Theodore Ts'o <tytso@mit.edu> writes: > On Wed, Apr 01, 2015 at 10:23:37PM +0300, Dmitry Monakhov wrote: >> >> Wow.... I've just got a good present for a fools day. >> >> It is appeared that stable kernel still has this bug(CVE-2014-8086) unfixed. >> >> At least my notebook (debian/testing 3.16.5) oopsed like follows: >> > >> > 3.16 is not a stable kernel I maintain, it's long since dead. >> Ohh. I see. So this is just a unstable Debian's crap. >> > Is there a specific patch I should be applying to the 3.14 or 3.10 >> > kernels that solve this problem? >> Yes original commit is a41537e69b4aa43f0fea02498c2595a81267383b >> In fact 3.14 and 3.10 already has fixes. >> 3.14 07110343605adc3f >> 3.10 30d8c8352812e924 > > Dmitry, if you open a bug report against the Debian kernel, I'm sure > they'll take care of applying a backport of the patch --- especially > since this is a potential security issue (CVE-2014-8086). That is what I did after I've replayed Greg. But it is appeared that they have already fixed this issue 30days ago. So this is 100% my OS admin issue. > > Cheers, > > - Ted > >> So I have to just migrate my note to truly stable kernel :) > > Ah, do what I do --- run truly bleeding edge and use the latest kernel > with the ext4 dev branch merged in. (After I've made sure it passes a > full set of regression tests, of course!) Nothing like file system > developers eating their own dog food. :-) Yes this is the way I live for every long time, but forget to update kernel after migrating to new notebook. > > The only downside, speaking as a Debian developer, is that I don't end > up paying that much attention to the Debian kernel. So if there are > some other ext4 developers who are willing to help push patches into > the Debian kernel, that would be much appreciated.
Attachment:
signature.asc
Description: PGP signature