Date: Tue, 16 Aug 2016 20:15:49 +0200 From: Sona Sarmadi <sona.sarmadi@...a.com> To: <oss-security@...ts.openwall.com> Subject: Re: CVE-2016-5696: linux kernel - challange ack information leak. On 2016-08-15 09:53, Greg KH wrote: > On Mon, Aug 15, 2016 at 06:23:04AM +0000, Sona Sarmadi wrote: >>>> This vulnerability is currently only fixed in mainline kernels (4.7 & >>>> 4.8). Does anyone know if there is any work ongoing to backport this >>>> fix to the older versions? >>> I just added the fix for this issue to the stable kernel queues and it will >>> show up in the next stable releases, in about 2 days after it passes all of >>> the needed review. >>> >>> Hope this helps, >>> >>> greg k-h >> Great, thanks, this helps :) > You can _always_ just apply the patch to your local tree, there's never > a need to wait for me to get a kernel out. That's the advantage of > having the source for your systems :) Yes, we can do that but sometimes the patches for newer kernels don't apply cleanly on older versions. There is always a risk that our home grown patches have undesired side effects. We prefer your sign of approval on patches for older kernels :) Cheers //Sona > > thanks, > > greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