Hello Nixers, All Linux kernels since 2.6.22 have been vulnerable to a privilege escalation bug.
Please upgrade immediately. This issue was discovered and patched on October 18. The fix was released yesterday, and the 16.09 channel now includes the fix for the following kernels: - linuxPackages: 4.4.25 -> 4.4.26 ( https://github.com/NixOS/nixpkgs/commit/0b20f6daba35575a7d4d2a61f42830d793a12892 ) - linuxPackages_4_7: 4.7.8 -> 4.7.9 ( https://github.com/NixOS/nixpkgs/commit/7e5cfb7d82bbe29cb83333638e2d0ead60260c6e ) - linuxPackages_latest: 4.8.2 -> 4.8.3 ( https://github.com/NixOS/nixpkgs/commit/0ed0d08c7291da58b4c20c68d2ae89b2934555ab ) When updating please ensure you have `nixos-16.09.819.31c72ce` or newer. The previous version (`nixos-16.09.773.b8ede35` and older) do not include these patches. For unstable, only unstable-small has the patches: - linuxPackages: 4.4.25 -> 4.4.26 ( https://github.com/NixOS/nixpkgs-channels/commit/76a57d83b5a4df7c3ac85b25c5ab10d6fb415eb2 ) - linuxPackages_4_7: 4.7.8 -> 4.7.9 ( https://github.com/NixOS/nixpkgs-channels/commit/fabfb0a900b8bc732f0561d696ee72a800cba708 ) - linuxPackages_latest: 4.8.2 -> 4.8.3 ( https://github.com/NixOS/nixpkgs-channels/commit/0c3e5217fcf61ea652cdb3c661808c254eaa54df ) Standard unstable will move forward when all tests have passed. *All other *kernels available in NixOS 16.09 and Unstable are vulnerable and have not yet received patches. This includes: - linuxPackages_mptcp - linuxPackages_rpi - linuxPackages_3_10 - linuxPackages_3_10_tuxonice - linuxPackages_3_12 - linuxPackages_3_18 - linuxPackages_4_1 - linuxPackages_testing More information can be had at https://dirtycow.ninja/ Also included in this channel update are several fixes found in the latest vulnerability hunt. See: - https://github.com/NixOS/nixpkgs/issues/19678 - https://github.com/NixOS/nixpkgs/issues/13515#issuecomment-255272275 - https://github.com/NixOS/nixpkgs/issues/13515#issuecomment-255230815 - https://github.com/NixOS/nixpkgs/issues/13515#issuecomment-254993182 If you would like to help with future hunts and patches, please leave a comment on https://github.com/NixOS/nixpkgs/issues/19678 and I'll make sure to ping you. Thank you, Graham
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev