Re: how to prevent security update installation during stretch installation

David Christensen wrote: > Why not? I guess because he's in China and internet costs relatively much there.

Re: how to prevent security update installation during stretch installation

f the point of the netinst media. Of course, another aspect of the way updates work in Debian is that when a point update is made all the security updates (and generally quite a few high priority non-security updates) become part of the stable release with an increased version number. For example

Re: how to prevent security update installation during stretch installation

On 07/31/2018 05:42 PM, Roberto C. Sánchez wrote: On Tue, Jul 31, 2018 at 05:36:41PM -0700, David Christensen wrote: One possibility is to configure your Internet gateway to block traffic between the host and the Internet, and then install from CD-1, DVD-*, BD-*, etc., media. An easier appro

Re: how to prevent security update installation during stretch installation

On Tue, Jul 31, 2018 at 05:36:41PM -0700, David Christensen wrote: > > One possibility is to configure your Internet gateway to block traffic > between the host and the Internet, and then install from CD-1, DVD-*, BD-*, > etc., media. > An easier approach would be that when the installer asks "W

Re: how to prevent security update installation during stretch installation

On 07/31/2018 02:56 PM, Long Wind wrote: i plan to install debian by network Okay. i don't like security update, Why not? how to do it? Thanks! One possibility is to configure your Internet gateway to block traffic between the host and the Internet, and then install from CD-1

Re: Warning: Debian/testing full-upgrade removes security packages!

t mourn,. that packages are > > dienstalled, > > this may happen in testing. I mourned,m that almost ALL SECURITY related > > packages are deinstalled. And I would have nothing said, if it would have > > been > > one or maybe two, bat ALL most important rootkit w

Re: Warning: Debian/testing full-upgrade removes security packages!

Henrique de Moraes Hols writes: > Same goes for dist-upgrade. dist-upgrade/full-upgrade will more > aggressively attempt to remove packages than the alternatives > safe-upgrade and upgrade. I always do "upgrade" and look at what did not get upgraded and why. I then sometimes follow with "full-up

Re: Warning: Debian/testing full-upgrade removes security packages!

On Sun, Jul 15, 2018 at 06:07:32PM +0200, Hans wrote: > Am Sonntag, 15. Juli 2018, 17:43:47 CEST schrieb Henrique de Moraes Holschuh: > > Maybe I was not clear enough. I did not mourn,. that packages are > dienstalled, > this may happen in testing. I mourned,m that almost ALL S

Re: Warning: Debian/testing full-upgrade removes security packages!

Am Sonntag, 15. Juli 2018, 17:43:47 CEST schrieb Henrique de Moraes Holschuh: Maybe I was not clear enough. I did not mourn,. that packages are dienstalled, this may happen in testing. I mourned,m that almost ALL SECURITY related packages are deinstalled. And I would have nothing said, if it

Re: Warning: Debian/testing full-upgrade removes security packages!

On Sun, 15 Jul 2018, The Wanderer wrote: > >> be warned: Wheh you do apt full-upgrade, > > > > You're in testing: what are you "full-upgrade"-ing to and why? > > To testing, of course. Eh, I believe the meant that as "why are you using full-upgrade instead of safe-upgrade or upgrade" (depending

Re: Warning: Debian/testing full-upgrade removes security packages!

On 2018-07-15 at 10:09, David Wright wrote: > On Sun 15 Jul 2018 at 07:49:36 (+0200), Hans wrote: > >> Hi folks, >> >> be warned: Wheh you do apt full-upgrade, > > You're in testing: what are you "full-upgrade"-ing to and why? To testing, of course. Just because you're running testing doesn't

Re: Warning: Debian/testing full-upgrade removes security packages!

On Sun 15 Jul 2018 at 07:49:36 (+0200), Hans wrote: > Hi folks, > > be warned: Wheh you do apt full-upgrade, You're in testing: what are you "full-upgrade"-ing to and why? > then most security tools, we rely on, > are deinstallesd. These are rkhunter

Re: Warning: Debian/testing full-upgrade removes security packages!

On 07/15/2018 02:49 PM, Hans wrote: > be warned: Wheh you do apt full-upgrade, then most security tools, we rely > on, > are deinstallesd. These are rkhunter, chrootkit, autopsy, tripwire, > needrestart and tiger. Also forensics-full and forensics-all are deinstalled > (howe

Warning: Debian/testing full-upgrade removes security packages!

