On Thu, 2015-04-02 at 10:15 -0400, Theodore Ts'o wrote:
> On Wed, Apr 01, 2015 at 10:23:37PM +0300, Dmitry Monakhov wrote:
> > >> Wow.... I've just got a good present for a fools day.
> > >> It is appeared that stable kernel still has this bug(CVE-2014-8086) unfixed.
> > >> At least my notebook (debian/testing 3.16.5) oopsed like follows:
> > >
> > > 3.16 is not a stable kernel I maintain, it's long since dead.
> > Ohh. I see. So this is just a unstable Debian's crap.
> > > Is there a specific patch I should be applying to the 3.14 or 3.10
> > > kernels that solve this problem?
> > Yes original commit is a41537e69b4aa43f0fea02498c2595a81267383b
> > In fact 3.14 and 3.10 already has fixes.
> > 3.14 07110343605adc3f
> > 3.10 30d8c8352812e924
>
> Dmitry, if you open a bug report against the Debian kernel, I'm sure
> they'll take care of applying a backport of the patch --- especially
> since this is a potential security issue (CVE-2014-8086).
The fix was cherry-picked in 3.16.7-ckt1 (commit 01eca100c06d) and the
current packages in testing/unstable are based on 3.16.7-ckt7.
Dmitry, you should install one of the metapackages like
linux-image-amd64 in order to get automatic upgrades when there is an
ABI bump.
Ben.
--
Ben Hutchings
Lowery's Law:
If it jams, force it. If it breaks, it needed replacing anyway.
Attachment:
signature.asc
Description: This is a digitally signed message part