Kernel 2.4.32 has been released, containing some security fixes like [CAN-2005-0204] and the zlib issue. As far as I can see these issues have not been fixed in vanilla-sources or hardened-sources. There is also a new grsec patch for hardened-sources, containing a lot of fixes: http://grsecurity.net/news.php#grsec217 Apart from 2.4.32 release, shouldn't lead such security fixes to new -r ebuilds of the latest 2.4 kernel versions (http://linux.exosec.net/kernel/2.4-hf/)? You can find the following (security-)issues in 2.4, since 2.4.31 release, which are not in the gentoo ebuilds (AFAIK): http://linux.exosec.net/kernel/2.4-hf/2.4.31/2.4.31-hf8/CONTENTS Sorry in advance if I'm wrong! Reproducible: Always Steps to Reproduce: 1. 2. 3.
vanilla-sources-2.4.32 bumped by me with dsd's authorization.
Adding maintainers; {mips,openmosix,rsbac,xbox}-sources.
Toggle status.
http://linux.exosec.net/kernel/2.4-hf/2.4.32/2.4.32-hf32.1/CHANGELOG Shameless hint... ;) Or are those fixes considered too unimportant (a local DoS at least) for a revision bump?
Adding CCs; hardened and xbox: it may be beneficial if you add the backport patches.
sparc-sources 2.4.32-r1 and gentoo-sources 2.4.32-r1 resolve the issue with backports.
(In reply to comment #5) > Adding CCs; hardened and xbox: it may be beneficial if you add the backport > patches. got a link to the patches broken out?
> got a link to the patches broken out? 09-*.patch in the gentoo-sources-2.4.32-r2 patchball or here: http://linux.exosec.net/kernel/2.4-hf/2.4.32/2.4.32-hf32.1/2.4.32-hf32.1.split.tgz
Thanks Tim hardened-sources-2.4.32-r1 is in the tree now with the 09* patches as ~arch.
@cluster, kang: Any news on an update?
Tim, as you're updating the bug, it would be nice to see a new revision, including the patches from http://linux.exosec.net/kernel/2.4-hf/2.4.32/2.4.32-hf32.3/
(In reply to comment #11) > Tim, as you're updating the bug, it would be nice to see a new revision, > including the patches from > > http://linux.exosec.net/kernel/2.4-hf/2.4.32/2.4.32-hf32.3/ gentoo-sources-2.4.32-r3 in the tree. Maintainers please add the 09-* series of patches from the tarball if possible. The following maintainers still need to bump to 2.4.32: kurobox-sources (@nerdboy, adding to CC) openmosix-sources (@cluster, adding voxus to CC) rsbac-sources (@kang) Following maintainers please consider adding 09-* series of genpatches if possible, some/most of them may already be in your patchset: hardened-sources (solar) sparc-sources (gustavoz) xbox-sources (chrb/gimli)
(In reply to comment #12) > gentoo-sources-2.4.32-r3 in the tree. Maintainers please add the 09-* series of > patches from the tarball if possible. http://dev.gentoo.org/~plasmaroo/patches/kernel/gentoo-sources/gentoo-sources-2.4.32-r3.tar.bz2
Thanks Tim. hardened-sources-2.4.32 bumped to -r3 ~arch with the following new patches. 09-07.CAN-2004-1058.patch 09-08.fix-inode-overflow.patch 09-09.fix-ptrace-self-attach-rule.patch 09-10.fix-sockaddr_in-leaks.patch 09-11.orinoco-CVE-2005-3180.patch 09-12.wan-sdla-leak.patch
seems that only gentoo/hardened-sources are still maintained.
sparc-sources-2.4.32-r4 in and sparc stable.
There's a new hot fix release http://linux.exosec.net/kernel/2.4-hf/2.4.32/2.4.32-hf32.4/CHANGELOG
gentoo-sources-2.4.32-r4 now in Portage and stable, thanks. New security patches listed below; if you're on x86 note the tweak you'd probably have to do with one of them: * 09-13.vlan_ioctl-missing-checks.patch * 09-14.netfilter-ipt_recent-memleak.patch * 09-15.CVE-2006-1864.patch * 09-16.CVE-2006-1524.patch * 09-17.CVE-2006-1056-i386.patch <-- Do not use unless you have an lck scheduler * 09-17.CVE-2006-1056-i386.patch.orig <-- Use this instead (rename from .orig)
sparc-sources-2.4.32-r5 in as ~sparc for a couple of days. You probably want 2.4.32-via-rhine-zero-pad-short-packets-1 in too for hardened/gentoo-sources. New patches for r5: 4013-vlan_ioctl_missing_checks.patch 4014_netfilter-ipt_recent-memleak.patch 4015_CVE-2006-1864-smbfs-escape-chroot.patch 4016_CVE-2006-1524-fix-shm-mprotect.patch 4017_via-rhine-zero-pad-short-packets.patch
nerdboy: No response from you for a while, I've security masked kurobox-sources. Please bump to 2.4.32 and then feel free to unmask. Contact on IRC or mail if this is a problem. carlo: Further -hf announcements please just open a new bug to me, thanks :) All the other sources are fine now, changing bug status...
Reopen bug in order to add a valid whiteboard.