Hi folks, be warned: Wheh you do apt full-upgrade, then most security tools, we rely on, are deinstallesd. These are rkhunter, chrootkit, autopsy, tripwire, needrestart and tiger. Also forensics-full and forensics-all are deinstalled (however, this might have other reasons). This is no good

Re: firefox-esr security update for Jessie?

On Wed, Jun 27, 2018 at 06:37:51PM -0400, Ed Jabbour wrote: >I see that firefox-esr has a security update. It is only for Stretch. What >are we Jessie users to do? A member of the LTS team is working on it. Regards, -Roberto -- Roberto C. Sánchez

firefox-esr security update for Jessie?

I see that firefox-esr has a security update. It is only for Stretch. What are we Jessie users to do?

Re: .deb packages and security

security concerns when installing a .deb package "manually" (using gdebi for example) ? Do you trust the provider of the *deb package? If so, you should be fine. If you want to take it a step farther, see if there's a (sha256) checksum for the package. Note that checksum (

Re: .deb packages and security

On 6/4/2018 3:09 PM, Dan Purgert wrote: Anil Duggirala wrote: hello, I know installing .deb packages downloaded from websites is not a good practice in terms of software management in Debian. I would like to know if I should have security concerns when installing a .deb package "man

Re: .deb packages and security

Anil Duggirala wrote: > hello, > I know installing .deb packages downloaded from websites is not a good > practice in terms of software management in Debian. I would like to > know if I should have security concerns when installing a .deb package > "manually" (using gde

Re: .deb packages and security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Jun 04, 2018 at 07:20:34AM -0500, Anil Duggirala wrote: > hello, > I know installing .deb packages downloaded from websites is not a good > practice in terms of software management in Debian. I would like to know if I > should h

.deb packages and security

hello, I know installing .deb packages downloaded from websites is not a good practice in terms of software management in Debian. I would like to know if I should have security concerns when installing a .deb package "manually" (using gdebi for example) ? Is it possible that by downl

Re: Debian home security programs?

intercom where  people would buzz my code  which dialed my land line   phone allowing me to communicate with them before, at that time, letting them in the building. So, I am wondering if I could combine a Linux home security program with a wireless intercom,  or doorbell / intercom combination that

Re: Debian home security programs?

dwelling > is a sort of intercom where people would buzz my code which dialed > my land line phone allowing me to communicate with them before, at > that time, letting them in the building. > So, I am wondering if I could combine a Linux home security program > with a w

Re: Debian home security programs?

phone allowing me to communicate with them before, at that time, letting them in the building. So, I am wondering if I could combine a Linux home security program with a wireless intercom, or doorbell / intercom combination that might create the same effect? I am not interested in video, just a way

Debian home security programs?

dialed my land line phone allowing me to communicate with them before, at that time, letting them in the building. So, I am wondering if I could combine a Linux home security program with a wireless intercom, or doorbell / intercom combination that might create the same effect? I am not

[SECURITY] [DSA 2038-1] New pidgin packages fix denial of service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-2038-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst April 18, 2010

Re: openvpn client DNS security

On Thu, Apr 05, 2018 at 11:48:51AM +0200, Roger Price wrote: > Hi, I had a problem setting up DNS on an openvpn client. I'll describe it > here before submitting a bug report - I would appreciate comment on the > security aspects. > > > Looking more closely at script /et

openvpn client DNS security

Hi, I had a problem setting up DNS on an openvpn client. I'll describe it here before submitting a bug report - I would appreciate comment on the security aspects. In the stretch openvpn server (2.4.0-6+deb9u2) the configuration file server.conf contains the declarations: push

Re: Chaniging focus: security ouitside a password manager (was: Re: Password Manager opinions and recommendations)

On Mon 02 Apr 2018 at 09:07:16 -0400, rhkra...@gmail.com wrote: > Just continuing to think (or maybe not think ;-) about password managers / > password security, changing the focus slightly (I think) but keeping the same > thread. > > I'm now thinking about the security (

