[opensuse-security] Linux Kernel Vulnerabliltiy and OpenSuSE 13.2
Should I expect a patch for OpenSUSE 13.2 (x86_64) to address the Linux kernel vulnerability known as Dirty COW (CVE-2016-5195)? Or is there another direction I should turn? Best regards, -Bob ________________________________ Notice: This communication, including attachments, may contain confidential or proprietary information to be conveyed solely for the intended recipient(s). If you are not the intended recipient, or if you otherwise received this message in error, please notify the sender immediately by return e-mail and promptly delete this e-mail, including attachments, without reading or saving them in any manner. The unauthorized use, dissemination, distribution, or reproduction of this e-mail, including attachments, is strictly prohibited and may be unlawful. -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On Thu, Oct 27, 2016 at 02:31:20PM +0000, Robert Sichler wrote:
Should I expect a patch for OpenSUSE 13.2 (x86_64) to address the Linux kernel vulnerability known as Dirty COW (CVE-2016-5195)? Or is there another direction I should turn? Best regards, -Bob
What makes you think it is not available? Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
I've been checking the opensuse-security-announce archive and didn't think anything was relevant to OpenSuSE 13.2. I saw patches for other versions but I'm not sure if any of them are compatible. -----Original Message----- From: Marcus Meissner [mailto:meissner@suse.de] Sent: Wednesday, November 02, 2016 4:56 AM To: Robert Sichler Cc: opensuse@opensuse.org; opensuse-security@opensuse.org Subject: Re: [opensuse-security] Linux Kernel Vulnerabliltiy and OpenSuSE 13.2 On Thu, Oct 27, 2016 at 02:31:20PM +0000, Robert Sichler wrote:
Should I expect a patch for OpenSUSE 13.2 (x86_64) to address the Linux kernel vulnerability known as Dirty COW (CVE-2016-5195)? Or is there another direction I should turn? Best regards, -Bob
What makes you think it is not available? Ciao, Marcus ________________________________ Notice: This communication, including attachments, may contain confidential or proprietary information to be conveyed solely for the intended recipient(s). If you are not the intended recipient, or if you otherwise received this message in error, please notify the sender immediately by return e-mail and promptly delete this e-mail, including attachments, without reading or saving them in any manner. The unauthorized use, dissemination, distribution, or reproduction of this e-mail, including attachments, is strictly prohibited and may be unlawful. -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
Hi, It is here: https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.html (But you need the follow up kernel, as this introduced a regression in POSIX ACLs. https://lists.opensuse.org/opensuse-updates/2016-10/msg00106.html ) Ciao, Marcus On Wed, Nov 02, 2016 at 02:19:05PM +0000, Robert Sichler wrote:
I've been checking the opensuse-security-announce archive and didn't think anything was relevant to OpenSuSE 13.2. I saw patches for other versions but I'm not sure if any of them are compatible.
-----Original Message----- From: Marcus Meissner [mailto:meissner@suse.de] Sent: Wednesday, November 02, 2016 4:56 AM To: Robert Sichler Cc: opensuse@opensuse.org; opensuse-security@opensuse.org Subject: Re: [opensuse-security] Linux Kernel Vulnerabliltiy and OpenSuSE 13.2
On Thu, Oct 27, 2016 at 02:31:20PM +0000, Robert Sichler wrote:
Should I expect a patch for OpenSUSE 13.2 (x86_64) to address the Linux kernel vulnerability known as Dirty COW (CVE-2016-5195)? Or is there another direction I should turn? Best regards, -Bob
What makes you think it is not available?
Ciao, Marcus
________________________________
Notice: This communication, including attachments, may contain confidential or proprietary information to be conveyed solely for the intended recipient(s). If you are not the intended recipient, or if you otherwise received this message in error, please notify the sender immediately by return e-mail and promptly delete this e-mail, including attachments, without reading or saving them in any manner. The unauthorized use, dissemination, distribution, or reproduction of this e-mail, including attachments, is strictly prohibited and may be unlawful.
-- Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner@suse.de> -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
Thank you. That's most helpful. Best regards, -Bob -----Original Message----- From: Marcus Meissner [mailto:meissner@suse.de] Sent: Wednesday, November 02, 2016 10:22 AM To: Robert Sichler Cc: opensuse@opensuse.org; opensuse-security@opensuse.org Subject: Re: [opensuse-security] Linux Kernel Vulnerabliltiy and OpenSuSE 13.2 Hi, It is here: https://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.html (But you need the follow up kernel, as this introduced a regression in POSIX ACLs. https://lists.opensuse.org/opensuse-updates/2016-10/msg00106.html ) Ciao, Marcus On Wed, Nov 02, 2016 at 02:19:05PM +0000, Robert Sichler wrote:
I've been checking the opensuse-security-announce archive and didn't think anything was relevant to OpenSuSE 13.2. I saw patches for other versions but I'm not sure if any of them are compatible.
-----Original Message----- From: Marcus Meissner [mailto:meissner@suse.de] Sent: Wednesday, November 02, 2016 4:56 AM To: Robert Sichler Cc: opensuse@opensuse.org; opensuse-security@opensuse.org Subject: Re: [opensuse-security] Linux Kernel Vulnerabliltiy and OpenSuSE 13.2
On Thu, Oct 27, 2016 at 02:31:20PM +0000, Robert Sichler wrote:
Should I expect a patch for OpenSUSE 13.2 (x86_64) to address the Linux kernel vulnerability known as Dirty COW (CVE-2016-5195)? Or is there another direction I should turn? Best regards, -Bob
What makes you think it is not available?
Ciao, Marcus
________________________________
Notice: This communication, including attachments, may contain confidential or proprietary information to be conveyed solely for the intended recipient(s). If you are not the intended recipient, or if you otherwise received this message in error, please notify the sender immediately by return e-mail and promptly delete this e-mail, including attachments, without reading or saving them in any manner. The unauthorized use, dissemination, distribution, or reproduction of this e-mail, including attachments, is strictly prohibited and may be unlawful.
-- Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner@suse.de> -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On 11/02/2016 10:19 AM, Robert Sichler wrote:
I've been checking the opensuse-security-announce archive and didn't think anything was relevant to OpenSuSE 13.2. I saw patches for other versions but I'm not sure if any of them are compatible.
I don't know what kernel you are using or what repositories you have configured. The latter is, I firmly believe, a key issue. I'm also using 13.2. As I've mentioned many times I make use of the kernel_Stable repository. I emphasise *STABLE* there. You can find it at http://download.opensuse.org/repositories/Kernel:/stable/standard/ I am currently using 4.8.6-1 Normally there are a couple of updates a month there, but the past couple of weeks since Dirty Cow there have been a couple a week. Along the way there have been a number of speed improvements, corrections (aka fixes) to BtrFS and other drivers. I think these changes have been worth while. -- /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (3)
-
Anton Aylward -
Marcus Meissner -
Robert Sichler