[manjaro-security] [arch-security] [ASA-201612-11] linux-grsec: denial of service

Daniel Micay via arch-security arch-security at archlinux.org
Sat Dec 10 19:07:46 CET 2016


On Sat, 2016-12-10 at 15:29 +0100, Remi Gacogne wrote:
> Arch Linux Security Advisory ASA-201612-11
> ==========================================
> 
> Severity: High
> Date    : 2016-12-10
> CVE-ID  : CVE-2016-9919
> Package : linux-grsec
> Type    : denial of service
> Remote  : Yes
> Link    : https://wiki.archlinux.org/index.php/CVE
> 
> Summary
> =======
> 
> The package linux-grsec before version 1:4.8.12.r201612062306-2 is
> vulnerable to denial of service.
> 
> Resolution
> ==========
> 
> Upgrade to 1:4.8.12.r201612062306-2.
> 
> # pacman -Syu "linux-grsec>=1:4.8.12.r201612062306-2"
> 
> The problem has been fixed upstream but no release is available yet.

Note that while this isn't fixed in upstream 4.8.12 / 4.8.13, it's fixed
in 4.8.13-201612082118.patch so 4.8.13.r201612082118-1 no longer carries
the patch in the downstream package.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: This is a digitally signed message part
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20161210/4ede00fd/attachment.pgp>


More information about the manjaro-security mailing list