Hello, Am 10/04/2016 um 07:57 PM schrieb Nicholas Luedtke: > On 10/04/2016 11:40 AM, Felix Knecht wrote: > >> On 10/04/2016 06:38 PM, Jan Lühr wrote: >>> CVE-2016-7117 was patched in Android today.I don't see much information >>> right now. The title is rather frightening - the issue appears to be urgent. >> The following upstream kernel commit is referenced in the security bulletin: >> >> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d >> >> No idea if this is fixed in Debian though. >> >> Felix >> > Looks like it was picked up when Debian rolled to 3.16.36-1. Thanks for the info - if Felix is right, then 4.7 (jessie backports) is secure, since it was released months after the fix was pushed to the mainline kernel. However, it's somewhat strange that a bug labeled "Linux Kernel Use-After-Free Remote Code Execution Vulnerability", concerning a lot of kernels released in the last years (http://www.securityfocus.com/bid/93304) seem to be fixed in android only. Do you know any details? Anyway, using jessie-backports seem to help, thus I'm going for it... Thanks, Greetz, Jan -- There's a ripped off cord To my TV screen With a note saying: "Im not afraid to dream" -- Donkey Boy, Crazy Something Normal
Attachment:
signature.asc
Description: OpenPGP digital signature