Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#52890 - [linux] CVE-2017-5897
Attached to Project:
Arch Linux
Opened by Adam Lau (adamlau) - Wednesday, 08 February 2017, 03:47 GMT
Last edited by Doug Newgard (Scimmia) - Monday, 06 March 2017, 16:04 GMT
Opened by Adam Lau (adamlau) - Wednesday, 08 February 2017, 03:47 GMT
Last edited by Doug Newgard (Scimmia) - Monday, 06 March 2017, 16:04 GMT
|
DetailsDescription:
No regressions noted when patching linux 4.9.8-1 and linux-grsec 1:4.9.8.r201702071801-2 for CVE-2017-5897. As the linux and linux-grsec are both in testing, recommending that we include this security patch. Additional info: linux 4.9.8-1 and linux-grsec 1:4.9.8.r201702071801-2. Other versions may also be affected. |
This task depends upon
Comment by Adam Lau (adamlau) -
Wednesday, 08 February 2017, 04:26 GMT
Might as well include CVE-2016-10208 as well though I have not yet validated the results against the sample exploit script supplied as part of the patch.
Comment by John (graysky) -
Wednesday, 08 February 2017, 19:59 GMT
@Adam - I cannot find a link to CVE-2017-5897, can you provide one? Also, I believe that CVE-2016-10208 is teed up for 4.9.9: https://git.kernel.org/cgit/linux/kernel/git/stable/stable-queue.git/tree/queue-4.9/ext4-validate-s_first_meta_bg-at-mount-time.patch
Comment by Adam Lau (adamlau) -
Wednesday, 08 February 2017, 23:21 GMT
http://seclists.org/oss-sec/2017/q1/327