Errata overview
Errata ID 321
Date 2018-04-04
Source package gcc-4.9
Fixed in version 4.9.2-10+deb8u1
This update addresses the following issue:
* Systems with microprocessors utilizing speculative execution and indirect
  branch prediction may allow unauthorized disclosure of information to an
  attacker with local user access via a side-channel analysis (CVE-2017-5715)
This update adds the infrastructure to the C compiler for using "retpoline".
The compiler can be used to mitigate the "Spectre 2" vulnerability by
re-compiling susceptible binaries until fixed CPUs or fixed CPU micro code
updates are available from the CPU vendors.
Additional notes The compiler itself is NOT vulnerable.
UCS Bug number #46209