On 04/24/2018 02:40 AM, KatolaZ wrote:
> On Tue, Apr 24, 2018 at 09:49:33AM +0200, Arnt Karlsen wrote:
>> On Mon, 23 Apr 2018 11:30:27 -0700, Jimmy wrote in message
>> <2f1aa23a-84c9-a773-5555-58208a9a8c2d@???>:
>>
>>> On 04/23/2018 07:54 AM, chillfan wrote:
>>>> Great, thanks for the news.
>>>>
>>>> I'm hoping Debian will do a full rebuild to compile everything with
>>>> reptoline, as this seems a lot better to me than just mitigating
>>>> when a specific problem is found.
>>>
>>>

>>> Mitigation 2
>>>     * Kernel compiled with retpoline option:  YES
>>>     * Kernel compiled with a retpoline-aware compiler:  YES  (kernel
>>> reports full retpoline compilation)
>>>   > STATUS:  NOT VULNERABLE  (Mitigation: Full AMD retpoline)

>>
>> ..which linux-image .deb package, and which kernel version is that?
>> (As in: uname -rv &&dpkg -l |grep image |grep `uname -r`)
>>
>
> I am not sure I understand your question, but the latest
> linux-image-${ARCH} should pull the most recent Linux kernel. Those
> are already patched, both in jessie and in ascii.


That is true for ASCII but for Jessie amd64 only meltdown is patched.
When you install the back-port kernel on Jessie amd64 you get fully
patched, you can check this with the spectre-meltdown-checker. For
Jessie i386 stock kernel nothing is patched. Install the backports
kernel on Jessie i386 and spectre 1&2 are patched but 3 is not patched.

https://packages.debian.org/stretch-backports/all/spectre-meltdown-checker/download


Cheers,
--
Jimmy Johnson

Devuan Jessie - TDE Trinity R14.0.5 - Intel Pentium-4-M 1.9GHz - EXT4 at
sda2
Registered Linux User #380263