+++ This bug was initially created as a clone of Bug #572384 +++ We need an updated ebuild for hardened-sources
Hardened sourcces using the recommended settings (in particular CONFIG_PAX_REFCOUNT) reduce significantly the effect of the issue to a local DoS (not affecting the kernel), hence I have reduced the importance of the bug.
hardened-sources-4.3.3-r7 should have the fix
(In reply to Magnus Granberg from comment #2) > hardened-sources-4.3.3-r7 should have the fix Do we want to patch also 4.1 for does not want to update to 4.3 ?
(In reply to Agostino Sarubbo from comment #3) > (In reply to Magnus Granberg from comment #2) > > hardened-sources-4.3.3-r7 should have the fix > > Do we want to patch also 4.1 for does not want to update to 4.3 ? I will be moving to stabilize new hardened sources past 4.3.3-r7 soon. However, I'm not in a rush because PAX_REFCOUNT is a safe options which is turned on by default with even the most lax of grsec/pax settings. Its better to make sure 4.3.4 which is hitting the tree now doesn't introduce *worse* problems rather than fixing this relatively small security bug --- relatively small in the hardened world.
(In reply to Anthony Basile from comment #4) > I will be moving to stabilize new hardened sources past 4.3.3-r7 soon. > However, I'm not in a rush because PAX_REFCOUNT is a safe options which is > turned on by default with even the most lax of grsec/pax settings. Its > better to make sure 4.3.4 which is hitting the tree now doesn't introduce > *worse* problems rather than fixing this relatively small security bug --- > relatively small in the hardened world. Is fair enough..but I just want to remember that we don't know the settings of all users, so we are supposing that PAX_REFCOUNT is enabled which could not be in some cases.
(In reply to Agostino Sarubbo from comment #5) > (In reply to Anthony Basile from comment #4) > > I will be moving to stabilize new hardened sources past 4.3.3-r7 soon. > > However, I'm not in a rush because PAX_REFCOUNT is a safe options which is > > turned on by default with even the most lax of grsec/pax settings. Its > > better to make sure 4.3.4 which is hitting the tree now doesn't introduce > > *worse* problems rather than fixing this relatively small security bug --- > > relatively small in the hardened world. > > Is fair enough..but I just want to remember that we don't know the settings > of all users, so we are supposing that PAX_REFCOUNT is enabled which could > not be in some cases. i have marked 4.4.2 stable which contains the fix. Security Team, please proceed.
Please cleanup vulnerable versions.
(In reply to Agostino Sarubbo from comment #7) > Please cleanup vulnerable versions. all possibly vulnerable versions are off the tree.
CVE-2016-0728 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0728): The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
Thank you to all for their work! Closing as kernels do not receive GLSA's.