---

Debian Stretch and Jessie Get Kernel Patches to Mitigate Meltdown Security Flaw

Last week, Debian GNU/Linux 9 “Stretch” users received the Linux kernel patch to mitigate the Meltdown security vulnerability (CVE-2017-5754) that affects billions of devices by allowing attackers to control unprivileged processes and read the memory from random addresses, including the kernel, as well as other processes running on the unpatched machine. To patch the issue, users had to update the kernel to version 4.9.65-3+deb9u2. In addition to the Meltdown patch, Debian Project also identified a regression for ancient userspaces that still use the vsyscall interface, such as containers and chroot environments using (e)glibc 2.13 and older versions, including those based on Red Hat Enterprise Linux 6, CentOS 6, and Debian 7 operating system series. However, they said a patch for this regression will be available in a later update, along with patches for Spectre security vulnerability.