[arch-security] Linux 3.14.3 (CVE-2014-0196)

Mark Lee mark at markelee.com
Tue May 13 13:28:38 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 05/13/2014 08:43 AM, G. Schlisio wrote:
> Am 13.05.2014 14:40, schrieb Xan:
>> On Mon, 12 May 2014 08:41:00 -0700
>> Anatol Pomozov <anatol.pomozov at gmail.com> ha escrit:
>>>>
>>>>
>>>> Yes, here is a working exploit: (tested on 3.14.3-1-ARCH)
>>>> http://www.openwall.com/lists/oss-security/2014/05/12/3
>>>>
>>>> I wonder why there is no new kernel release; seems pretty critical to me.
>>
>> Thanks, for the checking. So it seems very concerning...
>>
>>>
>>>
>>> The fix is in the Linus tree (sha1=4291086b1f081b) and it is a green
>>> light to include it into Arch package.
>>>
>>
>> If anyone could patch the mainline kernel. I'm just a begginer user...
>>
>> Thanks, anyway,
>> Xan.
>> _______________________________________________
>> arch-security mailing list
>> arch-security at archlinux.org
>> https://mailman.archlinux.org/mailman/listinfo/arch-security
>>
> 
> as stated by https://wiki.archlinux.org/index.php/CVE-2014 it is fixed
> in the mainline kernel.
> still there is one supported kernel missing: linux-lts.
> does the recent rebuild of linux-lts (3.10.39-2) incorporating the fix?
> thanks
> _______________________________________________
> arch-security mailing list
> arch-security at archlinux.org
> https://mailman.archlinux.org/mailman/listinfo/arch-security
> 

To all,

I reported that a while ago, should I be pressing these emails?

Regards,
Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iF4EAREIAAYFAlNyVkUACgkQZ/Z80n6+J/bwggEAi/HRPxc9UyO7QvT0CjhI2fQ/
UXFAWUMUMMsLbkKrVH4A/2/IYfhT0AeVHfGcBwEuqLbJEeaYwYJAT573OwvP+cJh
=vZSB
-----END PGP SIGNATURE-----


More information about the arch-security mailing list