[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 3448-1] linux security update

Hi,

On Wed, Jan 20, 2016 at 10:42:04AM +0800, Bjoern Nyjorden wrote:
> Thanks Holger & Ben,
> 
> Most appreciated.  So, just to confirm; my take away on this is:
> 
>  * 1. "Wheezy" Linux kernels are NOT AFFECTED.
> 
>  * 2. "Wheezy" & "Jessie" BACKPORTS Linux kernels are VUNERABLE.
> 
> If I have understood correctly?

For the most important CVE,
https://security-tracker.debian.org/tracker/CVE-2016-0728 this is
right. The issue was introduced in upstream commit
3a50597de8635cd05133bd12c95681c82fe7b878 which is in Kernels v3.8-rc1
onways. Wheezy Kernel is not affected, Wheezy and Jessie backports are
vunerable but beeing fixed.

You can get the full picture for Wheezy and Jessie status by starting
from https://security-tracker.debian.org/tracker/DSA-3448-1 and
following the CVE references for details. The other issues which
affect Wheezy as well will be fixed for Wheezy in a later DSA.

(yes, the security-tracker does not track backports).

Hope this helps,

Regards,
Salvatore
Reply to: