Re: CVE-2017-5754

Re: CVE-2017-5754 - ETA?

On Thu, Jan 4, 2018 at 4:47 PM, Don Armstrong <don@debian.org> wrote:

On Thu, 04 Jan 2018, francis picabia wrote:
> Redhat, Ubuntu and others have kernel updates available today for this
> kernel patch that has been worked on since November. Normally Debian
> has been quick out of the gate with security measures.
>
> Is there an ETA when Debian will update kernel packages?

The DSA has been (will be shortly?) released for stable. Unstable,
testing, and likely oldstable will probably follow soon.
https://security-tracker.debian.org/tracker/DSA-4078-1

Thanks for the response. I'm looking now and I see stretch and wheezy are

addressed, but not jessie. Odd. Why would old-stable be a challenge?

I'm concerned because we run a system for students to do programming, and there

is typically one in the crowd who will try out any script kiddies in the news. For

the time being I've blocked access to the system, but faculty expect it

will be available for use in a week or so. I have the option to install

the stretch kernel and run in a hybrid version for awhile, but I'm not sure

if there will be problems with that workaround.

Reply to:

Follow-Ups:

Re: CVE-2017-5754 - ETA?
- From: Jeroen Mathon <jeroenmathonmac@gmail.com>
Re: CVE-2017-5754 - ETA?
- From: Tixy <tixy@yxit.co.uk>
Re: CVE-2017-5754 - ETA?
- From: Richard Hector <richard@walnut.gen.nz>

References:

CVE-2017-5754 - ETA?
- From: francis picabia <fpicabia@gmail.com>
Re: CVE-2017-5754 - ETA?
- From: Don Armstrong <don@debian.org>