4 comments

[ 3.2 ms ] story [ 23.7 ms ] thread
> For encrypted HTTPS or SSH transmissions the worst that can be done is to break the connection

Another reason to only use encrypted connections.

So is this patched in popular distributions or is everyone vulnerable right now?
RedHat and Fedora: https://access.redhat.com/security/cve/cve-2016-5696 https://bugzilla.redhat.com/show_bug.cgi?id=1354708

"This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4 and 5.

This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 and will be addressed in a future update."

Ubuntu: https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2...

Debian: https://security-tracker.debian.org/tracker/CVE-2016-5696

Linux Kernel (4.7 carries the fix): https://github.com/torvalds/linux/commit/75ff39ccc1bd5d3c455...

Arch Linux will shortly release 4.7, which is how I see them fixing this issue instead of patching.

Part of the reason I stopped reading Slashdot was the daily The Register article on the front page. We have got 2 of these on HN front-page today.

I wish people would stop relying on tabloids like that, specially here.