Re: Chaniging focus: security ouitside a password manager

On 4/3/18, Richard Hector wrote: > On 03/04/18 01:07, rhkra...@gmail.com wrote: >> the plaintext passwords would >> disappear from RAM (except to the extent that (iiuc) there are (NSA) ways >> to >> recover the contents of RAM if power is restored to the machine fairly >> quickly). > > I'm not sur

Re: Chaniging focus: security ouitside a password manager

On Tuesday, April 03, 2018 01:50:45 AM Richard Hector wrote: > On 03/04/18 01:07, rhkra...@gmail.com wrote: > > the plaintext passwords would > > disappear from RAM (except to the extent that (iiuc) there are (NSA) ways > > to recover the contents of RAM if power is restored to the machine > > fair

Re: Chaniging focus: security ouitside a password manager (was: Re: Password Manager opinions and recommendations)

On Mon 02 Apr 2018 at 09:07:16 -0400, rhkra...@gmail.com wrote: > Just continuing to think (or maybe not think ;-) about password managers / > password security, changing the focus slightly (I think) but keeping the same > thread. > > I'm now thinking about the security (

Re: Chaniging focus: security ouitside a password manager

On 03/04/18 01:07, rhkra...@gmail.com wrote: > the plaintext passwords would > disappear from RAM (except to the extent that (iiuc) there are (NSA) ways to > recover the contents of RAM if power is restored to the machine fairly > quickly). I'm not sure you actually need to be the NSA for that.

Re: Chaniging focus: security ouitside a password manager (was: Re: Password Manager opinions and recommendations)

Am 02. Apr, 2018 schwätzte rhkra...@gmail.com so: moin moin, Just continuing to think (or maybe not think ;-) about password managers / password security, changing the focus slightly (I think) but keeping the same thread. I'm now thinking about the security (or vulnurability) of pass

Re: Chaniging focus: security ouitside a password manager

rhkra...@gmail.com writes: >* during copy and paste operations, the plaintext password could > remain on the C&P "stack". thus making it vulnurable: Some notes: > > (1) I've read about at least one password manager that, somehow, > deletes the plaintext password from the copy and paste "

Re: Chaniging focus: security ouitside a password manager (was: Re: Password Manager opinions and recommendations)

Thanks to tomas, Roberto, and likcoras! All good points! I'm embarrassed to admit that I hadn't thought (at least to the best of my recent recollection) of the need to encrypt swap--that's something I'll want to deal with soon. On Monday, April 02, 2018 09:15:08 AM to...@tuxteam.de wrote: > O

Re: Chaniging focus: security ouitside a password manager

On 04/02/2018 10:07 PM, rhkra...@gmail.com wrote: >* during copy and paste operations, the plaintext password could remain on > the C&P "stack". thus making it vulnurable: Some notes: This is a semi-valid concern, depends on your usage patterns. For example, some browsers may expose a JS API

Re: Chaniging focus: security ouitside a password manager (was: Re: Password Manager opinions and recommendations)

getting swapped to disk. However, when you use the wide variety of applications that take passwords as input, you necessarily trust that the developers are using all the appropriate facilities to securely handle the password and also to securely wipe it from memory. Some applications, I trust b

Re: Chaniging focus: security ouitside a password manager (was: Re: Password Manager opinions and recommendations)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Apr 02, 2018 at 09:07:16AM -0400, rhkra...@gmail.com wrote: > Just continuing to think (or maybe not think ;-) about password managers / [...] I don't know of the others (I never felt the need for a PW manager myself) but... >* during

Chaniging focus: security ouitside a password manager (was: Re: Password Manager opinions and recommendations)

Just continuing to think (or maybe not think ;-) about password managers / password security, changing the focus slightly (I think) but keeping the same thread. I'm now thinking about the security (or vulnurability) of passwords during "normal" usage--I mean, I'm thinking

Re: stretch security updates

On 11/03/18 14:38, Felix Natter wrote: > hi, Hi, Felix. > I had a wrong configuration in sources.list (for about half a year :-(): > > deb http://security.debian.org/ stretch/updates main contrib non-free > deb-src http://security.debian.org/ stretch/updates main contrib non-free I am using t

Re: stretch security updates

n contrib non-free > > which I corrected now: > > deb http://security.debian.org/debian-security/ stretch/updates main contrib > non-free > deb-src http://security.debian.org/debian-security/ stretch/updates main > contrib non-free > I think that either form is fine. I

stretch security updates

hi, I had a wrong configuration in sources.list (for about half a year :-(): deb http://security.debian.org/ stretch/updates main contrib non-free deb-src http://security.debian.org/ stretch/updates main contrib non-free which I corrected now: deb http://security.debian.org/debian-security

