diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2018-01-06 23:40:55 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2018-01-07 08:40:43 +0100 |
commit | 5c2db0783ad9dbfad157c3680ef4b82e442c2e1c (patch) | |
tree | 9be72980c850540fb6d6bf2d3d20e47eae7b9a86 /dsa-texts/4.9.65-3+deb9u2 | |
parent | e9f82634e077d51e5028dc4d6ca58fa32f8e15dc (diff) |
Add used DSA text for 4.9.65-3+deb9u2
Diffstat (limited to 'dsa-texts/4.9.65-3+deb9u2')
-rw-r--r-- | dsa-texts/4.9.65-3+deb9u2 | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/dsa-texts/4.9.65-3+deb9u2 b/dsa-texts/4.9.65-3+deb9u2 new file mode 100644 index 00000000..0d01baa5 --- /dev/null +++ b/dsa-texts/4.9.65-3+deb9u2 @@ -0,0 +1,28 @@ +Package : linux +CVE ID : CVE-2017-5754 + +Multiple researchers have discovered a vulnerability in Intel processors, +enabling an attacker controlling an unprivileged process to read memory from +arbitrary addresses, including from the kernel and all other processes running +on the system. + +This specific attack has been named Meltdown and is addressed in the Linux +kernel for the Intel x86-64 architecture by a patch set named Kernel Page Table +Isolation, enforcing a near complete separation of the kernel and userspace +address maps and preventing the attack. This solution might have a performance +impact, and can be disabled at boot time by passing `pti=off' to the kernel +command line. + +We also identified a regression for ancient userspaces using the vsyscall +interface, for example chroot and containers using (e)glibc 2.13 and older, +including those based on Debian 7 or RHEL/CentOS 6. This regression will be +fixed in a later update. + +The other vulnerabilities (named Spectre) published at the same time are not +addressed in this update and will be fixed in a later update. + +For the oldstable distribution (jessie), this problem will be fixed in a +separate update. + +For the stable distribution (stretch), this problem has been fixed in +version 4.9.65-3+deb9u2. |