X-Original-To: alpine-devel@lists.alpinelinux.org Received: from mail-lf0-f54.google.com (mail-lf0-f54.google.com [209.85.215.54]) by lists.alpinelinux.org (Postfix) with ESMTP id E0EA65C434E for ; Fri, 21 Oct 2016 06:34:01 +0000 (GMT) Received: by mail-lf0-f54.google.com with SMTP id x79so134179282lff.0 for ; Thu, 20 Oct 2016 23:34:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=g2VVQOKm12W3M52L/eTEeFnjeEcGvNumNZCtjri/t2w=; b=mWXOxwkrFCJ+dfJWEQEtUNjrk6Xph5Y9k1VCMsZIttrfLD5xdEMqbQrsmy+LeZTDo+ fd14R2QOKhtQwyOTzldFYU3irkP4ESyz1ANCUiy9u+jBVzBroxsUFqyyP//ZQY4pb3sZ mt+wJD9Gep4/rUxIJOvQnOnWzUr6ugmWgTRjLkuoi1VhitZx/S1jxihJvtJIvll7R1Xg CpL2H117oxBGe389ngOTkfHQ2ZZOECxoRNuy9kNIvtbLfNjMTMccQiaLsp/9f5F8DBtx SgDmEn/Dh6ZWJGNjcOxoiWOxzi/ix7UGLg4o8JY+iOwk7Noijh6EblbgmlkUE7GTrysz cw6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=g2VVQOKm12W3M52L/eTEeFnjeEcGvNumNZCtjri/t2w=; b=N+lk3RRgdiOq64aI7Do5TBJBYoKdfEZES9dAHscMJ4sRCXWbL42oXYwelBrSwG3REg kYJ6bRHo/l8vRt/b6fElAlDFabO/+BdamYv9BSbKWRxRji0YVl96P4vzfl2iwYGVR1DY ZSuLfpsD0uLJLDwXGeY2EdsC4RyizlUZJ5V25eldgWX3sBeEqY9dN2zO/RoNgH8UgpPq onbXp88Va55Z+G8RzU1s/bu2fwgYjPBUR88aZQb7cEqrU0d0yBAx4u3mDhA+VgHWX/R2 0jFTtWMVBT61J32/fTfgyVuc2AMbITX1/0cnrRYXoTMvfMqAMbM04/D8u2JzKiFDEfMz 9hMw== X-Gm-Message-State: ABUngveP+ED/SrvXUqsP08+lTnY+Jm1be/lkJOdl7S+qyKETDM2Z1Is9rqJCj60uBuynkA== X-Received: by 10.25.162.202 with SMTP id l193mr5262025lfe.173.1477027840412; Thu, 20 Oct 2016 22:30:40 -0700 (PDT) Received: from vostro.util.wtbts.net ([2001:1bc8:101:f402:e66f:13ff:fef3:8cd0]) by smtp.gmail.com with ESMTPSA id b188sm130152lfg.41.2016.10.20.22.30.39 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 20 Oct 2016 22:30:40 -0700 (PDT) Sender: =?UTF-8?Q?Timo_Ter=C3=A4s?= Date: Fri, 21 Oct 2016 08:30:33 +0300 From: Timo Teras To: "Kevin M. Gallagher" Cc: alpine-devel@lists.alpinelinux.org Subject: Re: [alpine-devel] CVE-2016-5195: Local privilege escalation exploit in Linux kernel Message-ID: <20161021083033.2368d30b@vostro.util.wtbts.net> In-Reply-To: References: X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.28; x86_64-alpine-linux-musl) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hi, On Thu, 20 Oct 2016 21:53:03 -0700 "Kevin M. Gallagher" wrote: > Details: > > http://dirtycow.ninja/ > https://lkml.org/lkml/2016/10/19/860 > > Proof of concept: > https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c > > I'm using Alpine Linux for a time-urgent and security-critical project > happening this weekend, and would really like to see this fixed. > However, I'm not familiar with aports or the way you build kernels in > Alpine. Is anyone available to update the kernel in linux-grsec in > the 3.4-stable branch and/or backport the patch, sometime soon? Depending on CVE extent we sometimes cherry-pick fixes. But this seems bad enough that they released new upstream kernels with pretty much nothing else than this fix. So we'll be upgrading to them shortly. Thanks. Timo --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---