On 19 February 2018 at 18:24, Michael Lange <klappn...@freenet.de> wrote:
> Hi, > > On Mon, 19 Feb 2018 16:40:19 +0000 > Michael Fothergill <michael.fotherg...@gmail.com> wrote: > > > On 19 February 2018 at 14:10, Greg Wooledge <wool...@eeg.ccf.org> wrote: > > > > > On Mon, Feb 19, 2018 at 09:13:42PM +0800, Turritopsis Dohrnii Teo En > > > Ming wrote: > > > > What are the patches that I can download and install to be protected > > > > against the Meltdown and Spectre security vulnerabilities? > > > > > > Meltdown patch went out a month ago. > > > > > > Spectre, see here: > > > https://security-tracker.debian.org/tracker/CVE-2017-5753 > > > > > > Please excuse my extreme ignorance here, but there is something > > puzzling me a bit in the spectre web page...... > > > > For the sid entry, the table says the following: > > > > Source PackageReleaseVersionStatus > > sid 4.15.4-1 vulnerable > > > > I had thought up to now that e.g. kernel 4.15.4-1 was new enough that if > > you compiled it with gcc 7.3 then the spectre fix would then work. > > > > Does the status indicator here refer to the spectre problem? > > > > If it does why does it say vulnerable? > > There seems to be some confusion in this thread. > The page linked above refers to CVE-2017-5753 a.k.a. "Spectre-1". > Are you saying that this link: https://security-tracker.debian.org/tracker/CVE-2017-5753 which looks like it should be going to a spectre 1 fix is actually a discussion and tables etc of the spectre 2 fixes that are in the pipeline ie it is incorrectly labelled? Cheers MF > You mean CVE-2017-5715 a.k.a. "Spectre-2". > > Regards > > Michael > > .-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-. > > It would be illogical to assume that all conditions remain stable. > -- Spock, "The Enterprise Incident", stardate 5027.3 > >
