Users are urged to update their systems immediately

Aug 20, 2018 20:38 GMT  ·  By

The Debian Project released today a new Linux kernel security update for Debian GNU/Linux 9 "Stretch" users to address the recently disclosed L1 Terminal Fault vulnerabilities.

According to the security advisory published on Monday, the new kernel security update addresses both CVE-2018-3620 and CVE-2018-3646 vulnerabilities, which are known as L1 Terminal Fault (L1TF) or Foreshadow. These vulnerabilities had an impact on normal systems, as well as virtualized operating systems, allowing a local attacker to expose sensitive information from the host OS or other guests.

"Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults. This flaw could allow an attacker controlling an unprivileged process to read memory from arbitrary (non-user controlled) addresses," reads today's security advisory.

Latest Intel microcode firmware update required

The Debian Project urges all Debian GNU/Linux 9 "Stretch" users to update their installations to the 4.9.110-3+deb9u3 kernel, which is now available from the main software repositories. However, to fully mitigate the L1 Terminal Fault (L1TF) vulnerabilities, the Debian Project recommends users to also install the latest microcode firmware update for Intel CPUs.

Users must install the intel-microcode 3.20180703.2~deb9u1 release from the Debian non-free repositories, which also includes Speculative Store Bypass Disable (SSBD) support to mitigate both the Spectre Variant 4 and Variant 3a security vulnerabilities. Keep in mind that you need to reboot your computer after installing the new kernel and intel-microcode versions.

The Debian Project recently celebrated 25th anniversary since the Debian GNU/Linux operating system was first announced by late Ian Murdock, the founder and father of Debian. Debian GNU/Linux 9.5 "Stretch" is the latest stable release of the Linux-based operating system, which is available for download from our software portal for new installations.