First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 59769
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Matthias Geerdsen <vorlon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
plasmaroo: ()

Filename Description Type Creator Created Size Actions
CAN-2004-0685.patch Patch patch Tim Yamin (RETIRED) 2004-08-08 08:47 0000 2.74 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 59769 depends on: Show dependency tree
Show dependency graph
Bug 59769 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-08-08 07:35 0000 
Kernel 2.4.27 fixes among other things a few security issues, at least some of
them have already been fixed with patches before....
Not sure about CAN-2004-0565 and CAN-2004-685

From the changelog:

Here is a list of the most important security issues fixed by this release:

CAN-2004-0495 (Al Viro sparse fixes)
CAN-2004-0497 (users could modify group ID of arbitrary files on the system)
CAN-2004-0535 (e1000 minor info leak)
CAN-2004-0685 (backported Conectiva usb sparse fixes)
CAN-2004-0415 (file offset pointer handling race)
CAN-2004-0565 (information leak ia64)




Reproducible: Always
Steps to Reproduce:

------- Comment #1 From Tim Yamin (RETIRED) 2004-08-08 07:44:40 0000 ------- 
CAN-2004-0415 - Patched for *
CAN-2004-0495 - Patched for *
CAN-2004-0497 - Patched for *
CAN-2004-0535 - Patched for *
CAN-2004-0565 - Patched for ia64-sources; only these and {development,mm} have an ia64 KEYWORD.

CAN-2004-0685 - Not patched, 2.4 only.

------- Comment #2 From Tim Yamin (RETIRED) 2004-08-08 08:47:20 0000 ------- 
Created an attachment (id=37041) [edit]
Patch

------- Comment #3 From Tim Yamin (RETIRED) 2004-08-08 16:18:02 0000 ------- 
All done, the following are left for their relevant maintainers:

grsec-sources: Adding solar to the CC list.
hppa-sources: Adding GMSoft to the CC list.
mips-sources: Adding Kumba to the CC list.
openmosix-sources: Adding the cluster herd to the CC list.
{pegasos,ppc}-sources: Adding dholm to the CC list.
rsbac-sources: Adding kang to the CC list.
selinux-sources: Adding the hardened herd to the CC list.
sparc-sources: Adding the Gentoo/SPARC team to the CC list.

------- Comment #4 From solar 2004-08-08 16:59:02 0000 ------- 
grsec-sources 2.4.17 is in the tree. 
I'd like to pull 2.4.26 before having to add yet another patch for it.

------- Comment #5 From Konstantin Arkhipov 2004-08-09 06:17:33 0000 ------- 
done openmosix-sources

------- Comment #6 From Guy Martin 2004-08-09 15:59:07 0000 ------- 
Done on hppa.

------- Comment #7 From Guillaume Destuynder 2004-08-10 02:41:35 0000 ------- 
all done for rsbac-sources

------- Comment #8 From Joshua Kinard 2004-08-11 02:49:28 0000 ------- 
mips-sources all patched up.

------- Comment #9 From Gustavo Zacarias (RETIRED) 2004-08-12 05:47:46 0000 ------- 
sparc-sources-2.4.27 is out and stable courtesy of Joker, fixed.

------- Comment #10 From David Holm (RETIRED) 2004-08-12 06:29:01 0000 ------- 
We are going to deprecate {ppc,pegasos}-sources as the 2.4 tree for ppc is no
longer actively developed. I hope to be able to get this done later today.

------- Comment #11 From Chris PeBenito 2004-08-13 20:13:21 0000 ------- 
selinux-src fixed

------- Comment #12 From Tim Yamin (RETIRED) 2004-08-26 04:50:04 0000 ------- 
GLSA 200408-24.
First Last Prev Next    No search results available      Search page      Enter new bug