Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> If you rely on any other kernel tree other than 4.4, 4.9, or 4.14 right now, and you do not have a distribution supporting you, you are out of luck.

So, if you are running a (still supported) Debian Jessie a simple apt-get upgrade isn't gonna cut it:-(



The debian security announcement for stretch says

> For the oldstable distribution (jessie), this problem will be fixed in a separate update.

You can check https://security-tracker.debian.org/tracker/CVE-2017-5754 whether the KPTI patch has been released for jessie.


As the Debian announcement says:

* https://lists.debian.org/debian-security-announce/2018/msg00... (https://news.ycombinator.com/item?id=16076175)

It's not the only operating system where the process is slightly more complex than a kernel update. Windows NT updates require the coöperation of other softwares on one's machine. (-:

* https://news.ycombinator.com/item?id=16076660


I'm not pointing at Debian. I think it is even possible to run Jessie with a current kernel, (which is quite cool) but I haven't tried it. I just upgraded all machines to Stretch and called it a day.

I just did the apt-get update; apt-get upgrade dance in a hurry yesterday and thought I might be good. My post was more a reminder to everyone not be lulled into a false sense of security...


I run (many) jessie systems with 4.9 kernels (still haven't made a 4.14 configuration). No problem at all.


You might want to bite the bullet and upgrade from 4.9, because the patches for 4.9 are not so rock solid: https://news.ycombinator.com/item?id=16087736


Well, you only need to cover yourself between now and whenever you can get your hands on an AMD chip. That cpu/board swap will be much more work anyway.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: