Re: [arch-security] Linux 3.14.3 (CVE-2014-0196)

Hi On Mon, May 12, 2014 at 8:36 AM, Pierre Schmitz <pierre@archlinux.de> wrote:

Am 08.05.2014 12:16, schrieb Xan:

...

Hi,

To everyone: this [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0196] affects us?

Thanks, Xan.

Yes, here is a working exploit: (tested on 3.14.3-1-ARCH) http://www.openwall.com/lists/oss-security/2014/05/12/3

I wonder why there is no new kernel release; seems pretty critical to me.

The fix is in the Linus tree (sha1=4291086b1f081b) and it is a green light to include it into Arch package.

Greetings,

Pierre

-- Pierre Schmitz, https://pierre-schmitz.com

_______________________________________________ arch-security mailing list arch-security@archlinux.org https://mailman.archlinux.org/mailman/listinfo/arch-security