[Nix-dev] Patches in nixos-16.09, nixos-unstable-small Channels for CVE-2016-5195 ("DirtyCow", Linux Kernel Privilege Escalation Vulnerability)

[Graham Christensen]

Hello Nixers,

All Linux kernels since 2.6.22 have been vulnerable to a privilege
escalation bug.

Please upgrade immediately.

This issue was discovered and patched on October 18. The fix was released
yesterday, and the 16.09 channel now includes the fix for the following
kernels:

 - linuxPackages: 4.4.25 -> 4.4.26  (
https://github.com/NixOS/nixpkgs/commit/0b20f6daba35575a7d4d2a61f42830d793a12892
)
 - linuxPackages_4_7: 4.7.8 -> 4.7.9 (
https://github.com/NixOS/nixpkgs/commit/7e5cfb7d82bbe29cb83333638e2d0ead60260c6e
)
 - linuxPackages_latest: 4.8.2 -> 4.8.3 (
https://github.com/NixOS/nixpkgs/commit/0ed0d08c7291da58b4c20c68d2ae89b2934555ab
)

When updating please ensure you have `nixos-16.09.819.31c72ce` or newer.
The previous version (`nixos-16.09.773.b8ede35` and older) do not include
these patches.

For unstable, only unstable-small has the patches:

 - linuxPackages: 4.4.25 -> 4.4.26  (
https://github.com/NixOS/nixpkgs-channels/commit/76a57d83b5a4df7c3ac85b25c5ab10d6fb415eb2
)
 - linuxPackages_4_7: 4.7.8 -> 4.7.9 (
https://github.com/NixOS/nixpkgs-channels/commit/fabfb0a900b8bc732f0561d696ee72a800cba708
)
 - linuxPackages_latest: 4.8.2 -> 4.8.3 (
https://github.com/NixOS/nixpkgs-channels/commit/0c3e5217fcf61ea652cdb3c661808c254eaa54df
)

Standard unstable will move forward when all tests have passed.

*All other *kernels available in NixOS 16.09 and Unstable are vulnerable
and have not yet received patches.

This includes:
 - linuxPackages_mptcp
 - linuxPackages_rpi
 - linuxPackages_3_10
 - linuxPackages_3_10_tuxonice
 - linuxPackages_3_12
 - linuxPackages_3_18
 - linuxPackages_4_1
 - linuxPackages_testing

More information can be had at https://dirtycow.ninja/



Also included in this channel update are several fixes found in the latest
vulnerability hunt. See:

 - https://github.com/NixOS/nixpkgs/issues/19678
 - https://github.com/NixOS/nixpkgs/issues/13515#issuecomment-255272275
 - https://github.com/NixOS/nixpkgs/issues/13515#issuecomment-255230815
 - https://github.com/NixOS/nixpkgs/issues/13515#issuecomment-254993182

If you would like to help with future hunts and patches, please leave a
comment on https://github.com/NixOS/nixpkgs/issues/19678 and I'll make sure
to ping you.


Thank you,
Graham

_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev