Web lists-archives.com

Re: “Meltdown” and “Spectre”: Every modern processor has unfixable security flaws




On 2018-01-04 at 13:06, francis picabia wrote:

> On Thu, Jan 4, 2018 at 1:22 PM, Curt <curty@xxxxxxx> wrote:
> 
>> https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-
>> processor-has-unfixable-security-fladdws/U
>>
>>
>> TL;DR
>>
>>  Windows, Linux, and macOS have all received security patches that
>>  significantly alter how the operating systems handle virtual memory in
>>  order to protect against a hitherto undisclosed flaw.
> 
> AKA
> CVE-2017-5754

That's the CVE for just one of the vulnerabilities: Meltdown.

Spectre has two separate CVEs: CVE-2017-5753 and CVE-2017-5715

> Debian does not have this released as a kernel update yet in any release at
> this time.
> 
> https://security-tracker.debian.org/tracker/CVE-2017-5754

https://security-tracker.debian.org/tracker/CVE-2017-5753
https://security-tracker.debian.org/tracker/CVE-2017-5715

Same.

If I recall what I read earlier correctly, kernel 4.15 contains the
Meltdown mitigation, but no system-wide fix for Spectre is expected to
be possible.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man.         -- George Bernard Shaw

Attachment: signature.asc
Description: OpenPGP digital signature