Menu

sexta-feira, 16 de fevereiro de 2018

Debian libera correção para vulnerabilidade Meltdown e Spectre Variant 2


Acaba de sair a correção para as vulnerabilidade Meltdown e Spectre Variant 2 para os kernel Debian.
Confira nessa matéria como atualizar o seu sistema.








Meltdown e Spectre


The Register apontou que todos os computadores fabricados desde 1995 com chipsets Intel sofrem de graves vulnerabilidades que permitem que pessoas não autorizadas acessem áreas nas máquinas de usuários que não deveriam estar acessíveis para ninguém, muito menos para desconhecidos. Com a falha, quaisquer programas têm permissão para ler (e compartilhar!) os conteúdos protegidos. Isso se dá porque as falhas impactam o bom funcionamento do kernel, que é o núcleo do controle do sistema operacional e que conecta os aplicativos ao processador, memória e demais hardwares.
Fonte


Correção


No Debian o kernel recebeu as ultimas correções e o problema está sendo solucionado como podem ver na imagem abaixo.

Só resta agora a correção para o Spectre Variant 1





Changelog do kernel 4.14.17-1 disponibilizado nos repositórios unstable (SID).


linux (4.14.17-1) unstable; urgency=medium

* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.14
- dm bufio: fix shrinker scans when (nr_to_scan < retain_target) - can: gs_usb: fix return value of the "set_bittiming" callback - IB/srpt: Disable RDMA access by the initiator - IB/srpt: Fix ACL lookup during login - [mips*] Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task - [mips*] Factor out NT_PRFPREG regset access helpers - [mips*] Guard against any partial write attempt with PTRACE_SETREGSET - [mips*] Consistently handle buffer counter with PTRACE_SETREGSET - [mips*] Fix an FCSR access API regression with NT_PRFPREG and MSA - [mips*] Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET - [mips*] Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses - cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC (Closes: #888954) - [x86] kvm: vmx: Scrub hardware GPRs at VM-exit (partial mitigation of CVE-2017-5715, CVE-2017-5753) - [x86] platform: wmi: Call acpi_wmi_init() later - iw_cxgb4: only call the cq comp_handler when the cq is armed - iw_cxgb4: atomically flush the qp - iw_cxgb4: only clear the ARMED bit if a notification is needed - iw_cxgb4: reflect the original WR opcode in drain cqes - iw_cxgb4: when flushing, complete all wrs in a chain - [x86] acpi: Handle SCI interrupts above legacy space gracefully - ALSA: pcm: Remove incorrect snd_BUG_ON() usages - ALSA: pcm: Workaround for weird PulseAudio behavior on rewind error - ALSA: pcm: Add missing error checks in OSS emulation plugin builder - ALSA: pcm: Abort properly at pending signal in OSS read/write loops - ALSA: pcm: Allow aborting mutex lock at OSS read/write loops - ALSA: aloop: Release cable upon open error path - ALSA: aloop: Fix inconsistent format due to incomplete rule - ALSA: aloop: Fix racy hw constraints adjustment - [x86] acpi: Reduce code duplication in mp_override_legacy_irq() - 8021q: fix a memory leak for VLAN 0 device - ip6_tunnel: disable dst caching if tunnel is dual-stack - net: core: fix module type in sock_diag_bind - RDS: Heap OOB write in rds_message_alloc_sgs() (CVE-2018-5332) - RDS: null pointer dereference in rds_atomic_free_op (CVE-2018-5333) - net: fec: restore dev_id in the cases of probe error - net: fec: defer probe if regulator is not ready - net: fec: free/restore resource in related probe error pathes - sctp: do not retransmit upon FragNeeded if PMTU discovery is disabled - sctp: fix the handling of ICMP Frag Needed for too small MTUs - [arm64, armhf] net: stmmac: enable EEE in MII, GMII or RGMII only - ipv6: fix possible mem leaks in ipv6_make_skb() - net/sched: Fix update of lastuse in act modules implementing stats_update - ipv6: sr: fix TLVs not being copied using setsockopt - sfp: fix sfp-bus oops when removing