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On 2018-02-19 14:10:14 +, Brad Rogers wrote: > If anyone wants to check their (linux) system specifically for the > current state of spectre+meltdown mitigation on a given machine then > have a look here: > > https://github.com/speed47/spectre-meltdown-checker > > Really simple instructions a

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On Mon, 26 Feb 2018, Curt wrote: > What does that mean 'bugs : cpu_meltdown spectre_v1 spectre_v2 > exactly? It it is supposed to mean your processor has those defects. It does not say anything about the mitigation strategy being employed to avoid those defects. Obviously, that thing i

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On 2018-02-23, Reco wrote: > So it seems. New kernel came today with the usual 'apt update && apt > upgrade' routine: > > $ uname -r > 4.9.0-6-amd64 > > $ grep bug /proc/cpuinfo > bugs: cpu_meltdown spectre_v1 spectre_v2 > ... What does that mean 'bugs : cpu_meltdown spectr

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

* Kernel supports Page Table Isolation (PTI): YES * PTI enabled and active: NO * Running under Xen PV (64 bits): NO > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable) A false sense of security is worse than no security at all, see --disclaimer djt /hom

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On Fri, 23 Feb 2018 16:27:23 + Michael Fothergill wrote: > > ​Sure enough, looking at the spectre meltdown checker on the kernel I am > using in gentoo > shows the ​ > > ​retpoline is enabled and that the vulnerability status is "not > vulnerable". > > ​It's not recent enough a kernel to a

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On Fri, 23 Feb 2018 16:40:00 + Michael Fothergill wrote: (...) > > * Mitigation 2 > > * Kernel compiled with retpoline option: YES > > * Kernel compiled with a retpoline-aware compiler: YES (kernel > > reports full retpoline compilation) > > > STATUS: NOT VULNERABLE (Mitigation: Full

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On 23 February 2018 at 16:28, Michael Lange wrote: > Hi, > > On Fri, 23 Feb 2018 16:52:12 +0100 > Felipe Salvador wrote: > > (...) > > > CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' > > > * Mitigated according to the /sys interface: YES (kernel confirms > > > that the mitiga

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

el compiled with a retpoline-aware compiler: YES (kernel reports > full retpoline compilation) > * Retpoline enabled: YES > > STATUS: NOT VULNERABLE (Mitigation: Full AMD retpoline) > > CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' > * Mit

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

Hi, On Fri, 23 Feb 2018 16:52:12 +0100 Felipe Salvador wrote: (...) > > CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' > > * Mitigated according to the /sys interface: YES (kernel confirms > > that the mitigation is active) > > * Mitigation 1 > > * Kernel is compiled with IB

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On 23 February 2018 at 14:14, Michael Fothergill < michael.fotherg...@gmail.com> wrote: > > > On 23 February 2018 at 14:05, mlnl wrote: > >> Hi, >> >> > ​Can it be true? A version of gcc that runs on stretch that will >> > compile the latest fancy spectre fixes etc? >> >> with latest vanilla ker

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On Fri, Feb 23, 2018 at 03:05:18PM +0100, mlnl wrote: > Hi, > > > ​Can it be true? A version of gcc that runs on stretch that will > > compile the latest fancy spectre fixes etc? > > with latest vanilla kernel 4.15.4 and updated gcc-6: > > CVE-2017-5753 [bounds check bypass] aka 'Spectre Varian

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On 23 February 2018 at 14:05, mlnl wrote: > Hi, > > > ​Can it be true? A version of gcc that runs on stretch that will > > compile the latest fancy spectre fixes etc? > > with latest vanilla kernel 4.15.4 and updated gcc-6: > > CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' > * Miti

Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

> > > > > > > > > > > Do you have any clue on when the gcc fix for stretch is to be > > > released ? > > > > > > > > > > > > Actually the retpoline-compliant kernel is ready, and gcc fixes > for > > > > >

Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

o be > > released ? > > > > > > > > > > Actually the retpoline-compliant kernel is ready, and gcc fixes for > > > > stretch > > > > > seem to have already been implemented. So I dunno what is still > > blocking > > > > > the

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

Hi, > ​Can it be true? A version of gcc that runs on stretch that will > compile the latest fancy spectre fixes etc? with latest vanilla kernel 4.15.4 and updated gcc-6: CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' * Mitigated according to the /sys interface: YES (kernel confir

Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

> > stretch > > > > seem to have already been implemented. So I dunno what is still > blocking > > > > the release. :'( > > > > > > https://www.debian.org/security/2018/dsa-4120 > > > > > > ​Can it be true? A version of gcc that runs on stretch t

apt vs apt-get (was: Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?)

