On 2018-01-04 12:47:42 -0800, Don Armstrong wrote: > On Thu, 04 Jan 2018, francis picabia wrote: > > Redhat, Ubuntu and others have kernel updates available today for this > > kernel patch that has been worked on since November. Normally Debian > > has been quick out of the gate with security measures. > > > > Is there an ETA when Debian will update kernel packages? > > The DSA has been (will be shortly?) released for stable. Unstable, > testing, and likely oldstable will probably follow soon. > https://security-tracker.debian.org/tracker/DSA-4078-1
According to answers on https://security.stackexchange.com/questions/176624/how-do-i-check-if-kpti-is-enabled-on-linux/176654 linux-image-4.9.0-5-amd64 4.9.65-3+deb9u2 is still vulnerable as shown below: # dmesg | grep -i isolation # cat /sys/kernel/debug/x86/pti_enabled cat: /sys/kernel/debug/x86/pti_enabled: No such file or directory The command line is: root=UUID=... ro console=ttyS0 console=hvc0 nomce loglevel=5 net.ifnames=0 thus KPTI is not disabled via the command line. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
