[arch-security] Linux 3.14.3 (CVE-2014-0196)
G. Schlisio
g.schlisio at dukun.de
Tue May 13 08:43:19 EDT 2014
Am 13.05.2014 14:40, schrieb Xan:
> On Mon, 12 May 2014 08:41:00 -0700
> Anatol Pomozov <anatol.pomozov at gmail.com> ha escrit:
>>>
>>>
>>> Yes, here is a working exploit: (tested on 3.14.3-1-ARCH)
>>> http://www.openwall.com/lists/oss-security/2014/05/12/3
>>>
>>> I wonder why there is no new kernel release; seems pretty critical to me.
>
> Thanks, for the checking. So it seems very concerning...
>
>>
>>
>> The fix is in the Linus tree (sha1=4291086b1f081b) and it is a green
>> light to include it into Arch package.
>>
>
> If anyone could patch the mainline kernel. I'm just a begginer user...
>
> Thanks, anyway,
> Xan.
> _______________________________________________
> arch-security mailing list
> arch-security at archlinux.org
> https://mailman.archlinux.org/mailman/listinfo/arch-security
>
as stated by https://wiki.archlinux.org/index.php/CVE-2014 it is fixed
in the mainline kernel.
still there is one supported kernel missing: linux-lts.
does the recent rebuild of linux-lts (3.10.39-2) incorporating the fix?
thanks
More information about the arch-security
mailing list