Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?
Hi,
On Mon, 19 Feb 2018 16:40:19 +0000
Michael Fothergill <michael.fothergill@gmail.com> wrote:
> On 19 February 2018 at 14:10, Greg Wooledge <wooledg@eeg.ccf.org> wrote:
>
> > On Mon, Feb 19, 2018 at 09:13:42PM +0800, Turritopsis Dohrnii Teo En
> > Ming wrote:
> > > What are the patches that I can download and install to be protected
> > > against the Meltdown and Spectre security vulnerabilities?
> >
> > Meltdown patch went out a month ago.
> >
> > Spectre, see here:
> > https://security-tracker.debian.org/tracker/CVE-2017-5753
>
>
> Please excuse my extreme ignorance here, but there is something
> puzzling me a bit in the spectre web page......
>
> For the sid entry, the table says the following:
>
> Source PackageReleaseVersionStatus
> sid 4.15.4-1 vulnerable
>
> I had thought up to now that e.g. kernel 4.15.4-1 was new enough that if
> you compiled it with gcc 7.3 then the spectre fix would then work.
>
> Does the status indicator here refer to the spectre problem?
>
> If it does why does it say vulnerable?
There seems to be some confusion in this thread.
The page linked above refers to CVE-2017-5753 a.k.a. "Spectre-1".
You mean CVE-2017-5715 a.k.a. "Spectre-2".
Regards
Michael
.-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-.
It would be illogical to assume that all conditions remain stable.
-- Spock, "The Enterprise Incident", stardate 5027.3
Reply to: