[arch-security] Linux 3.14.3 (CVE-2014-0196)
Allan McRae
allan at archlinux.org
Wed May 14 01:02:18 EDT 2014
On 14/05/14 03:28, Mark Lee wrote:
> On 05/13/2014 08:43 AM, G. Schlisio wrote:
>> Am 13.05.2014 14:40, schrieb Xan:
>>> On Mon, 12 May 2014 08:41:00 -0700
>>> Anatol Pomozov <anatol.pomozov at gmail.com> ha escrit:
>>>>>
>>>>>
>>>>> Yes, here is a working exploit: (tested on 3.14.3-1-ARCH)
>>>>> http://www.openwall.com/lists/oss-security/2014/05/12/3
>>>>>
>>>>> I wonder why there is no new kernel release; seems pretty critical to me.
>>>
>>> Thanks, for the checking. So it seems very concerning...
>>>
>>>>
>>>>
>>>> The fix is in the Linus tree (sha1=4291086b1f081b) and it is a green
>>>> light to include it into Arch package.
>>>>
>>>
>>> If anyone could patch the mainline kernel. I'm just a begginer user...
>>>
>>> Thanks, anyway,
>>> Xan.
>>> _______________________________________________
>>> arch-security mailing list
>>> arch-security at archlinux.org
>>> https://mailman.archlinux.org/mailman/listinfo/arch-security
>>>
>
>> as stated by https://wiki.archlinux.org/index.php/CVE-2014 it is fixed
>> in the mainline kernel.
>> still there is one supported kernel missing: linux-lts.
>> does the recent rebuild of linux-lts (3.10.39-2) incorporating the fix?
>> thanks
>> _______________________________________________
>> arch-security mailing list
>> arch-security at archlinux.org
>> https://mailman.archlinux.org/mailman/listinfo/arch-security
>
>
> To all,
>
> I reported that a while ago, should I be pressing these emails?
>
Emails will not get developers attention. Report a bug if the fix has
not been committed after a day or two.
Allan
More information about the arch-security
mailing list