Hi. On Fri, Feb 23, 2018 at 08:54:31AM -0500, Greg Wooledge wrote: > On Fri, Feb 23, 2018 at 04:42:01PM +0300, Reco wrote: > > So it seems. New kernel came today with the usual 'apt update && apt > > upgrade' routine: > > > > $ uname -r > > 4.9.0-6-amd64 > > You mean "apt (or apt-get) di

Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On Fri, Feb 23, 2018 at 04:42:01PM +0300, Reco wrote: > So it seems. New kernel came today with the usual 'apt update && apt > upgrade' routine: > > $ uname -r > 4.9.0-6-amd64 You mean "apt (or apt-get) dist-upgrade", right? /me tries it on a different computer that hasn't dist-upgraded yet...

Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

e any clue on when the gcc fix for stretch is to be released ? > > > > > > Actually the retpoline-compliant kernel is ready, and gcc fixes for > > stretch > > > seem to have already been implemented. So I dunno what is still blocking > > > the release. :&#

Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

l is ready, and gcc fixes for > stretch > > seem to have already been implemented. So I dunno what is still blocking > > the release. :'( > > https://www.debian.org/security/2018/dsa-4120 ​Can it be true? A version of gcc that runs on stretch that will compile the latest fancy spectre fixes etc? ​Cheers MF > > > Reco > >

Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

d. So I dunno what is still blocking > the release. :'( https://www.debian.org/security/2018/dsa-4120 Reco

Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On 21 February 2018 at 17:46, Julien Aubin wrote: > Hi, > > Do you have any clue on when the gcc fix for stretch is to be released ? > > Actually the retpoline-compliant kernel is ready, and gcc fixes for > stretch seem to have already been implemented. So I dunno what is still > blocking the rel

Re: Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

Hi, Do you have any clue on when the gcc fix for stretch is to be released ? Actually the retpoline-compliant kernel is ready, and gcc fixes for stretch seem to have already been implemented. So I dunno what is still blocking the release. :'( Thanks a lot.

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

Hi Stephen, On Tue, Feb 20, 2018 at 10:09:52AM +0100, Stephan Seitz wrote: > On Di, Feb 20, 2018 at 05:09:12 +, Andy Smith wrote: > >CVE-2017-5753 is Spectre v1. There is no fix for Spectre v1 anywhere > >yet, not even in Linux upstream. > > Are you sure? […] > >STATUS: NOT VULNERABLE (Mi

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On 20 February 2018 at 10:01, Michael Lange wrote: > Hi, > > On Tue, 20 Feb 2018 08:05:19 + > Michael Fothergill wrote: > > > ​For me at any rate if the new version of gcc 4.9 makes it easier for a > > new user to get access to that portion of Spectre vulnerability jointly > > with the the a

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On Tue, Feb 20, 2018 at 04:52:45AM +, Andy Smith wrote: > Versions of gcc that have the retpoline feature backported into them > have already hit stable and oldstable (and maybe others; haven't > checked), Just oldstable, actually. Not stable yet. <https://www.debian.org/

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

Hi, On Tue, 20 Feb 2018 08:05:19 + Michael Fothergill wrote: > ​For me at any rate if the new version of gcc 4.9 makes it easier for a > new user to get access to that portion of Spectre vulnerability jointly > with the the availability of Meltdown as is, then as I said I would be > very ple

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On Di, Feb 20, 2018 at 05:09:12 +, Andy Smith wrote: CVE-2017-5753 is Spectre v1. There is no fix for Spectre v1 anywhere yet, not even in Linux upstream. Are you sure? CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' * Mitigated according to the /sys interface: YES (kernel co

