Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 17 Aug 2016 14:16:21 +0200
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2016-5696: linux kernel - challange ack
 information leak.

On Wed, Aug 17, 2016 at 11:54:56AM +0000, Sona Sarmadi wrote:
> 
> > > > You can _always_ just apply the patch to your local tree, there's
> > > > never a need to wait for me to get a kernel out.  That's the
> > > > advantage of having the source for your systems :)
> > > Yes, we can do that but sometimes the patches for newer kernels don't
> > > apply cleanly on older versions.
> > > There is always a risk that our home grown patches have undesired side
> > > effects. We prefer your sign of approval on patches for older kernels
> > > :)
> > 
> > Heh, fair enough.  This fix is now in the kernels that were released today
> > (4.7.1, 4.6.7, 4.4.18, and 3.14.76), hope that helps.
> > 
> > greg k-h
> 
> Thanks a lot Greg, yes this helps :) I could apply  patch from linux-3.14.y branch 
> to linux-3.12.y as well (the code looks similar). 

Note, I got the patch a bit wrong, it's not as fast as it could be,
here's an update to put on top of the one you took from 3.14.y:
	https://git.kernel.org/cgit/linux/kernel/git/stable/stable-queue.git/commit/?id=e09bea58ec0552dbbf71fb22bf7a46da9a288fc8

thanks,

greg k-h

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