Summary: | Linux < 2.6.25-rc5 gcc-4.3 missing DF clear memory corruption (CVE-2008-1367) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Kernel | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | gengor, hoffie, kernel, kfm, ziga.boehm |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://thread.gmane.org/gmane.linux.kernel/650180 | ||
Whiteboard: | [linux < 2.6.25_rc5] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2008-03-18 11:54:25 UTC
From my understanding of this, gcc 4.2 and 2.6.24 is perfectly fine. It's gcc 4.3 and < 2.6.25. And, gcc 4.3 and 2.6.25 is now fixed. Am I correct in saying this? (In reply to comment #1) > From my understanding of this, gcc 4.2 and 2.6.24 is perfectly fine. It's gcc > 4.3 and < 2.6.25. Yes. > And, gcc 4.3 and 2.6.25 is now fixed. Am I correct in saying this? The issue was addressed in the upcoming .25, but the workaround has not been introduced into our GCC. So we have to make sure the setups we support are safe (i.e. ~arch gcc 4.3 should come with ~arch linux 2.6.25). I'm not sure how far mixing ~arch and arch is supported (i.e. ~arch gcc 4.3 and arch linux <=2.6.24), but if the patch can be pulled down into the next .24 patchset, I'd rather have it in there before gcc 4.3 goes ~arch. This commit has been backported to the 2.6.24 stable tree and is included in 2.6.24.4 which is currently in the gentoo-sources patchset. Commit: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.24.y.git;a=commitdiff_plain;h=cc7571b226c93b032164ebb3ff3b365651c4652f ChangeLog: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.4 This patch will be in the next release of gentoo-sources. |