On 5/15/19 2:51 PM, Ben Hutchings wrote: > On Wed, 2019-05-15 at 13:59 +0200, Thomas Goirand wrote: >> Hi, >> >> Probably Ben will reply to this one... >> >> Is it planned to upgrade intel-microcode and the kernel in Jessie, >> regarding CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091? > > I plan to update linux, and I have backported the mitigation to 3.16. > However I will need to do more testing of this before uploading, and > will probably wait until it has been through the stable review process. > > I have already uploaded linux-4.9 to match the stable security update. > > I expect that Henrique will handle the intel-microcode update as he has > done before. > > Note that stable branches older than 4.9 are not getting the > speculation mitigations for KVM, and should not be used with untrusted > guests (at least on Intel hardware). > > Ben.
Hi Ben, Thanks for your detailed answer. Cheers, Thomas Goirand (zigo)