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

gt; wanted > > > to see if the "spectre-2" fix has arrived in debian, for this one you > > > will have to look here: > > > > > > https://security-tracker.debian.org/tracker/CVE-2017-5715 > > > > ​No, we were not looking for it. I think a joint f

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

one you > > will have to look here: > > > > https://security-tracker.debian.org/tracker/CVE-2017-5715 > > ​No, we were not looking for it. I think a joint fix for meltdown and > spectre 1 would fit the bill at present . They are different bugs with different fixes. No

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

Hello, > On 19 February 2018 at 13:13, Turritopsis Dohrnii Teo En Ming < > tdteoenm...@gmail.com> wrote: > > > What are the patches that I can download and install to be protected > > against the Meltdown and Spectre security vulnerabilities? The linux-kernel-* packag

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On Monday 19 February 2018 15:43:16 Greg Wooledge wrote: > On Mon, Feb 19, 2018 at 03:27:36PM -0500, Gene Heskett wrote: > > On Monday 19 February 2018 13:31:46 Michael Lange wrote: > > > apt-get install spectre-meltdown-checker > > > > not available for stretch on arm64, why? > > Because this pac

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On Mon, 19 Feb 2018 15:43:16 -0500 Greg Wooledge wrote: > On Mon, Feb 19, 2018 at 03:27:36PM -0500, Gene Heskett wrote: > > On Monday 19 February 2018 13:31:46 Michael Lange wrote: > > > apt-get install spectre-meltdown-checker > > not available for stretch on arm64, why? > > Because this packag

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On 19 February 2018 at 19:10, Michael Lange wrote: > Hi, > > On Mon, 19 Feb 2018 18:46:15 + > Michael Fothergill wrote: > > > Are you saying that this link: > > ​ > > https://security-tracker.debian.org/tracker/CVE-2017-5753 > > > > ​which looks

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On Mon, Feb 19, 2018 at 03:27:36PM -0500, Gene Heskett wrote: > On Monday 19 February 2018 13:31:46 Michael Lange wrote: > > apt-get install spectre-meltdown-checker > not available for stretch on arm64, why? Because this package did not exist at the time stretch was frozen. Nor even at the time s

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On Monday 19 February 2018 13:31:46 Michael Lange wrote: > Hi, > > On Mon, 19 Feb 2018 14:10:14 + > Brad Rogers wrote: > > (...) > > > If anyone wants to check their (linux) system specifically for the > > current state of spectre+meltdown mitigation on a given machine then > > have a look he

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

Hi, On Mon, 19 Feb 2018 18:46:15 + Michael Fothergill wrote: > Are you saying that this link: > ​ > https://security-tracker.debian.org/tracker/CVE-2017-5753 > > ​which looks like it should be going to a spectre 1 fix is actually a > discussion and tables etc > of the

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On Mon, 19 Feb 2018 19:31:46 +0100 Michael Lange wrote: Hello Michael, >With debian it is even simpler: >apt-get install spectre-meltdown-checker >sudo spectre-meltdown-checker I hadn't realised it was in the repos. -- Regards _ / ) "The blindingly obvious is / _)

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

n > > > Ming wrote: > > > > What are the patches that I can download and install to be protected > > > > against the Meltdown and Spectre security vulnerabilities? > > > > > > Meltdown patch went out a month ago. > > > > > > Spec

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

Hi, On Mon, 19 Feb 2018 14:10:14 + Brad Rogers wrote: (...) > If anyone wants to check their (linux) system specifically for the > current state of spectre+meltdown mitigation on a given machine then > have a look here: > > https://github.com/speed47/spectre-meltdown-checker > > Really sim

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

gt; > > > > > For instance, just today said patch was applied to the Debian stable > > > version of gcc, gcc-4.9: > > > > > > https://www.debian.org/security/2018/dsa-4117 I believe gcc-4.9 is "oldstable" (Jessie). Regards Michael .-.. .. .

