[arch-security] Linux 3.14.3 (CVE-2014-0196)
Hi, To everyone: this [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0196] affects us? Thanks, Xan.
Am 08.05.2014 12:16, schrieb Xan:
Hi,
To everyone: this [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0196] affects us?
Thanks, Xan.
Yes, here is a working exploit: (tested on 3.14.3-1-ARCH) http://www.openwall.com/lists/oss-security/2014/05/12/3 I wonder why there is no new kernel release; seems pretty critical to me. Greetings, Pierre -- Pierre Schmitz, https://pierre-schmitz.com
Hi On Mon, May 12, 2014 at 8:36 AM, Pierre Schmitz <pierre@archlinux.de> wrote:
Am 08.05.2014 12:16, schrieb Xan:
Hi,
To everyone: this [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0196] affects us?
Thanks, Xan.
Yes, here is a working exploit: (tested on 3.14.3-1-ARCH) http://www.openwall.com/lists/oss-security/2014/05/12/3
I wonder why there is no new kernel release; seems pretty critical to me.
The fix is in the Linus tree (sha1=4291086b1f081b) and it is a green light to include it into Arch package.
Greetings,
Pierre
-- Pierre Schmitz, https://pierre-schmitz.com
_______________________________________________ arch-security mailing list arch-security@archlinux.org https://mailman.archlinux.org/mailman/listinfo/arch-security
On Mon, 12 May 2014 08:41:00 -0700 Anatol Pomozov <anatol.pomozov@gmail.com> ha escrit:
Yes, here is a working exploit: (tested on 3.14.3-1-ARCH) http://www.openwall.com/lists/oss-security/2014/05/12/3
I wonder why there is no new kernel release; seems pretty critical to me.
Thanks, for the checking. So it seems very concerning...
The fix is in the Linus tree (sha1=4291086b1f081b) and it is a green light to include it into Arch package.
If anyone could patch the mainline kernel. I'm just a begginer user... Thanks, anyway, Xan.
Am 13.05.2014 14:40, schrieb Xan:
On Mon, 12 May 2014 08:41:00 -0700 Anatol Pomozov <anatol.pomozov@gmail.com> ha escrit:
Yes, here is a working exploit: (tested on 3.14.3-1-ARCH) http://www.openwall.com/lists/oss-security/2014/05/12/3
I wonder why there is no new kernel release; seems pretty critical to me.
Thanks, for the checking. So it seems very concerning...
The fix is in the Linus tree (sha1=4291086b1f081b) and it is a green light to include it into Arch package.
If anyone could patch the mainline kernel. I'm just a begginer user...
Thanks, anyway, Xan. _______________________________________________ arch-security mailing list arch-security@archlinux.org https://mailman.archlinux.org/mailman/listinfo/arch-security
as stated by https://wiki.archlinux.org/index.php/CVE-2014 it is fixed in the mainline kernel. still there is one supported kernel missing: linux-lts. does the recent rebuild of linux-lts (3.10.39-2) incorporating the fix? thanks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 05/13/2014 08:43 AM, G. Schlisio wrote:
Am 13.05.2014 14:40, schrieb Xan:
On Mon, 12 May 2014 08:41:00 -0700 Anatol Pomozov <anatol.pomozov@gmail.com> ha escrit:
Yes, here is a working exploit: (tested on 3.14.3-1-ARCH) http://www.openwall.com/lists/oss-security/2014/05/12/3
I wonder why there is no new kernel release; seems pretty critical to me.
Thanks, for the checking. So it seems very concerning...
The fix is in the Linus tree (sha1=4291086b1f081b) and it is a green light to include it into Arch package.
If anyone could patch the mainline kernel. I'm just a begginer user...
Thanks, anyway, Xan. _______________________________________________ arch-security mailing list arch-security@archlinux.org https://mailman.archlinux.org/mailman/listinfo/arch-security
as stated by https://wiki.archlinux.org/index.php/CVE-2014 it is fixed in the mainline kernel. still there is one supported kernel missing: linux-lts. does the recent rebuild of linux-lts (3.10.39-2) incorporating the fix? thanks _______________________________________________ arch-security mailing list arch-security@archlinux.org https://mailman.archlinux.org/mailman/listinfo/arch-security
To all, I reported that a while ago, should I be pressing these emails? Regards, Mark -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlNyVkUACgkQZ/Z80n6+J/bwggEAi/HRPxc9UyO7QvT0CjhI2fQ/ UXFAWUMUMMsLbkKrVH4A/2/IYfhT0AeVHfGcBwEuqLbJEeaYwYJAT573OwvP+cJh =vZSB -----END PGP SIGNATURE-----
On 14/05/14 03:28, Mark Lee wrote:
On 05/13/2014 08:43 AM, G. Schlisio wrote:
Am 13.05.2014 14:40, schrieb Xan:
On Mon, 12 May 2014 08:41:00 -0700 Anatol Pomozov <anatol.pomozov@gmail.com> ha escrit:
Yes, here is a working exploit: (tested on 3.14.3-1-ARCH) http://www.openwall.com/lists/oss-security/2014/05/12/3
I wonder why there is no new kernel release; seems pretty critical to me.
Thanks, for the checking. So it seems very concerning...
The fix is in the Linus tree (sha1=4291086b1f081b) and it is a green light to include it into Arch package.
If anyone could patch the mainline kernel. I'm just a begginer user...
Thanks, anyway, Xan. _______________________________________________ arch-security mailing list arch-security@archlinux.org https://mailman.archlinux.org/mailman/listinfo/arch-security
as stated by https://wiki.archlinux.org/index.php/CVE-2014 it is fixed in the mainline kernel. still there is one supported kernel missing: linux-lts. does the recent rebuild of linux-lts (3.10.39-2) incorporating the fix? thanks _______________________________________________ arch-security mailing list arch-security@archlinux.org https://mailman.archlinux.org/mailman/listinfo/arch-security
To all,
I reported that a while ago, should I be pressing these emails?
Emails will not get developers attention. Report a bug if the fix has not been committed after a day or two. Allan
participants (6)
-
Allan McRae
-
Anatol Pomozov
-
G. Schlisio
-
Mark Lee
-
Pierre Schmitz
-
Xan