Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 583650 - <sys-kernel/gentoo-sources-4.4.19 are affected by CVE-2016-4913 and CVE-2016-3713
Summary: <sys-kernel/gentoo-sources-4.4.19 are affected by CVE-2016-4913 and CVE-2016...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL:
Whiteboard:
Keywords:
Depends on: 591810
Blocks:
  Show dependency tree
 
Reported: 2016-05-21 11:10 UTC by Pacho Ramos
Modified: 2022-03-25 22:50 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pacho Ramos gentoo-dev 2016-05-21 11:10:38 UTC 
I was trying to find if Fedora people were able to backport the fixes for bug 583522 in Fedora22 but I couldn't find it :(

At least I found that any version before 4.4.11 are vulnerable to, at least, that two CVEs I list in summary, hence, maybe it would be interesting to stabilize 4.4.11

Thanks
Comment 1 Mike Limansky 2016-06-25 21:50:05 UTC 
And the kernels before 4.4.14 are affected by CVE-2016-4997. (http://www.openwall.com/lists/oss-security/2016/06/24/5)
Comment 2 Mike Limansky 2016-07-09 19:28:50 UTC 
I'm using 4.4.14 for a week on working laptop. No issues found comparing with current stable 4.4.6. Are there any blockers for this security bug?
Comment 3 Pacho Ramos gentoo-dev 2016-08-21 09:38:30 UTC 
Well, there are many more security fixes since I reported this.. probably the best idea would be to stabilize 4.4.19 when it lands the tree
Comment 4 Andreas Sturmlechner gentoo-dev 2016-08-21 14:41:19 UTC 
4.4.19 is in tree since yesterday. Regressions do happen, but very rarely at that stage of LTS, so I guess stabilising it is not unreasonable.
Comment 5 Mike Limansky 2016-09-23 15:31:32 UTC 
I'm using 4.4.19 for a month on amd64. No issues comparing to 4.4.6 are observed.
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 22:50:35 UTC 
Fixes in by 4.7.