socket/upstream - membarrier: Disable preemption when calling smp_call_function_many() - crypto: algapi - fix NULL dereference in crypto_remove_spawns() - rbd: reacquire lock should update lock owner client id - rbd: set max_segments to USHRT_MAX - iwlwifi: pcie: fix DMA memory mapping / unmapping - [x86] microcode/intel: Extend BDW late-loading with a revision check - [x86] KVM: Add memory barrier on vmcs field lookup - [powerpc*] KVM: Book3S PR: Fix WIMG handling under pHyp - [powerpc*] KVM: Book3S HV: Drop prepare_done from struct kvm_resize_hpt - [powerpc*] KVM: Book3S HV: Fix use after free in case of multiple resize requests - [powerpc*] KVM: Book3S HV: Always flush TLB in kvmppc_alloc_reset_hpt() - [x86] drm/vmwgfx: Don't cache framebuffer maps - [x86] drm/vmwgfx: Potential off by one in vmw_view_add() - [x86] drm/i915/gvt: Clear the shadow page table entry after post-sync - [x86] drm/i915: Whitelist SLICE_COMMON_ECO_CHICKEN1 on Geminilake. - [x86] drm/i915: Move init_clock_gating() back to where it was - [x86] drm/i915: Fix init_clock_gating for resume - bpf: prevent out-of-bounds speculation (partial mitigation of CVE-2017-5753) - bpf, array: fix overflow in max_entries and undefined behavior in index_mask - bpf: arsh is not supported in 32 bit alu thus reject it - [arm64, armhf] usb: misc: usb3503: make sure reset is low for at least 100us - USB: fix usbmon BUG trigger - USB: UDC core: fix double-free in usb_add_gadget_udc_release - usbip: remove kernel addresses from usb device and urb debug msgs - usbip: fix vudc_rx: harden CMD_SUBMIT path to handle malicious input - usbip: vudc_tx: fix v_send_ret_submit() vulnerability to null xfer buffer - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl (CVE-2017-13216) - mux: core: fix double get_device() - kdump: write correct address of mem_section into vmcoreinfo - apparmor: fix ptrace label match when matching stacked labels - [x86] pti: Unbreak EFI old_memmap - [x86] Documentation: Add PTI description - [x86] cpufeatures: Add X86_BUG_SPECTRE_V[12] - sysfs/cpu: Add vulnerability folder - [x86] cpu: Implement CPU vulnerabilites sysfs functions - [x86] tboot: Unbreak tboot with PTI enabled - [x86] mm/pti: Remove dead logic in pti_user_pagetable_walk*() - [x86] cpu/AMD: Make LFENCE a serializing instruction - [x86] cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC - [x86] alternatives: Fix optimize_nops() checking - [x86] pti: Make unpoison of pgd for trusted boot work for real - [x86] retpoline: Add initial retpoline support (partial mitigation of CVE-2017-5715) - [x86] spectre: Add boot time option to select Spectre v2 mitigation - [x86] retpoline/crypto: Convert crypto assembler indirect jumps - [x86] retpoline/entry: Convert entry assembler indirect jumps - [x86] retpoline/ftrace: Convert ftrace assembler indirect jumps - [x86] retpoline/hyperv: Convert assembler indirect jumps - [x86] retpoline/xen: Convert Xen hypercall indirect jumps - [x86] retpoline/checksum32: Convert assembler indirect jumps - [x86] retpoline/irq32: Convert assembler indirect jumps - [x86] retpoline: Fill return stack buffer on vmexit - [x86] pti: Fix !PCID and sanitize defines - [x86] perf: Disable intel_bts when PTI https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15 - tools/objtool/Makefile: don't assume sync-check.sh is executable - objtool: Fix seg fault with clang-compiled objects - objtool: Fix Clang enum conversion warning - objtool: Fix seg fault caused by missing parameter - [powerpc*] pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper - [powerpc*] 64: Add macros for annotating the destination of rfid/hrfid - [powerpc*] 64s: Simple RFI macro conversions - [powerpc*] 64: Convert the syscall exit path to use RFI_TO_USER/KERNEL - [powerpc*] 64: Convert fast_exception_return to use RFI_TO_USER/KERNEL - [powerpc*] 64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL - [powerpc*] 64s: Add support for RFI flush of L1-D cache - [powerpc*] 64s: Support disabling RFI flush with no_rfi_flush and nopti - [powerpc*] pseries: Query hypervisor for RFI flush settings - [powerpc*] powernv: Check device-tree for RFI flush settings - futex: Avoid violating the 10th rule of futex - futex: Prevent overflow by strengthen input validation (CVE-2018-6927) - ALSA: seq: Make ioctls race-free (CVE-2018-1000004) - ALSA: pcm: Remove yet superfluous WARN_ON() - ALSA: hda - Apply headphone noise quirk for another Dell XPS 13 variant - ALSA: hda - Apply the existing quirk to iMac 14,1 - IB/hfi1: Prevent a NULL dereference - RDMA/mlx5: Fix out-of-bound access while querying AH - timers: Unconditionally check deferrable base - af_key: fix buffer overread in verify_address_len() - af_key: fix buffer overread in parse_exthdrs() - iser-target: Fix possible use-after-free in connection establishment error - delayacct: Account blkio completion on the correct task - objtool: Fix seg fault with gold linker - [armhf] mmc: sdhci-esdhc-imx: Fix i.MX53 eSDHCv3 clock - [x86] kasan: Panic if there is not enough memory to boot - [x86] retpoline: Fill RSB on context switch for affected CPUs - [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros - objtool: Improve error message for bad file argument - [x86] cpufeature: Move processor tracing out of scattered features - [x86] intel_rdt/cqm: Prevent use after free - [x86] mm/pkeys: Fix fill_sig_info_pkey - [x86] idt: Mark IDT tables __initconst - [x86] tsc: Future-proof native_calibrate_tsc() - [x86] tsc: Fix erroneous TSC rate on Skylake Xeon - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit - [x86] apic/vector: Fix off by one in error path - [x86] mm: Clean up register saving in the __enc_copy() assembly code - [x86] mm: Use a struct to reduce parameters for SME PGD mapping - [x86] mm: Centralize PMD flags in sme_encrypt_kernel() - [x86] mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption - [armhf] OMAP3: hwmod_data: add missing module_offs for MMC3 - [x86] mm: Encrypt the initrd earlier for BSP microcode update - Input: ALPS - fix multi-touch decoding on SS4 plus touchpads - Input: synaptics-rmi4 - prevent UAF reported by KASAN - [armhf] Input: twl6040-vibra - fix child-node lookup - [armhf] Input: twl4030-vibra - fix sibling-node lookup - tracing: Fix converting enum's from the map in trace_event_eval_update() - phy: work around 'phys' references to usb-nop-xceiv devices - [arm64] dts: marvell: armada-cp110: Fix clock resources for various node - [armhf] sunxi_defconfig: Enable CMA - [armel] dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 - can: peak: fix potential bug in packet fragmentation - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA - proc: fix coredump vs read /proc/*/stat race - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices - workqueue: avoid hard lockups in show_workqueue_state() - [x86] drm/vmwgfx: fix memory corruption with legacy/sou connectors - dm btree: fix serious bug in btree_split_beneath() - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 - dm integrity: don't store cipher request on the stack - dm crypt: fix crash by adding missing check for auth key size - dm crypt: wipe kernel key copy after IV initialization - dm crypt: fix error return code in crypt_ctr() - [x86] x86: Use __nostackprotect for sme_encrypt_kernel - [alpha] PCI: Fix noname IRQ level detection - [mips*] CM: Drop WARN_ON(vp != 0) - [arm*] KVM: Check pagesize when allocating a hugepage at Stage 2 - [arm64] KVM: Fix SMCCC handling of unimplemented SMC/HVC calls - [x86] mce: Make machine check speculation protected - retpoline: Introduce start/end markers of indirect thunk - [x86] kprobes: Blacklist indirect thunk functions for kprobes - [x86] kprobes: Disable optimizing on the function jumps to indirect thunk - [x86] retpoline: Optimize inline assembler for vmexit_fill_RSB - [x86] mm: Rework