Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Update securedrop kernels to 4.4.161+ #3838
Securedrop instances are currently running 4.4.144 kernels.
L1TF and Spectre v4, as well as multiple local privilege escalations vulnerabilities (CVE-2018-0919 and CVE-2018-14634) were fixed after the release of those kernels. While the vulnerabilities above require local code execution to exploit, we should still upgrade the kernel packages.
As a securedrop admin, I would like to have the latest kernel for my securedrop instance.
Attempted a build of 4.4.159 kernel, unfortunately it does not boot on a NUC, it hangs on a black screen right after grub. This is likely not a config issue, as there's a 2-line diff in the config from 4.4.144 to 4.4.159. I will wait for 4.4.160 to be released and see if I can reproduce, and debug if necessary.