Date: Tue, 16 Aug 2016 22:19:08 +0200 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2016-5696: linux kernel - challange ack information leak. On Tue, Aug 16, 2016 at 08:15:49PM +0200, Sona Sarmadi wrote: > > > On 2016-08-15 09:53, Greg KH wrote: > > On Mon, Aug 15, 2016 at 06:23:04AM +0000, Sona Sarmadi wrote: > >>>> This vulnerability is currently only fixed in mainline kernels (4.7 & > >>>> 4.8). Does anyone know if there is any work ongoing to backport this > >>>> fix to the older versions? > >>> I just added the fix for this issue to the stable kernel queues and it will > >>> show up in the next stable releases, in about 2 days after it passes all of > >>> the needed review. > >>> > >>> Hope this helps, > >>> > >>> greg k-h > >> Great, thanks, this helps :) > > You can _always_ just apply the patch to your local tree, there's never > > a need to wait for me to get a kernel out. That's the advantage of > > having the source for your systems :) > Yes, we can do that but sometimes the patches for newer kernels don't > apply cleanly on older versions. > There is always a risk that our home grown patches have undesired side > effects. We prefer your sign of approval on patches for older kernels :) Heh, fair enough. This fix is now in the kernels that were released today (4.7.1, 4.6.7, 4.4.18, and 3.14.76), hope that helps. greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