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

and install to be protected > > > against the Meltdown and Spectre security vulnerabilities? > > > > Meltdown patch went out a month ago. > > > > Spectre, see here: > > https://security-tracker.debian.org/tracker/CVE-2017-5753 > > > ​Please excuse my extrem

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

was new enough that if > > > you compiled it with gcc 7.3 then the spectre fix would then work. > > > > Not unless you apply the retpoline patch to the gcc. > > > > For instance, just today said patch was applied to the Debian stable > > version of gcc, gcc

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

k. > > Not unless you apply the retpoline patch to the gcc. > > For instance, just today said patch was applied to the Debian stable > version of gcc, gcc-4.9: > > https://www.debian.org/security/2018/dsa-4117 > > Reco > > ​Doesn't that mean that if you installed

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

, just today said patch was applied to the Debian stable version of gcc, gcc-4.9: https://www.debian.org/security/2018/dsa-4117 Reco

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On 19 February 2018 at 14:10, Greg Wooledge wrote: > On Mon, Feb 19, 2018 at 09:13:42PM +0800, Turritopsis Dohrnii Teo En Ming > wrote: > > What are the patches that I can download and install to be protected > > against the Meltdown and Spectre security vulnerabilities? >

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

here now and there may well be one that deals >with both the meltdown and spectre vaulbnerabilities jointly. > No!! That is not at all how the backports repository is intended to be used. I have been maintaining Debian packages for many years and I have on occasion uploaded backp

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On Mon, 19 Feb 2018 21:13:42 +0800 Turritopsis Dohrnii Teo En Ming wrote: Hello Turritopsis, >What are the patches that I can download and install to be protected >against the Meltdown and Spectre security vulnerabilities? First, you might want to check whether your system is vulnerabl

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On Mon, Feb 19, 2018 at 09:13:42PM +0800, Turritopsis Dohrnii Teo En Ming wrote: > What are the patches that I can download and install to be protected > against the Meltdown and Spectre security vulnerabilities? Meltdown patch went out a month ago. Spectre, see here: https://se

Re: Is Debian Linux protected against the Meltdown and Spectre security flaws?

On 19 February 2018 at 13:13, Turritopsis Dohrnii Teo En Ming < tdteoenm...@gmail.com> wrote: > What are the patches that I can download and install to be protected > against the Meltdown and Spectre security vulnerabilities? > > ===BEGIN SIGNATURE=== > > Turritops

Is Debian Linux protected against the Meltdown and Spectre security flaws?

What are the patches that I can download and install to be protected against the Meltdown and Spectre security vulnerabilities? ===BEGIN SIGNATURE=== Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 30 Oct 2017 [1] https://tdtemcerts.wordpress.com/ [2]

Re: end of security support for wheezy LTS

On Tue, Feb 13, 2018 at 02:28:51PM -0500, Gene Heskett wrote: On a secondary note, I see armel and armhf? listed there, but what about arm64 since there are now, shipping versions of arm64 out in the wild for at least a year. The first Debian release to support arm64 is the current one. Freexia

Re: end of security support for wheezy LTS

On 02/13/2018 06:47 PM, Gene Heskett wrote: I agree Deloptes, debian's newer releases are generally better, if the ever increasing paranoia can be worked around. The major problems are with the difficulties in building and installing, a newer, realtime kernel for machine control usage, when the

Re: end of security support for wheezy LTS

/media/slash/home/rock64/v4.14.15-rt13$ ls arch COPYING defconfig firmware initKconfig MAINTAINERS modules.builtin net scripts tools block CREDITS Documentation fsipc kernel Makefile modules.orderREADME security usr certs crypto driversi

Re: end of security support for wheezy LTS

Gene Heskett wrote: > That, and fighting with my printer because theres no pdf of this doco, > > Hi, agreed that staged boot on non i386 machines is really fun. At least with raspberri and the Geode thing I used PXE boot to test the kernel itse

Re: end of security support for wheezy LTS

On Tuesday 13 February 2018 18:06:31 Dan Ritter wrote: > On Tue, Feb 13, 2018 at 02:28:51PM -0500, Gene Heskett wrote: > > Those prices would appear to be aimed at a corporate setting, as > > opposed to something that a retiree on SS might be able to afford, > > nor is the plea taken as being aime

Re: end of security support for wheezy LTS

On Tuesday 13 February 2018 17:02:10 deloptes wrote: > Gene Heskett wrote: > > I wouldn't but they are running stretch just fine once I'd killed > > light-locker. > > I upgraded last year my 10y old Geode with 256MB RAM from wheezy to > jessie to stretch. As this Geode machine is 586 with a strang

<    2   3   4   5   6   7   8   9   10   11   >