On Mon, 29 Aug 2016 19:30:11 +0200 "Thomas Schmitt" <scdbac...@gmx.net> wrote: > Hi, > > Gene Heskett wrote: > > Normally security things are pushed right on thru particularly > > when they are a one file changed in the whole kernel source > > tree. Why not this time? > > I guess because it is easy to work around > > https://access.redhat.com/security/vulnerabilities/challengeack > > and the maintainers don't want to shoot their foot immediately again > by a hasty bugfix release.
The official bug fix is already done in the 4.7 kernel and has been back ported to all the kernels of interest. Apparently it is in the works for the Debian tree already, though no one has said when the patches will be released. As for workarounds, they do no good for the overwhelming majority of users since they are unaware that they need to push out workarounds. Users rely on the security update mechanism to get their security updates. Most organizations aren't even equipped to follow the torrent of security alerts happening at any given time on an independent basis. Perry -- Perry E. Metzger pe...@piermont.com
