linux Linux Kernel 4.3.2 Hotfix Release Patches a Bug in X.509 Certificates

[vissha]

Linux Kernel 4.3.2 Hotfix Release Patches a Bug in X.509 Certificates

 

 

The bug affects Linux kernel 4.3.0 and 4.3.1

 

Quote

Just one day after the announcement of the first maintenance release of Linux kernel 4.3, renowned kernel maintainer Greg Kroah-Hartman published details about the availability for download of Linux kernel 4.3.2.

 

According to the release announcement, Linux kernel 4.3.2 fixes a time validation bug with regards to X.509 certificates, so those who don't use these certificates have no reason to panic and update to the second maintenance release of Linux kernel 4.3.

The bug does not only affect yesterday's Linux kernel 4.3.1 release, but also Linux kernel 4.3.0. In addition, Linux kernel 4.3.2 removes the false comparison from the asymmetric_keys function in crypto.

 

"I'm announcing the release of the 4.3.2 kernel. This release fixes a bug with regards to X.509 certificates," said Greg Kroah-Hartman. "If you don't use these certificates, no need to upgrade from 4.3.1. Note, the bug is also in 4.3.0, it is not new in 4.3.1.

 

As usual, you can find the updated Linux kernel 4.3.y git tree at git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.3.y and you can browse it at http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary.

 

GNU/Linux OS vendors and experienced users can download the Linux kernel 4.3.2 sources right now from the kernel.org website and start compiling it in their distributions by hand.

 

Source