wbinvd, hlt operation in stop_this_cpu() - mm, page_vma_mapped: Drop faulty pointer arithmetics in check_pte() - [arm64, armhf] net: mvpp2: do not disable GMAC padding - [mips]: AR7: ensure the port type's FCR value is used https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.16 - mm, page_alloc: fix potential false positive in __zone_watermark_ok - xfrm: Fix a race in the xdst pcpu cache. - Input: xpad - add support for PDP Xbox One controllers - Input: trackpoint - force 3 buttons if 0 button is reported - Input: trackpoint - only expose supported controls for Elan, ALPS and NXP - Btrfs: fix stale entries in readdir - [s390x] KVM: add proper locking for CMMA migration bitmap - [arm*] net: bpf: avoid 'bx' instruction on non-Thumb capable CPUs - [arm*] net: bpf: fix tail call jumps - [arm*] net: bpf: fix stack alignment - [arm*] net: bpf: move stack documentation - [arm*] net: bpf: correct stack layout documentation - [arm*] net: bpf: fix register saving - [arm*] net: bpf: fix LDX instructions - [arm*] net: bpf: clarify tail_call index - [arm64,armhf] drm/vc4: Fix NULL pointer dereference in vc4_save_hang_state() - net: Allow neigh contructor functions ability to modify the primary_key - ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY - dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL - ipv6: fix udpv6 sendmsg crash caused by too small MTU - ipv6: ip6_make_skb() needs to clear cork.base.dst - lan78xx: Fix failure in USB Full Speed - net: igmp: fix source address check for IGMPv3 reports - net: qdisc_pkt_len_init() should be more robust - net: tcp: close sock if net namespace is exiting - net/tls: Fix inverted error codes to avoid endless loop - net: vrf: Add support for sends to local broadcast address - pppoe: take ->needed_headroom of lower device into account on xmit
- r8169: fix memory corruption on retrieval of hardware statistics.
- sctp: do not allow the v4 socket to bind a v4mapped v6 address
- sctp: return error if the asoc has been peeled off in
sctp_wait_for_sndbuf
- tipc: fix a memory leak in tipc_nl_node_get_link()
- {net,ib}/mlx5: Don't disable local loopback multicast traffic when
needed
- net/mlx5: Fix get vector affinity helper function
- ppp: unlock all_ppp_mutex before registering device
- be2net: restore properly promisc mode after queues reconfiguration
- ip6_gre: init dev->mtu and dev->hard_header_len correctly
- gso: validate gso_type in GSO handlers
- tun: fix a memory leak for tfile->tx_array
- flow_dissector: properly cap thoff field
- sctp: reinit stream if stream outcnt has been change by sinit in sendmsg
- netlink: extack needs to be reset each time through loop
- net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare
- nfp: use the correct index for link speed table
- netlink: reset extack earlier in netlink_rcv_skb
- net/tls: Only attach to sockets in ESTABLISHED state
- tls: fix sw_ctx leak
- tls: return -EBUSY if crypto_info is already set
- tls: reset crypto_info when do_tls_setsockopt_tx fails
- net: ipv4: Make "ip route get" match iif lo rules again.
- vmxnet3: repair memory leak
- perf/x86/amd/power: Do not load AMD power module on !AMD platforms
- [x86] microcode/intel: Extend BDW late-loading further with LLC size
check
- [x86] microcode: Fix again accessing initrd after having been freed
- [x86] mm/64: Fix vmapped stack syncing on very-large-memory 4-level
systems
- hrtimer: Reset hrtimer cpu base proper on CPU hotplug
- bpf: introduce BPF_JIT_ALWAYS_ON config
- bpf: fix divides by zero
- bpf: fix 32-bit divide by zero
- bpf: reject stores into ctx via st and xadd
- [arm64] bpf: fix stack_depth tracking in combination with tail calls
- cpufreq: governor: Ensure sufficiently large sampling intervals
- nfsd: auth: Fix gid sorting when rootsquash enabled (CVE-2018-1000028)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.17
- futex: Fix OWNER_DEAD fixup
- loop: fix concurrent lo_open/lo_release (CVE-2018-5344)
