Lemote's kernels vulnerable to CVE-2014-0196
11 views
Skip to first unread message
David Kuehling
May 17, 2014, 12:51:10 AM5/17/14
to loongs...@googlegroups.com
Hi,
the 3.5.0-* kernels from lemote [1] are vulnerable to CVE-2014-0196 [2],
which makes them somewhat unusable on multi-user systems (if you don't
trust all of your users).
AFAIU this patch [3] should fix the issue for 3.5.0. I just put a
debian package with a fixed kernel here [4] (only 3.5.0-9.lemote-dk1 or
newer, untested, YMMV etc.)
cheers,
David
[1] http://dev.lemote.com/cgit/linux-official.git
[2] http://www.linuxsecurity.com/content/view/161438
[3] https://sourceforge.net/p/loongson-stuff/code/ci/master/tree/loongson3a-debian-wheezy-installer/kpatches/010-fix-CVE-2014-0196.patch
[4] https://sourceforge.net/projects/loongson-stuff/files/loongson3a/
--
GnuPG public key: http://dvdkhlng.users.sourceforge.net/dk2.gpg
Fingerprint: B63B 6AF2 4EEB F033 46F7 7F1D 935E 6F08 E457 205F
the 3.5.0-* kernels from lemote [1] are vulnerable to CVE-2014-0196 [2],
which makes them somewhat unusable on multi-user systems (if you don't
trust all of your users).
AFAIU this patch [3] should fix the issue for 3.5.0. I just put a
debian package with a fixed kernel here [4] (only 3.5.0-9.lemote-dk1 or
newer, untested, YMMV etc.)
cheers,
David
[1] http://dev.lemote.com/cgit/linux-official.git
[2] http://www.linuxsecurity.com/content/view/161438
[3] https://sourceforge.net/p/loongson-stuff/code/ci/master/tree/loongson3a-debian-wheezy-installer/kpatches/010-fix-CVE-2014-0196.patch
[4] https://sourceforge.net/projects/loongson-stuff/files/loongson3a/
--
GnuPG public key: http://dvdkhlng.users.sourceforge.net/dk2.gpg
Fingerprint: B63B 6AF2 4EEB F033 46F7 7F1D 935E 6F08 E457 205F
Huacai Chen
May 18, 2014, 10:32:41 AM5/18/14
to loongs...@googlegroups.com
Thank you very much, I will apply this patch.
Reply all
Reply to author
Forward
0 new messages