Hi all, CVE-2016-5195 is a serious privilege escalation impacting all kernels released before 10/20. The channel is currently in the process of updating, but the cache already contains binaries for 4.8.3 and 4.4.26. If you are currently building your system against the channel or an old checkout of nixpkgs that you cannot update, please check out a recent revision of nixpkgs (later than 0b20f6daba35575a7d4d2a61f42830d793a12892 on 16.09, later than 76a57d83b5a4df7c3ac85b25c5ab10d6fb415eb2 on master) and add the following to your configuration.nix:
system.replaceRuntimeDependencies = [ ({ original = config.boot.kernelPackages.kernel; replacement = (import /path/to/new/nixpkgs {}).linux; /* or linux_latest if using 4.8 */ }) ]; Thanks, Shea
signature.asc
Description: PGP signature
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev