Mitigate Foreshadow aka. L1 Terminal Fault vulnerabilities
A recent and very severe vulnerability has been revealed that allows arbitrary memory reads. The mitigations (both for userspace and hypervisors) were submitted to the Linux kernel in commit 958f338e96f874a0d29442396d6adf9c1e17aa2d. For non-hypervisors, the fix is simple and has no performance impact. It is important that Tails upgrade its kernel to mitigate this nasty vulnerability.
- https://security-tracker.debian.org/tracker/CVE-2018-3615 (only affects Intel SGX, which we don't use)
- https://security-tracker.debian.org/tracker/CVE-2018-3646 (only affects virtualization, which we don't use)
Upgrade Linux to 4.17.15-1 (refs: #15796).
This is the first Debian kernel with the fixes for CVE-2018-3620
aka. Foreshadow aka. L1 Terminal Fault vulnerabilities.
Bump snapshots of the Debian APT archive to 2018081901 (refs: #15796).
This is needed to get linux-image-4.17.0-3-amd64 (4.17.17-1),
which fixes issues introduced in 4.17.15-1.
Enable the bugfix-15796-foreshadow-force-all-tests APT overlay (refs: #15796).
I should update my branch to include Linux 4.17.17-1. Linux 4.17.17 was released with only 1 new commit to fix a regression that seems important: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.17