Not sure if this affects our kernel, but a new security vuln in Ext4 was discovered.

www.ubuntu.com/usn/usn-2638-1/

I don't see it on Debian's security feed, probably because it only affects newer kernels.

i think the fix is here: https://git.kernel.org/cgit/linux/kernel/git/tytso/ext4.git/commit/?h=dev
Edit: actually, this looks like the fix: www.spinics.net/lists/linux-ext4/msg47193.html

(and full ext4 repo here: https://git.kernel.org/cgit/linux/kernel/git/tytso/ext4.git/)

I'm gonna try patching 4.0-5-liquorix with it and see how it goes. surprised it hasn't made it into zen's git and i don't see it in the linux-stable.git queue, but perhaps there's deeper repos somewhere.

< Edited by chickaroo :: Jun 12, 15, 20:44 >
Back to top

okay so it looks like 4.0.x is affected, and the patch ubuntu and some other distros are applying is in this link (I checked the source and it matched with this patch)

www.spinics.net/lists/linux-ext4/msg47193.html

more info here: www.openwall.com/lists/oss-security/2015/02/23/14
Debian security tracker: [new user link]

edited above post with this link. If I get some time I'll do a pull request to zen-kernel

Edit: okay so this bug isn't so new, but recently escalated. still not backported to 4.0.5 after thoroughly checking git-stable. It's coming in 4.1 though. after looking at all the patches distros have deployed I submitted a pull request to zen-kernel in the meantime so we can have this fixed until 4.1 (or 4.0.x upstream backports it)
Back to top

Patch has been pushed to zen kernel sources and will be in the next Liquorix kernel package.
Back to top