[Nix-dev] Patches in nixos-16.09, nixos-unstable-small Channels for CVE-2016-5195 ("DirtyCow", Linux Kernel Privilege Escalation Vulnerability)
Graham Christensen
graham at grahamc.com
Fri Oct 21 20:52:49 CEST 2016
Hello Nixers,
All Linux kernels since 2.6.22 have been vulnerable to a privilege
escalation bug.
Please upgrade immediately.
This issue was discovered and patched on October 18. The fix was released
yesterday, and the 16.09 channel now includes the fix for the following
kernels:
- linuxPackages: 4.4.25 -> 4.4.26 (
https://github.com/NixOS/nixpkgs/commit/0b20f6daba35575a7d4d2a61f42830d793a12892
)
- linuxPackages_4_7: 4.7.8 -> 4.7.9 (
https://github.com/NixOS/nixpkgs/commit/7e5cfb7d82bbe29cb83333638e2d0ead60260c6e
)
- linuxPackages_latest: 4.8.2 -> 4.8.3 (
https://github.com/NixOS/nixpkgs/commit/0ed0d08c7291da58b4c20c68d2ae89b2934555ab
)
When updating please ensure you have `nixos-16.09.819.31c72ce` or newer.
The previous version (`nixos-16.09.773.b8ede35` and older) do not include
these patches.
For unstable, only unstable-small has the patches:
- linuxPackages: 4.4.25 -> 4.4.26 (
https://github.com/NixOS/nixpkgs-channels/commit/76a57d83b5a4df7c3ac85b25c5ab10d6fb415eb2
)
- linuxPackages_4_7: 4.7.8 -> 4.7.9 (
https://github.com/NixOS/nixpkgs-channels/commit/fabfb0a900b8bc732f0561d696ee72a800cba708
)
- linuxPackages_latest: 4.8.2 -> 4.8.3 (
https://github.com/NixOS/nixpkgs-channels/commit/0c3e5217fcf61ea652cdb3c661808c254eaa54df
)
Standard unstable will move forward when all tests have passed.
*All other *kernels available in NixOS 16.09 and Unstable are vulnerable
and have not yet received patches.
This includes:
- linuxPackages_mptcp
- linuxPackages_rpi
- linuxPackages_3_10
- linuxPackages_3_10_tuxonice
- linuxPackages_3_12
- linuxPackages_3_18
- linuxPackages_4_1
- linuxPackages_testing
More information can be had at https://dirtycow.ninja/
Also included in this channel update are several fixes found in the latest
vulnerability hunt. See:
- https://github.com/NixOS/nixpkgs/issues/19678
- https://github.com/NixOS/nixpkgs/issues/13515#issuecomment-255272275
- https://github.com/NixOS/nixpkgs/issues/13515#issuecomment-255230815
- https://github.com/NixOS/nixpkgs/issues/13515#issuecomment-254993182
If you would like to help with future hunts and patches, please leave a
comment on https://github.com/NixOS/nixpkgs/issues/19678 and I'll make sure
to ping you.
Thank you,
Graham
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20161021/4e9a0c61/attachment.html>
More information about the nix-dev
mailing list