Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

[Michael Fothergill <michael.fothergill@gmail.com>]

On 19 February 2018 at 14:10, Greg Wooledge <wooledg@eeg.ccf.org> wrote:

On Mon, Feb 19, 2018 at 09:13:42PM +0800, Turritopsis Dohrnii Teo En Ming wrote:
> What are the patches that I can download and install to be protected
> against the Meltdown and Spectre security vulnerabilities?

Meltdown patch went out a month ago.

Spectre, see here:
https://security-tracker.debian.org/tracker/CVE-2017-5753

​Please excuse my extreme ignorance here, but there is something puzzling me a bit in the spectre web page......

For the sid entry, the table says the following:

Source Package	Release	Version	Status

sid                                             4.15.4-1    vulnerable

I had thought up to now that e.g. kernel 4.15.4-1 was new enough that if you compiled it with gcc 7.3 then the spectre fix would then work.

Does the status indicator here refer to the spectre problem?

If it does why does it say vulnerable?

Is there something else causing a problem or barrier here that means you can't use gcc 7.3 with what seems to be source code for this kernel

(maybe it's not the kernel source, please correct me here) or some other confounding factor here?

Regards

MF

             

​