On 23/02/17 18:01, Fabian Arrotin wrote: > On 23/02/17 17:46, Jacco Ligthart wrote: >> On 23-02-17 17:16, Fabian Arrotin wrote: >>> On 23/02/17 14:17, Robert Moskowitz wrote: >>>> I see announcement of a new kernel for security updates. >>>> >>>> Any ETA for it here? >>>> >>>> thanks >>>> >>> I'm rebuilding kernel 4.4.50 (both generic and rpi variants) that would >>> fix cve_2017_6074. >>> I'll let you know when it will be ready for testing and after some >>> feedback, I'll send those to the signing queue so that they can appear >>> on mirror.centos.org >> >> If I read the changelogs correctly, that CVE is not fixed in version 4.4.50 >> >> I think I'll wait for 51 :( >> >> Jacco >> > > I had no time to investigate further, but > http://news.softpedia.com/news/linux-kernels-4-9-11-4-4-50-lts-bring-networking-improvements-updated-drivers-513073.shtml > was mentioning DCCP > > So I just had a quick look at this this morning and yes, it seems the dccp patch wasn't included in 4.4.50 but rather in 4.4.51, so have submitted a build for the generic kernel (I'll push it to testing repo when built). For raspberrypi, nothing (yet) rebased (upstream) to 4.4.51, but otoh it seems that they have now switched to newer LTS 4.9.x version. For that CVE, I'd consider just bumping to 4.4.51 , but investigating having a rebase to 4.9.x (also LTS) seems a good option, but that has to be tested too -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/arm-dev/attachments/20170224/50d99ee7/attachment-0006.sig>