14 DAY TRIAL // The Debian Project has released patched versions of its Linux kernel and intel-microcode packages for the stable Debian GNU/Linux 9 "Stretch" operating system series to address the recently disclosed Intel MDS security vulnerabilities.
On May 14th, Intel disclosed four new security vulnerabilities affecting several of its Intel CPUs, which could allow attackers to leak sensitive information if the system remains unpatched. Intel has worked with major OS vendors and device manufactures to quickly deploy feasible solutions for mitigating these flaws, and now patches are available for users of the Debian GNU/Linux 9 "Stretch" operating system series.
"Multiple researchers have discovered vulnerabilities in the way the Intel processor designs have implemented speculative forwarding of data filled into temporary microarchitectural structures (buffers). This flaw could allow an attacker controlling an unprivileged process to read sensitive information, including from the kernel and all other processes running on the system or cross guest/host boundaries to read host memory," reads the security advisory.
Users urged to update their Debian systems immediately
The Debian Project urges all users of the stable Debian GNU/Linux 9 "Stretch" operating system series to update their installations as soon as possible to the latest Linux kernel version 4.9.168-1+deb9u2 and intel-microcode firmware 3.20190514.1~deb9u1. To fully mitigate these new security vulnerabilities, both packages need to be installed on your Debian GNU/Linux 9 "Stretch" computers.
Please note that the new intel-microcode version is only available in the Debian non-free repository, which you'll have to enable to patch your computer against the MSBDS, MFBDS, MLPDS and MDSUM (a.k.a. CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091) hardware vulnerabilities. The new Linux kernel update also includes a fix for a regression causing deadlocks inside the loopback driver.