Debian GNU / Linux version of its Debian Project supported a new release of the Linux kernel security updates to address the impact of Intel CPU micro-architecture of the latest vulnerability.
As reported earlier this week, we found in the Linux kernel four new security vulnerabilities, they had an impact on Intel CPU, respectively CVE-2019-11135 , CVE-2018-12207 , CVE-2019-0154 and -2019-0155 CVE ,, which may lead to privilege escalation, information disclosure and denial of service.
It urged users to update their systems immediately
Debian project proposal Debian GNU / Linux 9 "Stretch" and Debian GNU / Linux 10 "Buster" all users of the operating system update to install a new Linux kernel version as soon as possible, to Debian Stretch is 4.9.189-3 + deb9u2, for Debian Buster is 4.19.67-2 + deb10u2.
Users should also consider the following facts: the impact transactional memory (TSX) of an Intel CPU CVE-2019-11135 security vulnerabilities requires the latest version of Intel's microcode for Debian Stretch systems 3.20191112.1~deb9u1, for Debian Buster system is 3.20191112 .1~deb10u1.
"This update provides an updated CPU microcode for certain types of Intel CPU. In particular, it provides mitigation measures TAA (TSX asynchronous abort) vulnerability for the affected CPU, to complete remission of the vulnerability must also update Linux kernel package. "read the security bulletin .
请注意,只有Debian非免费存储库才提供Debian GNU/Linux系统的最新intel-microcode更新。但是,Debian项目注意到以下事实:它也可以作为系统固件(BIOS)更新的一部分提供。安装新的Linux内核和intel-microcode版本后,要重新启动系统。