Upgrade to Linux 4.19 with the Spectre v1 swapgs mitigations in Tails 3.16
We shipped 4.19.37-4 in 3.15. Since then, there was a security update for Buster (4.19.37-5+deb10u2) that mitigates the new Spectre v1 swapgs variant (CVE-2019-1125).
#16728 (closed) gave us 4.19.37-6 for free but it does not fix that security issue: sid instead got the fix via 5.2.7-1 (#16942 (closed)), which is probably too much of a change for our 3.16 bugfix release.
Feature Branch: bugfix/16970-spectre-v1-swapgs+force-all-tests
Related issues
- Related to #16942 (closed)
- Blocks #16209
-
Blocked by #16728 (closed)
Original created by @intrigeri on 16970 (Redmine)