Re: CVE-2016-5696: linux kernel - challange ack information leak.

[Greg KH <greg () kroah com>]

On Tue, Aug 16, 2016 at 08:15:49PM +0200, Sona Sarmadi wrote:
> On 2016-08-15 09:53, Greg KH wrote:
> > On Mon, Aug 15, 2016 at 06:23:04AM +0000, Sona Sarmadi wrote:
> > > > > This vulnerability is currently only fixed in mainline kernels (4.7 &
> > > > > 4.8). Does anyone know if there is any work ongoing to backport this
> > > > > fix to the  older versions?
> > > > I just added the fix for this issue to the stable kernel queues and it will
> > > > show up in the next stable releases, in about 2 days after it passes all of
> > > > the needed review.
> > > >
> > > > Hope this helps,
> > > >
> > > > greg k-h
> > > Great, thanks, this helps :)
> > You can _always_ just apply the patch to your local tree, there's never
> > a need to wait for me to get a kernel out.  That's the advantage of
> > having the source for your systems :)
> Yes, we can do that but sometimes the patches for newer kernels don't
> apply cleanly on older versions.
> There is always a risk that our home grown patches have undesired side
> effects. We prefer your sign of approval on patches for older kernels :)

Heh, fair enough.  This fix is now in the kernels that were released
today (4.7.1, 4.6.7, 4.4.18, and 3.14.76), hope that helps.

greg k-h