Skip to content
This repository has been archived by the owner on Oct 11, 2023. It is now read-only.

CVE-2017-1000405 #2162

Closed
mikemoate opened this issue Dec 4, 2017 · 3 comments
Closed

CVE-2017-1000405 #2162

mikemoate opened this issue Dec 4, 2017 · 3 comments
Assignees
Milestone

Comments

@mikemoate
Copy link

See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000405 and https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0 for details.

When will we have a RancherOS release that patches this?

@mikemoate mikemoate changed the title CVE-2017–1000405 CVE-2017-1000405 Dec 6, 2017
@mikemoate
Copy link
Author

@will-chan @ibuildthecloud given the conversation on #2156 is anyone from Rancher looking at this CVE and how it impacts Rancher OS?

@niusmallnan
Copy link
Contributor

Regarding CVE-2017-1000405:
The patch has been backported to kernel v4.9.x(LTS), we can use the latest version v4.9.67.
http://www.openwall.com/lists/oss-security/2017/11/30/1

Commit: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.9.y&id=7031ae2ab37d3df53c4a4e9903329a5d38c745ec

We can build a release with kernel v4.9.67.

@niusmallnan niusmallnan self-assigned this Dec 11, 2017
@niusmallnan niusmallnan added this to the v1.1.1 milestone Dec 11, 2017
@niusmallnan
Copy link
Contributor

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants