Fixing Spectre/Meltdown in 14.2

Patrick has silently update the kernels in -stable releases to the latest kernel release found in kernel.org: 4.4.118. This release is known to fix the remaining Spectre/Meltdown vulnerabilities backported from mainline kernels, 4.15.x. Upstream developers are working to restore the performance penalty after the initial patch for KPTI may have significant performance loss up to 30%. It's still being baked and we might see them backported into older kernel releases, especially LTS version being used by many distributions.

I checked using the same script and now here's the results:

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)