Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 6 Jun 2014 11:58:46 -0400
From: Rich Felker <>
Subject: Re: Linux kernel futex local privilege escalation

On Fri, Jun 06, 2014 at 05:43:28PM +0200, wrote:
>     Greg> There is someone still maintaining 3.12-stable, why not rely
>     Greg> on those releases if you want that kernel version, instead of
>     Greg> rolling your own?
> We thankfully do rely on that as our base. In this case though, the
> patches haven't been ported until this moment. And I can't wait for them
> to appear since there is no time-line when that will happen ...

Indeed. This is probably the biggest security flaw in Linux in the
past 5 years (if not the biggest ever) since it allows a full kernel
compromise even from extremely tight sandboxes. In my opinion, the way
the announcement was handled was really unprofessional. There should
have been fixes prepared for, and/or committed into the git repos for,
all currently maintained releases/branches at the time of the
announcement. Anything else leaves everybody but users of the big
mainstream distros scrambling to figure out how to get a
non-vulnerable kernel that's compatible with their current setups.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