> Control: tag -1 - moreinfo
> Control: tag -1 pending
>
> On Tue, 2016-01-26 at 07:37 -0800, Zachary Loafman wrote:
> >
> > > > Although I didn't test for 3.16.7, I think merging this commit is
> > > enough:
> > >
> > > That and the previous commit appear to be sufficient, though they
> > > needed some minor changes.  Please can you test whether the attached
> > > patches work, following the procedure at
> > > <
> > > > .
> > >
> >
> > I tested these patches on Jessie and they seem to work. Methodology: I spun
> > up an 3.16.7-ckt20-1+deb8u3 image in GCE, made sure
> > a 3.16.7-ckt20-1+deb8u3 kernel with those patches quilted in and ran the
> > same image:
> >
> > zml@jessie:~$ sudo docker run -it --rm akihirosuda/test18180
> > [INFO] Checking whether hitting docker#18180.
> > ....................................................................................................
> > [INFO] OK. not hitting docker#18180.
> > [INFO] Checking whether sendfile(2) is killable.
> > [INFO] If the container hangs up here, you are still facing the bug
> > that linux@296291cd tried to fix.
> > /test.sh: line 22:  3308 Killed                  /sendfile-test
> > zml@jessie:~$
> >
> > I think we're golden. (Container is not hung, both the original bug
> > and the new bug are fixed.)
>
> Thanks, I've queued these up for inclusion in the next security update.
>
> Ben.
>
> --
> Ben Hutchings
> Q. Which is the greater problem in the world today, ignorance or apathy?
> A. I don't know and I couldn't care less.
Hi,
Thank you for the patch. I've also tested it and it works.
I'm wondering why this fix is not released as soon as possible? Because of this bug some users cannot upgrade to the latest version of the kernel and stay vulnerable to CVE-2016-0728.
Does the recommended way for such users would be to recompile the kernel on their own?
Jean-Luc