The Debian Project released new major Linux kernel patches for the Debian GNU/Linux 8 "Jessie" and Debian GNU/Linux 9 "Stretch" operating system series to address a total of 27 security vulnerabilities, including an 8-year-old privilege escalation flaw.First and foremost, the security update again patches Debian GNU/Linux's kernel against both variants of the Spectre vulnerability (CVE-2017-5715 and CVE-2017-5753). These could allow an attacker that has control over an unprivileged process to read memory from arbitrary addresses, including kernel memory.
While Spectre Variant 2 was mitigated for the x86 architecture (amd64 and i386) via the retpoline compiler feature, Spectre Variant 1 was mitigated by first identifying the vulnerable code sections and then replacing the array access with the speculation-safe array_index_nospec() function.
Another important bug (read more)
from Softpedia News / Linux https://ift.tt/2FC2pJZ
via IFTTT
No comments:
Post a Comment