Only affects <2.4.28.
Created attachment 44640 [details, diff] 2.4 Patch
hppa-sources done.
scox if you can't bump hardened-sources to 2.4.28 then please add this patch.
Created attachment 44854 [details, diff] 2.6 Patch
hardened-sources-2.4.28 ~arch in tree
Ok, all done. Following externally maintained sources need patching: gentoo-dev-sources - Adding dsd... hardened-dev-sources - Adding hardened herd... hppa-dev-sources - Adding GMSoft... mips-sources - Adding Kumba... openmosix-sources - Adding cluster herd... pegasos-dev-sources - Adding dholm... rsbac-dev-sources - Adding kang...
Fixed in stable hardened-dev-sources-r16
mips-sources fixed.
gentoo-dev-sources done
rsbac-dev-sources: fixed.
done for oM-sources.
pegasos-dev-sources fixed
hppa-dev-sources done.
---------------snip----------------- CAN-2004-1068: A race condition was discovered in the handling of AF_UNIX network packets. This reportedly allowed local users to modify arbitrary kernel memory, facilitating privilege escalation, or possibly allowing code execution in the context of the kernel. CAN-2004-1069: Ross Kendall Axe discovered a possible kernel panic (causing a Denial of Service) while sending AF_UNIX network packages if the kernel options CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX are enabled. ---------------snip-------------- Does our patches also cover the SELinux-specific problem (-1069) ?
Doubtful.. Perhaps this patch is it? http://linux.bkbits.net:8080/linux-2.6/cset@1.2055.4.76 http://linux.bkbits.net:8080/linux-2.6/cset@1.2055.40.68
Created attachment 46357 [details, diff] Extra 2.6 Patch for CAN-2004-1069
*** IMPORTANT *** The following maintainers need to add also the CAN-2004-1069 patch on this bug. Please note that CAN-2004-1069 only applies to 2.6... gentoo-dev-sources - dsd, please patch... hardened-dev-sources - hardened herd, please patch... hppa-dev-sources - Adding GMSoft... mips-sources - Adding Kumba... pegasos-dev-sources - Adding dholm... rsbac-dev-sources - kang, please patch...
rsbac-dev-sources: fixed for CAN-2004-1069.
hardened-dev-sources-r18 has CAN-2004-1069 patch added
hppa-sources-2.6.10 isn't affected by this one. (patch say it's already applied)
All kernels fixed, closing bug; notifications are being migrated away from GLSAs for kernels, more news coming soon so stay tuned :-]
CAN-2004-1068: http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=bfa523d1df4634ac74e412d0dc3afb9620071d00 CAN-2004-1069: http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=2c6e4a98d34cce702ea5ffcf66fd8c414ee24cf8