - ETA?
On 2018-01-04 12:47:42 -0800, Don Armstrong wrote:
> On Thu, 04 Jan 2018, francis picabia wrote:
> > Redhat, Ubuntu and others have kernel updates available today for this
> > kernel patch that has been worked on since November. Normally Debian
> > has been quick out of the gate with security measures.
> >
> > Is there an ETA when Debian will update kernel packages?
>
> The DSA has been (will be shortly?) released for stable. Unstable,
> testing, and likely oldstable will probably follow soon.
> https://security-tracker.debian.org/tracker/DSA-4078-1
According to answers on
https://security.stackexchange.com/questions/176624/how-do-i-check-if-kpti-is-enabled-on-linux/176654
linux-image-4.9.0-5-amd64 4.9.65-3+deb9u2 is still vulnerable as shown
below:
# dmesg | grep -i isolation
# cat /sys/kernel/debug/x86/pti_enabled
cat: /sys/kernel/debug/x86/pti_enabled: No such file or directory
The command line is:
root=UUID=... ro console=ttyS0 console=hvc0 nomce loglevel=5 net.ifnames=0
thus KPTI is not disabled via the command line.
--
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Reply to: