Hi, On Mon, 19 Feb 2018 16:40:19 +0000 Michael Fothergill <michael.fotherg...@gmail.com> wrote:
> On 19 February 2018 at 14:10, Greg Wooledge <wool...@eeg.ccf.org> wrote: > > > On Mon, Feb 19, 2018 at 09:13:42PM +0800, Turritopsis Dohrnii Teo En > > Ming wrote: > > > What are the patches that I can download and install to be protected > > > against the Meltdown and Spectre security vulnerabilities? > > > > Meltdown patch went out a month ago. > > > > Spectre, see here: > > https://security-tracker.debian.org/tracker/CVE-2017-5753 > > > Please excuse my extreme ignorance here, but there is something > puzzling me a bit in the spectre web page...... > > For the sid entry, the table says the following: > > Source PackageReleaseVersionStatus > sid 4.15.4-1 vulnerable > > I had thought up to now that e.g. kernel 4.15.4-1 was new enough that if > you compiled it with gcc 7.3 then the spectre fix would then work. > > Does the status indicator here refer to the spectre problem? > > If it does why does it say vulnerable? There seems to be some confusion in this thread. The page linked above refers to CVE-2017-5753 a.k.a. "Spectre-1". You mean CVE-2017-5715 a.k.a. "Spectre-2". Regards Michael .-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-. It would be illogical to assume that all conditions remain stable. -- Spock, "The Enterprise Incident", stardate 5027.3
