Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 54976
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 54976 depends on: Show dependency tree
Bug 54976 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-06-24 01:23 0000 
From the RedHat advisory (http://rhn.redhat.com/errata/RHSA-2004-260.html):

Enhancements were committed to the 2.6 kernel by Al Viro which enabled the
Sparse source code checking tool to check for a certain class of kernel
bugs. A subset of these fixes also applies to various drivers in the 2.4
kernel. These flaws could lead to privilege escalation or access to kernel
memory. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0495 to these issues.

------- Comment #1 From Tim Yamin (RETIRED) 2004-06-25 15:17:09 0000 ------- 
*** Bug 54977 has been marked as a duplicate of this bug. ***

------- Comment #2 From Tim Yamin (RETIRED) 2004-06-25 15:18:19 0000 ------- 
------- Merging Comment #0 From Bug #54977 2004-06-24 01:26 PST -------

From the Mandrake advisory
(http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:062):

A vulnerability in the e1000 driver for the Linux kernel 2.4.26 and
earlier was discovered by Chris Wright.  The e1000 driver does not
properly reset memory or restrict the maximum length of a data
structure, which can allow a local user to read portions of kernel
memory (CAN-2004-0535).

------- Comment #3 From Tim Yamin (RETIRED) 2004-06-25 15:23:58 0000 ------- 
Most things should now be patched; adding externally maintained sources on to
the CC lists for kernels which need patching for both CAN-2004-0495 and
CAN-2004-0535:

sys-kernel/grsec-sources - Adding solar...
sys-kernel/hardened-sources - Adding hardened...
sys-kernel/hardened-dev-sources - Same as above...
sys-kernel/hppa-dev-sources - Adding GMSoft; this just needs 2.6.7 stable.
sys-kernel/hppa-sources - Adding GMSoft; this needs patching.
sys-kernel/openmosix-sources - Adding cluster...
sys-kernel/pegasos-sources - Adding dholm...
sys-kernel/rsbac-dev-sources - Adding kang...

------- Comment #4 From solar 2004-06-25 21:52:37 0000 ------- 
../../gentoo-sources/files/gentoo-sources-2.4.CAN-2004-0495.patch
../../gentoo-sources/files/gentoo-sources-2.4.CAN-2004-0535.patch
Above added to grsec-sources/files/
Updated digests and verified a clean src_unpack.
Added ChangeLog references to this bug.
Unable to verify runtime at this point in time.

------- Comment #5 From David Holm (RETIRED) 2004-06-27 13:49:54 0000 ------- 
pegasos-sources has been updated

------- Comment #6 From Tim Yamin (RETIRED) 2004-06-29 09:25:54 0000 ------- 
Hardened-dev-sources is OK now; it's been bumped to 2.6.7.

------- Comment #7 From Tim Yamin (RETIRED) 2004-06-29 09:27:07 0000 ------- 
Adding `Kumba for mips-sources...

------- Comment #8 From Kurt Lieber 2004-06-29 10:01:02 0000 ------- 
belatedly adding Chris for selinux-sources.

------- Comment #9 From Andrea Luzzardi 2004-06-29 10:36:24 0000 ------- 
hardened-sources updated

------- Comment #10 From Chris PeBenito 2004-06-29 11:03:25 0000 ------- 
selinux-src fixed

------- Comment #11 From SpanKY 2004-06-29 15:43:42 0000 ------- 
hppa-dev-sources is stable now

------- Comment #12 From Brandon Hale (RETIRED) 2004-06-29 22:36:44 0000 ------- 
hardened-dev-sources-2.6.7 marked ~x86 ~ppc ~amd64
it only has a stable version on amd64. This might be a good time
for arch testing :)

------- Comment #13 From Guillaume Destuynder (RETIRED) 2004-06-30 06:00:16 0000 ------- 
- rsbac-sources: fixed CAN 0535/0495
- rsbac-dev-sources: is using kernel 2.6.7

sorry for the little delay, cvs was buggy and today update fixed things so that i could upload finally a new rsbac-sources.

------- Comment #14 From Konstantin Arkhipov 2004-06-30 07:36:24 0000 ------- 
openmosix-sources: fixed in -r10, will be unmasked soon.
(patches taken from gentoo-sources, tested)

------- Comment #15 From Joshua Kinard 2004-07-01 16:40:54 0000 ------- 
Added to mips-sources

------- Comment #16 From Guy Martin 2004-07-03 15:18:54 0000 ------- 
Stable on hppa.

------- Comment #17 From Tim Yamin (RETIRED) 2004-07-03 16:05:28 0000 ------- 
GLSA 200407-02; http://article.gmane.org/gmane.linux.gentoo.announce/382;
closing as FIXED.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug