Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Aug 2016 20:15:49 +0200
From: Sona Sarmadi <sona.sarmadi@...a.com>
To: <oss-security@...ts.openwall.com>
Subject: Re: CVE-2016-5696: linux kernel - challange ack
 information leak.



On 2016-08-15 09:53, Greg KH wrote:
> On Mon, Aug 15, 2016 at 06:23:04AM +0000, Sona Sarmadi wrote:
>>>> This vulnerability is currently only fixed in mainline kernels (4.7 &
>>>> 4.8). Does anyone know if there is any work ongoing to backport this
>>>> fix to the  older versions?
>>> I just added the fix for this issue to the stable kernel queues and it will
>>> show up in the next stable releases, in about 2 days after it passes all of
>>> the needed review.
>>>
>>> Hope this helps,
>>>
>>> greg k-h
>> Great, thanks, this helps :)
> You can _always_ just apply the patch to your local tree, there's never
> a need to wait for me to get a kernel out.  That's the advantage of
> having the source for your systems :)
Yes, we can do that but sometimes the patches for newer kernels don't
apply cleanly on older versions.
There is always a risk that our home grown patches have undesired side
effects. We prefer your sign of approval on patches for older kernels :)

Cheers
//Sona

>
> thanks,
>
> greg k-h

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