Hello Dan — thanks kindly, I had indeed not noticed…. I guess I’ll have a chance to test if the libelf-dev issue is really the fix when the patches do roll out.
In that vein, I would like to note that https://security-tracker.debian.org/tracker/CVE-2017-5754 <https://security-tracker.debian.org/tracker/CVE-2017-5754> makes no mention of bpo kernels in backports. Is this by design? Cheers! -- Boyan Penkov www.boyanpenkov.com > On Jan 7, 2018, at 18:44, Daniel Reichelt <deb...@nachtgeist.net> wrote: > > On 01/07/2018 07:47 PM, Boyan Penkov wrote: >> and a backport (4.14.0-bpo2) -- in light of meltdown -- > > To avoid a false sense of security: according to [1], [2], [3], the > current stretch-bpo kernel (linux-image-4.14.0-0.bpo.2-$arch) does *NOT* > yet include any mitigations against meltdown. > > Daniel > > > > [1] https://security-tracker.debian.org/tracker/CVE-2017-5753 > [2] https://security-tracker.debian.org/tracker/CVE-2017-5754 > [3] https://security-tracker.debian.org/tracker/CVE-2017-5715 >