- [x86] KVM: Fix CPUID function for word 6 (80000001_ECX)
- gpio: Fix kernel stack leak to userspace
- ALSA: hda - Reduce the suspend time consumption for ALC256
- crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
- [x86] crypto: aesni - handle zero length dst buffer
- [x86] crypto: aesni - fix typo in generic_gcmaes_decrypt
- crypto: gcm - add GCM IV size constant
- [x86] crypto: aesni - Use GCM IV size constant
- [x86] crypto: aesni - add wrapper for generic gcm(aes)
- [x86] crypto: aesni - Fix out-of-bounds access of the data buffer in
generic-gcm-aesni
- [x86] crypto: aesni - Fix out-of-bounds access of the AAD buffer in
generic-gcm-aesni
- [arm64] crypto: inside-secure - fix hash when length is a multiple of a
block
- [arm64] crypto: inside-secure - avoid unmapping DMA memory that was not
mapped
- crypto: sha3-generic - fixes for alignment and big endian operation
- crypto: af_alg - whitelist mask and type
- HID: wacom: EKR: ensure devres groups at higher indexes are released
- HID: wacom: Fix reporting of touch toggle (WACOM_HID_WD_MUTE_DEVICE)
events
- igb: Free IRQs when device is hotplugged
- ima/policy: fix parsing of fsuuid
- scsi: aacraid: Fix udev inquiry race condition
- scsi: aacraid: Fix hang in kdump
- VFS: Handle lazytime in do_mount()
- [arm64,armhf] drm/vc4: Account for interrupts in flight
- btrfs: Fix transaction abort during failure in btrfs_rm_dev_item
- Btrfs: bail out gracefully rather than BUG_ON
- cpupowerutils: bench - Fix cpu online check
- cpupower : Fix cpupower working when cpu0 is offline
- [x86] KVM: nVMX/nSVM: Don't intercept #UD when running L2
- [x86] KVM: emulator: Return to user-mode on L1 CPL=0 emulation failure
- [x86] KVM: Don't re-execute instruction when not passing CR2 value
- [x86] KVM: Fix operand/address-size during instruction decoding
- [x86] KVM: nVMX: Fix mmu context after VMLAUNCH/VMRESUME failure
- [x86] KVM: fix em_fxstor() sleeping while in atomic
- [x86] KVM: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race
- [x86] KVM: ioapic: Clear Remote IRR when entry is switched to
edge-triggered
- [x86] KVM: ioapic: Preserve read-only values in the redirection table
- [x86] KVM: nVMX: Fix vmx_check_nested_events() return value in case an
event was reinjected to L2
- nvme-fabrics: introduce init command check for a queue that is not alive
- nvme-fc: check if queue is ready in queue_rq
- nvme-loop: check if queue is ready in queue_rq
- nvme-pci: disable APST on Samsung SSD 960 EVO + ASUS PRIME B350M-A
- nvme-pci: avoid hmb desc array idx out-of-bound when hmmaxd set.
- nvmet-fc: correct ref counting error when deferred rcv used
- [s390x] topology: fix compile error in file arch/s390/kernel/smp.c
- [s390x] zcrypt: Fix wrong comparison leading to strange load balancing
- ACPI / bus: Leave modalias empty for devices which are not present
- null_blk: fix dev->badblocks leak
- [s390x] fix alloc_pgste check in init_new_context again
- rxrpc: The mutex lock returned by rxrpc_accept_call() needs releasing
- rxrpc: Provide a different lockdep key for call->user_mutex for kernel
calls
- rxrpc: Fix service endpoint expiry
- bcache: check return value of register_shrinker
- drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode
- [x86] drm/amdkfd: Fix SDMA ring buffer size calculation
- [x86] drm/amdkfd: Fix SDMA oversubsription handling
- uapi: fix linux/kfd_ioctl.h userspace compilation errors
- nvme-rdma: don't complete requests before a send work request has
completed
- openvswitch: fix the incorrect flow action alloc size
- [armhf] drm/rockchip: dw-mipi-dsi: fix possible un-balanced runtime PM
enable
- mac80211: use QoS NDP for AP probing
- mac80211: fix the update of path metric for RANN frame
- btrfs: fix deadlock when writing out space cache
- sctp: only allow the asoc reset when the asoc outq is empty
- sctp: avoid flushing unsent queue when doing asoc reset
