Debian GNU/Linux 9 “Stretch” Receives L1 Terminal Fault Mitigations, Update Now

According to the security advisory published on Monday, the new kernel security update addresses both CVE-2018-3620 and CVE-2018-3646 vulnerabilities, which are known as L1 Terminal Fault (L1TF) or Foreshadow. These vulnerabilities had an impact on normal systems, as well as virtualized operating systems, allowing a local attacker to expose sensitive information from the host OS or other guests. The Debian Project urges all Debian GNU/Linux 9 “Stretch” users to update their installations to the 4.9.110-3+deb9u3 kernel, which is now available from the main software repositories. However, to fully mitigate the L1 Terminal Fault (L1TF) vulnerabilities, the Debian Project recommends users to also install the latest microcode firmware update for Intel CPUs.