Univention Bugzilla – Bug 46188
linux: Multiple security issues (4.1)
Last modified: 2018-01-31 14:34:52 CET
We should backport Kernel 4.9.78 to UCS 4.1-5 +++ This bug was initially created as a clone of Bug #46029 +++ * cpu: speculative execution bounds-check bypass (CVE-2017-5753) * cpu: speculative execution branch target injection (CVE-2017-5715)CVE-2017-5715 Will probably require this: - linux kernel update - µcode update for Intel and AMD - gcc update - qemu update - libvirtupdate After that backport for UCS-4.1 +++ This bug was initially created as a clone of Bug #45981 +++
8e7c4cb: Advisories, copied from branch 4.2-3 and adjusted: * linux.yaml * univention-kernel-image-signed.yaml * univention-kernel-image.yaml Manual package update and reboot looked good: * UCS 4.1-5 VM amd64 > Spectre V2 mitigation: Mitigation: Full generic retpoline * UCS 4.1-5 VM i386 > Spectre V2 mitigation: Filling RSB on context switch > Spectre V2 mitigation: Mitigation: Full generic retpoline Updated via univention-install univention-kernel-image
OK - amd64/i386 (4.1-5 with ext updates) OK - univention-install univention-kernel-image with 4.2-3 repo updates linux, univention-kernel-image and univention-kernel-image-signed OK - reboot OK - YAML files
<http://errata.software-univention.de/ucs/4.1/496.html> <http://errata.software-univention.de/ucs/4.1/497.html> <http://errata.software-univention.de/ucs/4.1/498.html>