{"id":1687,"date":"2018-02-05T11:32:28","date_gmt":"2018-02-05T14:32:28","guid":{"rendered":"https:\/\/maurom.com\/blog\/?p=1687"},"modified":"2018-02-08T11:40:37","modified_gmt":"2018-02-08T14:40:37","slug":"kernel-with-kpti-and-full-retpoline-for-debian-stretch","status":"publish","type":"post","link":"https:\/\/maurom.com\/blog\/2018\/02\/05\/kernel-with-kpti-and-full-retpoline-for-debian-stretch\/","title":{"rendered":"Kernel with KPTI and full Retpoline for Debian Stretch"},"content":{"rendered":"<p>Durante enero salieron a la luz \u2013al menos para nosotros, simples mortales\u2013 las vulnerabilidades <a href=\"https:\/\/meltdownattack.com\/\">meltdown y spectre<\/a>, que ya son ampliamente conocidas. Las mitigaciones tardaron en aparecer \u2013y a\u00fan est\u00e1n trabajando en ello\u2013, pero teniendo en cuenta que los bugs <a href=\"http:\/\/www.zdnet.com\/article\/meltdown-spectre-malware-is-already-being-tested-by-attackers\/\">ya est\u00e1n siendo aprovechados in the wild<\/a>, conviene tener a mano algunos parches para zafar.<\/p>\n<p>Por ello aqu\u00ed dejo el \u00faltimo kernel con los parches <a href=\"https:\/\/en.wikipedia.org\/wiki\/Kernel_page-table_isolation\">KPTI<\/a> y <a href=\"https:\/\/support.google.com\/faqs\/answer\/7625886\">full Retpoline<\/a>, construido con un <a href=\"https:\/\/packages.debian.org\/sid\/gcc-7\">compilador compatible con <code>-mindirect-branch<\/code><\/a>, para ser instalado directamente sobre Debian GNU\/Linux 9 Stretch:<\/p>\n<ul>\n<li><a href=\"https:\/\/maurom.com\/blog\/2017\/11\/16\/kernels-nuevos-en-debian-stretch\/\">Kernels nuevos en Debian Stretch (now with full retpoline!)<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Durante enero salieron a la luz \u2013al menos para nosotros, simples mortales\u2013 las vulnerabilidades meltdown y spectre, que ya son ampliamente conocidas. Las mitigaciones tardaron en aparecer \u2013y a\u00fan est\u00e1n trabajando en ello\u2013, pero teniendo en cuenta que los bugs ya est\u00e1n siendo aprovechados in the wild, conviene tener a mano algunos parches para zafar. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[5,3,32,6],"_links":{"self":[{"href":"https:\/\/maurom.com\/blog\/wp-json\/wp\/v2\/posts\/1687"}],"collection":[{"href":"https:\/\/maurom.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/maurom.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/maurom.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/maurom.com\/blog\/wp-json\/wp\/v2\/comments?post=1687"}],"version-history":[{"count":5,"href":"https:\/\/maurom.com\/blog\/wp-json\/wp\/v2\/posts\/1687\/revisions"}],"predecessor-version":[{"id":1695,"href":"https:\/\/maurom.com\/blog\/wp-json\/wp\/v2\/posts\/1687\/revisions\/1695"}],"wp:attachment":[{"href":"https:\/\/maurom.com\/blog\/wp-json\/wp\/v2\/media?parent=1687"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/maurom.com\/blog\/wp-json\/wp\/v2\/categories?post=1687"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/maurom.com\/blog\/wp-json\/wp\/v2\/tags?post=1687"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}