First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 75963
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Kerin Millar <kerframil@gmail.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
linux-2.6-75963.patch Patch patch Tim Yamin (RETIRED) 2005-01-07 12:15 0000 979 bytes Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 75963 depends on: Show dependency tree
Bug 75963 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-12-28 16:23 0000 
While browsing recent posts from the LKML I noticed one from Lee Revell (see
this bug's URL field). Here's some more information:

* http://lkml.org/lkml/2004/12/28/116

  Lee's follow-up to his original post.

* http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-12/0390.html

  A bugtraq post which details the flaw in more detail.
* http://mithra.immunix.com/pipermail/linux-security-module/2004-December/5769.html

  A post on the linux-security-module list containing a patch that apparently
  fixes the flaw.

Apparently, this is something that was discovered some time ago and a patch was
prepared at that time; accordingly, the bugtraq report looks very similar to a
report that was filed some time ago. The folks on the linux-security-module
list didn't seem overly certain as to whether (a) the flaw was genuine (b) it
came about as a result of the patch not making it in the first time. In any
case, it's been corroborated at least once so I thought I'd pass this on.

------- Comment #1 From Tim Yamin (RETIRED) 2005-01-07 12:15:08 0000 ------- 
Created an attachment (id=47888) [edit]
Patch

------- Comment #2 From Daniel Drake 2005-01-09 08:31:49 0000 ------- 
gentoo-dev-sources done

------- Comment #3 From Adam Mondl (RETIRED) 2005-01-11 20:45:02 0000 ------- 
~x86 hardened-dev-sources-2.6.10 patched

------- Comment #4 From Tim Yamin (RETIRED) 2005-01-15 14:19:00 0000 ------- 
Following externally maintained-sources need patching:

hppa-sources -- Adding GMSoft...
mips-sources -- Adding `Kumba...
pegasos-sources -- Adding dholm...
rsbac-sources -- Adding kang...

------- Comment #5 From David Holm (RETIRED) 2005-01-16 05:12:44 0000 ------- 
pegasos-sources fixed

------- Comment #6 From Guy Martin 2005-01-16 05:29:15 0000 ------- 
Fixed in hppa-sources

------- Comment #7 From Guillaume Destuynder (RETIRED) 2005-01-18 14:21:13 0000 ------- 
fixed for rsbac-sources  (2.6.10-r1) (sorry for the delay again; hard isp
issues lately:/)

------- Comment #8 From Thierry Carrez (RETIRED) 2005-03-16 03:16:39 0000 ------- 
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all
of these...

------- Comment #9 From Robert Paskowitz (RETIRED) 2005-05-17 16:19:10 0000 ------- 
KISS shows this one is all fixed:
http://kiss.gentoo.org/dev/viewBug.php?BugID=75963

------- Comment #10 From Tim Yamin (RETIRED) 2005-05-27 11:38:15 0000 ------- 
All fixed, closing bug.

------- Comment #11 From Robert Buchholz 2009-05-03 14:27:44 0000 ------- 
http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commit;h=d3270a94d8da4d8eecfa54a397d530e36c8df134
First Last Prev Next    No search results available      Search page      Enter new bug