Dear kernel maintainers, specialists, Regarding latest kernel vulns, like CVE-2016-8655, there were some reports how and where ubuntu/debian/redhat distributions fixed the problem. However, I could not find clear indications about fixes in plain vanilla kernel sources. No indication on LTS, and of course nothing on the others. O.K. there is a patch for the particular CVS+kernel version, but it is rather not evident to people that they must not go and install a recent 3.16.39 as it is not fixed. I really could not find out details and exact information no matter how I tried to find on googole. What about having a channel to get latest information? What about having LTS not just patches but information feed. Or what about sending out additional information added to actual security patches how it should/would/had affect to other versions. Of course, maybe there is a trivial solution on that, e.g. I did not see some notes, but I'm afraid I'm right and zillions of admins simply do not know if they are vulnerable or not. So is there a plan for 3.16.39 patch? What about 3.2 3.4 and similar? Should one use the existing af_packet patch? Or from now on we should trust on vendors (Debian, Redhat or Andorid... ) and it recommended to avoid bjuilding kernel from scratch now? b.
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment