Bug#905966: linux-image-4.9.0-0.bpo.7-amd64: CVE-2018-5390 not fixed?
Package: src:linux
Version: 4.9.110-1~deb8u1
Severity: grave
Tags: newcomer
Dear Maintainer,
On august 6th DSA-4266-1 linux was announced
(https://www.debian.org/security/2018/dsa-4266.en.html).
However, source package linux-4.9 (debian oldstable, jessie) is not included in
the overview for CVE-2018-5390
(https://security-tracker.debian.org/tracker/CVE-2018-5390).
On august 8th an updated kernel package was published for affected
distributions with linux kernel 4.9+ (debian stable, stretch).
On debian jessie I can only install up to 4.9.0-0.bpo.7-amd64
(4.9.110-1~deb8u1), which, as far as I can tell, should be affected by
CVE-2018-5390 as well. As of today there does not seem to be any update
regarding this CVE with respect to linux-4.9 on debian oldstable (jessie).
Can I conclude linux-4.9 on debian oldstable is not affected, or will there be
an update for this package as well?
Thanks in advance,
Gerlof Fokkema
-- Package-specific info:
** Kernel log: boot messages should be attached
** Model information
sys_vendor: Supermicro
product_name: X8DTU
product_version: 1234567890
chassis_vendor: Supermicro
chassis_version: 1234567890
bios_vendor: American Megatrends Inc.
bios_version: 2.1c
board_vendor: Supermicro
board_name: X8DTU
board_version: 1234567890
-- System Information:
Debian Release: 8.10
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-0.bpo.7-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages linux-image-4.9.0-0.bpo.7-amd64 depends on:
ii initramfs-tools [linux-initramfs-tool] 0.120+deb8u3
ii kmod 18-3
ii linux-base 4.3~bpo8+1
Versions of packages linux-image-4.9.0-0.bpo.7-amd64 recommends:
ii firmware-linux-free 3.3
ii irqbalance 1.1.0-2~bpo8+1
Versions of packages linux-image-4.9.0-0.bpo.7-amd64 suggests:
pn debian-kernel-handbook <none>
ii grub-pc 2.02~beta2-22+deb8u1
pn linux-doc-4.9 <none>
Versions of packages linux-image-4.9.0-0.bpo.7-amd64 is related to:
pn firmware-amd-graphics <none>
pn firmware-atheros <none>
pn firmware-bnx2 <none>
pn firmware-bnx2x <none>
pn firmware-brcm80211 <none>
pn firmware-cavium <none>
pn firmware-intel-sound <none>
pn firmware-intelwimax <none>
pn firmware-ipw2x00 <none>
pn firmware-ivtv <none>
pn firmware-iwlwifi <none>
pn firmware-libertas <none>
pn firmware-linux-nonfree <none>
pn firmware-misc-nonfree <none>
pn firmware-myricom <none>
pn firmware-netxen <none>
pn firmware-qlogic <none>
pn firmware-realtek <none>
pn firmware-samsung <none>
pn firmware-siano <none>
pn firmware-ti-connectivity <none>
pn xen-hypervisor <none>
-- no debconf information
Reply to: