On Thu, 2015-04-02 at 10:15 -0400, Theodore Ts'o wrote: > On Wed, Apr 01, 2015 at 10:23:37PM +0300, Dmitry Monakhov wrote: > > >> Wow.... I've just got a good present for a fools day. > > >> It is appeared that stable kernel still has this bug(CVE-2014-8086) unfixed. > > >> At least my notebook (debian/testing 3.16.5) oopsed like follows: > > > > > > 3.16 is not a stable kernel I maintain, it's long since dead. > > Ohh. I see. So this is just a unstable Debian's crap. > > > Is there a specific patch I should be applying to the 3.14 or 3.10 > > > kernels that solve this problem? > > Yes original commit is a41537e69b4aa43f0fea02498c2595a81267383b > > In fact 3.14 and 3.10 already has fixes. > > 3.14 07110343605adc3f > > 3.10 30d8c8352812e924 > > Dmitry, if you open a bug report against the Debian kernel, I'm sure > they'll take care of applying a backport of the patch --- especially > since this is a potential security issue (CVE-2014-8086). The fix was cherry-picked in 3.16.7-ckt1 (commit 01eca100c06d) and the current packages in testing/unstable are based on 3.16.7-ckt7. Dmitry, you should install one of the metapackages like linux-image-amd64 in order to get automatic upgrades when there is an ABI bump. Ben. -- Ben Hutchings Lowery's Law: If it jams, force it. If it breaks, it needed replacing anyway.
Attachment:
signature.asc
Description: This is a digitally signed message part