Full Disclosure mailing list archives
kernel vuln status question - how can I be protected
From: BENCSATH Boldizsar <boldi () crysys hu>
Date: Sun, 25 Dec 2016 22:19:21 +0100
Dear kernel maintainers, specialists, Regarding latest kernel vulns, like CVE-2016-8655, there were some reports how and where ubuntu/debian/redhat distributions fixed the problem. However, I could not find clear indications about fixes in plain vanilla kernel sources. No indication on LTS, and of course nothing on the others. O.K. there is a patch for the particular CVS+kernel version, but it is rather not evident to people that they must not go and install a recent 3.16.39 as it is not fixed. I really could not find out details and exact information no matter how I tried to find on googole. What about having a channel to get latest information? What about having LTS not just patches but information feed. Or what about sending out additional information added to actual security patches how it should/would/had affect to other versions. Of course, maybe there is a trivial solution on that, e.g. I did not see some notes, but I'm afraid I'm right and zillions of admins simply do not know if they are vulnerable or not. So is there a plan for 3.16.39 patch? What about 3.2 3.4 and similar? Should one use the existing af_packet patch? Or from now on we should trust on vendors (Debian, Redhat or Andorid... ) and it recommended to avoid bjuilding kernel from scratch now? b. -- Boldizsar BENCSATH PhD Laboratory of Cryptography and Systems Security http://www.crysys.hu/ Dept. of Telecommunications - BME VIK HIT TSz. Budapest University of Technology and Economics Tel: +36 1 463 3422; Fax: +36 1 463 3263; M: +36 30 9902317 H-1111 Budapest, Magyar tudósok körútja 2. I ép. E.433. email: bencsath.boldizsar () mail2011 crysys hit bme hu _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- kernel vuln status question - how can I be protected BENCSATH Boldizsar (Dec 27)