- sctp: set sender next_tsn for the old result with ctsn_ack_point plus 1
- reiserfs: remove unneeded i_version bump
- [x86] KVM: Fix softlockup when get the current kvmclock
- [x86] KVM: VMX: Fix rflags cache during vCPU reset
- Btrfs: fix list_add corruption and soft lockups in fsync
- KVM: Let KVM_SET_SIGNAL_MASK work as advertised
- xfs: always free inline data before resetting inode fork during ifree
- xfs: log recovery should replay deferred ops in order
- xen-netfront: remove warning when unloading module
- nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)
- nfsd: Ensure we check stateid validity in the seqid operation checks
- grace: replace BUG_ON by WARN_ONCE in exit_net hook
- nfsd: check for use of the closed special stateid
- race of lockd inetaddr notifiers vs nlmsvc_rqst change
- lockd: fix "list_add double add" caused by legacy signal interface
- quota: propagate error from __dquot_initialize
- [arm64,armhf] net: mvpp2: fix the txq_init error path
- [arm64] net: phy: marvell10g: fix the PHY id mask
- bnxt_en: Fix an error handling path in 'bnxt_get_module_eeprom()'
- Btrfs: incremental send, fix wrong unlink path after renaming file
- nvme-pci: fix NULL pointer dereference in nvme_free_host_mem()
- xfs: fortify xfs_alloc_buftarg error handling
- drm/amdgpu: don't try to move pinned BOs
- quota: Check for register_shrinker() failure.
- SUNRPC: Allow connect to return EHOSTUNREACH
- kmemleak: add scheduling point to kmemleak_scan()
- [armhf] drm/omap: Fix error handling path in 'omap_dmm_probe()'
- [armhf] drm/omap: displays: panel-dpi: add backlight dependency
- xfs: ubsan fixes
- xfs: Properly retry failed dquot items in case of error during buffer
writeback
- perf/core: Fix memory leak triggered by perf --namespace
- scsi: aacraid: Prevent crash in case of free interrupt during scsi EH
path
- scsi: ufs: ufshcd: fix potential NULL pointer dereference in
ufshcd_config_vreg
- iwlwifi: mvm: fix the TX queue hang timeout for MONITOR vif type
- iwlwifi: fix access to prph when transport is stopped
- [arm*] dts: NSP: Disable AHCI controller for HR NSP boards
- [arm*] ARM: dts: NSP: Fix PPI interrupt types
- media: usbtv: add a new usbid
- [x86] xen: Support early interrupts in xen pv guests
- usb: gadget: don't dereference g until after it has been null checked
- staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID
- [arm64,armhf] drm/vc4: Move IRQ enable to PM path
- [x86] KVM: emulate #UD while in guest mode
- [x86] staging: lustre: separate a connection destroy from free struct
kib_conn
- tty: fix data race between tty_init_dev and flush of buf
- USB: serial: pl2303: new device id for Chilitag
- USB: cdc-acm: Do not log urb submission errors on disconnect
- CDC-ACM: apply quirk for card reader
- USB: serial: io_edgeport: fix possible sleep-in-atomic
- usbip: prevent bind loops on devices attached to vhci_hcd
- usbip: list: don't list devices attached to vhci_hcd
- USB: serial: simple: add Motorola Tetra driver
- usb: f_fs: Prevent gadget unbind if it is already unbound
- usb: uas: unconditionally bring back host after reset
- usb/gadget: Fix "high bandwidth" check in usb_gadget_ep_match_desc()
- [x86] mei: me: allow runtime pm for platform with D0i3
- serial: 8250_of: fix return code when probe function fails to get reset
- serial: 8250_uniphier: fix error return code in uniphier_uart_probe()
- [armhf] serial: imx: Only wakeup via RTSDEN bit if the system has
RTS/CTS
- [armhf] spi: imx: do not access registers while clocks disabled
- iio: adc: stm32: fix scan of multiple channels with DMA
- iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels
- test_firmware: fix missing unlock on error in
config_num_requests_store()
- Input: synaptics-rmi4 - unmask F03 interrupts when port is opened
- Input: synaptics-rmi4 - do not delete interrupt memory too early
- [x86] efi: Clarify that reset attack mitigation needs appropriate
userspace

