Mail archive
alpine-devel

Re: [alpine-devel] CVE-2016-5195: Local privilege escalation exploit in Linux kernel

From: Timo Teras <timo.teras_at_iki.fi>
Date: Fri, 21 Oct 2016 08:30:33 +0300

Hi,

On Thu, 20 Oct 2016 21:53:03 -0700
"Kevin M. Gallagher" <kevingallagher_at_gmail.com> wrote:

> Details:
>
> http://dirtycow.ninja/
> https://lkml.org/lkml/2016/10/19/860
>
> Proof of concept:
> https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c
>
> I'm using Alpine Linux for a time-urgent and security-critical project
> happening this weekend, and would really like to see this fixed.
> However, I'm not familiar with aports or the way you build kernels in
> Alpine. Is anyone available to update the kernel in linux-grsec in
> the 3.4-stable branch and/or backport the patch, sometime soon?

Depending on CVE extent we sometimes cherry-pick fixes. But this seems
bad enough that they released new upstream kernels with pretty much
nothing else than this fix. So we'll be upgrading to them shortly.

Thanks.
Timo


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Fri Oct 21 2016 - 08:30:33 GMT