Users are urged to update their installations immediately

Aug 28, 2018 13:14 GMT  ·  By

The Debian Project's Salvatore Bonaccorso informs users of the Debian GNU/Linux 9 "Stretch" operating system series about a fix for a regression causing boot failures on ARM architectures.

In a recent security advisory, Salvatore Bonaccorso writes that the last Linux kernel update released for Debian GNU/Linux 9 "Stretch" to mitigate the L1 Terminal Fault (L1TF) security vulnerabilities is causing boot failures for users on the ARM architecture.

Also known as Foreshadow, these security vulnerabilities are similar to the Spectre security vulnerabilities and allow an attacker that has access to an unprivileged process to read the memory from arbitrary addresses that aren't controlled by users, including from the kernel.

"Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults," read the original security advisory.

To mitigate the two L1TF security vulnerabilities (CVE-2018-3620 and CVE-2018-3646), users had to update their kernels to version 4.9.110-3+deb9u3 and also install the latest processors microcode firmware update from the Debian non-free repositories.

The patch is causing boot failures on some ARM systems, fix available

If you're using Debian GNU/Linux 9 "Stretch" on an ARM machine, and you updated the kernel package to the version mentioned above, you might have experienced boot failures. Therefore, a patch is now available to fix this regression via a new Linux kernel update.

"The security update announced as DSA 4279-1 caused regressions on the ARM architectures (boot failures on some systems). Updated packages are now available to correct this issue," reads the security advisory. "We recommend that you upgrade your linux packages."

To fix the regression on your ARM systems running Debian GNU/Linux 9 "Stretch," you must update the kernel to version 4.9.110-3+deb9u4. Make sure you reboot your machine after installing the new Linux kernel version in your system.