Arch teams, please consider marking gentoo-sources-2.6.32-r18 and vanilla-sources-2.6.32.22 stable. These versions contain the fix for the recent root vulnerability described here: http://www.theregister.co.uk/2010/09/15/linux_kernel_regression_bug/ No wide affecting bugs exist at this time.
(In reply to comment #0) > Arch teams, please consider marking gentoo-sources-2.6.32-r18 and > vanilla-sources-2.6.32.22 stable. These versions contain the fix for the recent > root vulnerability described here: > > http://www.theregister.co.uk/2010/09/15/linux_kernel_regression_bug/ > > No wide affecting bugs exist at this time. > The exploit only affects amd64. I got permission from that arch team to fast track stabilization of hardened-sources. See bug #338273. You may want to do the same Mike. I'll help by testing them on my systems here are report back.
(In reply to comment #1) > > I'll help by testing them on my systems here are report back. > I've tested both gentoo-sources-2.6.32-r18 and vanilla-sources-2.6.32.22, compiling most modules and booting. Both show no issues. I also tested the public exploit and neither are vulnerable.
Maybe summary should be changed to include current gentoo-sources-2.6.34-r10. Tested gentoo-sources-2.6.34-r10 on amd64 desktop production system. Results fine, root exploit not working anymore. Will provide results for additional test on server system in few hours.
gentoo-sources-2.6.34-r10 tested on amd64 production server system. Works fine. Gentoo devs pls consider stabilization soon!
alpha/arm/ia64/sh/sparc stable
amd64 done. Thanks Marko
Arch Teams who have yet to stabilize, please spend your time instead stabilizing 2.6.32-r20 in bug #341833
