Summary: | Kernel 2.4.32 released, containing security fixes (GENERIC-MAP-NOMATCH) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Andreas Korthaus <akorthaus> |
Component: | Kernel | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | carlo, chrb, gimli, gustavoz, hp-cluster, kang, nerdboy, security-kernel, solar, voxus |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.32 | ||
Whiteboard: | [linux <2.4.32] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 113326, 113327, 113504, 114227 |
Description
Andreas Korthaus
2005-11-17 02:53:16 UTC
vanilla-sources-2.4.32 bumped by me with dsd's authorization. Adding maintainers; {mips,openmosix,rsbac,xbox}-sources. Toggle status. http://linux.exosec.net/kernel/2.4-hf/2.4.32/2.4.32-hf32.1/CHANGELOG Shameless hint... ;) Or are those fixes considered too unimportant (a local DoS at least) for a revision bump? Adding CCs; hardened and xbox: it may be beneficial if you add the backport patches. sparc-sources 2.4.32-r1 and gentoo-sources 2.4.32-r1 resolve the issue with backports. (In reply to comment #5) > Adding CCs; hardened and xbox: it may be beneficial if you add the backport > patches. got a link to the patches broken out? > got a link to the patches broken out? 09-*.patch in the gentoo-sources-2.4.32-r2 patchball or here: http://linux.exosec.net/kernel/2.4-hf/2.4.32/2.4.32-hf32.1/2.4.32-hf32.1.split.tgz Thanks Tim hardened-sources-2.4.32-r1 is in the tree now with the 09* patches as ~arch. @cluster, kang: Any news on an update? Tim, as you're updating the bug, it would be nice to see a new revision, including the patches from http://linux.exosec.net/kernel/2.4-hf/2.4.32/2.4.32-hf32.3/ (In reply to comment #11) > Tim, as you're updating the bug, it would be nice to see a new revision, > including the patches from > > http://linux.exosec.net/kernel/2.4-hf/2.4.32/2.4.32-hf32.3/ gentoo-sources-2.4.32-r3 in the tree. Maintainers please add the 09-* series of patches from the tarball if possible. The following maintainers still need to bump to 2.4.32: kurobox-sources (@nerdboy, adding to CC) openmosix-sources (@cluster, adding voxus to CC) rsbac-sources (@kang) Following maintainers please consider adding 09-* series of genpatches if possible, some/most of them may already be in your patchset: hardened-sources (solar) sparc-sources (gustavoz) xbox-sources (chrb/gimli) (In reply to comment #12) > gentoo-sources-2.4.32-r3 in the tree. Maintainers please add the 09-* series of > patches from the tarball if possible. http://dev.gentoo.org/~plasmaroo/patches/kernel/gentoo-sources/gentoo-sources-2.4.32-r3.tar.bz2 Thanks Tim. hardened-sources-2.4.32 bumped to -r3 ~arch with the following new patches. 09-07.CAN-2004-1058.patch 09-08.fix-inode-overflow.patch 09-09.fix-ptrace-self-attach-rule.patch 09-10.fix-sockaddr_in-leaks.patch 09-11.orinoco-CVE-2005-3180.patch 09-12.wan-sdla-leak.patch seems that only gentoo/hardened-sources are still maintained. sparc-sources-2.4.32-r4 in and sparc stable. There's a new hot fix release http://linux.exosec.net/kernel/2.4-hf/2.4.32/2.4.32-hf32.4/CHANGELOG gentoo-sources-2.4.32-r4 now in Portage and stable, thanks. New security patches listed below; if you're on x86 note the tweak you'd probably have to do with one of them: * 09-13.vlan_ioctl-missing-checks.patch * 09-14.netfilter-ipt_recent-memleak.patch * 09-15.CVE-2006-1864.patch * 09-16.CVE-2006-1524.patch * 09-17.CVE-2006-1056-i386.patch <-- Do not use unless you have an lck scheduler * 09-17.CVE-2006-1056-i386.patch.orig <-- Use this instead (rename from .orig) sparc-sources-2.4.32-r5 in as ~sparc for a couple of days. You probably want 2.4.32-via-rhine-zero-pad-short-packets-1 in too for hardened/gentoo-sources. New patches for r5: 4013-vlan_ioctl_missing_checks.patch 4014_netfilter-ipt_recent-memleak.patch 4015_CVE-2006-1864-smbfs-escape-chroot.patch 4016_CVE-2006-1524-fix-shm-mprotect.patch 4017_via-rhine-zero-pad-short-packets.patch nerdboy: No response from you for a while, I've security masked kurobox-sources. Please bump to 2.4.32 and then feel free to unmask. Contact on IRC or mail if this is a problem. carlo: Further -hf announcements please just open a new bug to me, thanks :) All the other sources are fine now, changing bug status... Reopen bug in order to add a valid whiteboard. |