[ Salvatore Bonaccorso ]
* [rt] Update to 4.14.15-rt11
* [rt] Update to 4.14.15-rt13
* crypto: ecc - Fix NULL pointer deref. on no default_rng (Closes: #886556)
* mac80211: Avoid ABI change in 4.14.17
* rxrpc: Avoid ABI change in 4.14.17

[ Ben Hutchings ]
* bpf: Avoid ABI change in 4.14.14
* usbip: Reduce USBIP_VHCI_HC_PORTS to 15, the maximum allowed for SuperSpeed
hubs (Closes: #878866)
* [x86] Add versioned build-dependency on gcc-7 for retpoline support
* [x86] linux-compiler-gcc-7-x86: Add versioned dependency on gcc-7 for
retpoline support
* linux-compiler-gcc-7-{arm,s390,x86}: Remove specific (and wrong) compiler
version from description (Closes: #883363)
* [x86] linux-headers: Depend on updated linux-compiler-gcc-7-x86

[ Riku Voipio ]
* [arm64] build in reset drivers
* [arm64] enable COMMON_CLK_HI655X so wifi and bluetooth work on Hikey

-- Salvatore Bonaccorso Wed, 14 Feb 2018 06:56:06 +0100





Atualização


Para Debian Buster híbrido com Unstable e Debian Unstable.

Para atualizar o seu kernel de o comando abaixo no terminal.

sudo apt install -t unstable linux-image-4.14.0-3-amd64 linux-headers-4.14.0-3-amd64

Para Debian Stable ( Stretch ) atualize o sistema com o comando abaixo.

OBS: Ainda não está disponível para o stable, mas vá buscando atualizações periodicamente que logo sobe os do Stable.
sudo apt update ; sudo apt full-upgrade
Reinicie o computador para carregar o novo kernel.


Teste

Para verificar a correção, instale o spectre-meltdown-checker como indicado na matéria abaixo.

spectre-meltdown-checker no Debian, Ubuntu e derivados





Donate - Contribua para a melhoria do nosso trabalho!!
















Nenhum comentário:

Postar um comentário