CVE-2017-1000364 kernel fix brake user-space programs
Ralf Mardorf
ralf.mardorf at alice-dsl.net
Fri Jun 23 20:27:44 UTC 2017
On Fri, 23 Jun 2017 22:52:40 +0300, Nrbrtx wrote:
>It is not OK.
>Do you plan to revert this security patch?
Hi,
I'm not an Ubuntu developer.
Did you read about CVE-2017-1000364,
https://www.google.de/?gws_rd=ssl#q=ubuntu+CVE-2017-1000364 ?
Do you really expect a fix for a _high severity_ vulnerability to be
removed?
Sometimes it happens that getting rid of vulnerabilities breaks
software, not only caused by kernel fixe, sometimes user
space software gets completely dropped, if continuing to provide it
would cause a serious risk.
Regards,
Ralf
PS:
FWIW for good reasons not only Debian based distros, such as the Ubuntu
flavours care much about this high severity vulnerability:
https://www.google.de/?gws_rd=ssl#q=arch+linux+CVE-2017-1000364
[rocketmouse at archlinux ~]$ arch-audit --upgradable --quiet | grep linux
linux>=4.11.6-3
This isn't some minor annoyance bug.
--
Vote for apulse!
echo $(w3m https://aur.archlinux.org/packages/apulse |grep 'Votes: ')
Votes: 71 Updated: Fri Jun 23 22:26:44 CEST 2017
More information about the Ubuntu-devel-discuss
mailing list