Re: Spectre variants 3a and 4 on Debian 8
On 8/13/18 12:03 AM, John Naggets wrote:
> Hello,
>
> I would like to protect my SuperMicro SYS-5018R-MR server from the
> newest Spectre variants 3a and 4 and hence did the following:
>
> - updated SuperMicro BIOS to v3.1 from 06/06/2018 which explicitly
> addresses these 2 new variants based on their release notes
> - updated to the latest Debian 8.11 with the kernel 3.16.57-2 (2018-07-14)
> - added non-free/contrib repos and installed intel-microcode package
> - rebooted server
>
> Still after all that the spectre-meltdown-checker.sh script from
> meltdown.ovh still reports that my server is vulnearble to variants 3a
> and 4 and even to variant 3.
>
> Is it possible that this is related to me using Debian 8 with a Kernel 3.16?
>
> Another particularity from this server is that I am using Xen dom0
> hypervisor (official Xen 4.4 packages from Debian 8 repo). So maybe
> this is because of Xen?
>
> Best regards,
> John
>
Debian 8 is no longer officially supported. While it is maintained by
the LTS team, there is no guarantee that kernel 3.16.x will be mitigated
against spectre 3, 3a, and 4. You are advised to upgrade your server to
Debian 9.
Having said that...
There are still some Spectre variants that are not patched in Stretch or
Buster. You can track them here. My advice is, unfortunately, to wait
for a patch:
https://security-tracker.debian.org/tracker/source-package/linux
-Matt
Reply to: