First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 72317
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
plasmaroo: ()

Filename Description Type Creator Created Size Actions
linux-2.4.27-AF_UNIX.patch 2.4 Patch patch Tim Yamin (RETIRED) 2004-11-24 08:25 0000 515 bytes Details | Diff
linux-2.6.9-AF_UNIX.patch 2.6 Patch patch Tim Yamin (RETIRED) 2004-11-28 03:45 0000 469 bytes Details | Diff
linux-2.6-AF_UNIX.SELinux.patch Extra 2.6 Patch for CAN-2004-1069 patch Tim Yamin (RETIRED) 2004-12-19 10:38 0000 1.72 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 72317 depends on: Show dependency tree
Bug 72317 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-11-23 23:51 0000 
Only affects <2.4.28.

------- Comment #1 From Tim Yamin (RETIRED) 2004-11-24 08:25:55 0000 ------- 
Created an attachment (id=44640) [details]
Patch

------- Comment #2 From Guy Martin 2004-11-24 09:39:48 0000 ------- 
hppa-sources done.

------- Comment #3 From solar 2004-11-24 10:24:37 0000 ------- 
scox if you can't bump hardened-sources to 2.4.28 then please add this patch.

------- Comment #4 From Tim Yamin (RETIRED) 2004-11-28 03:45:36 0000 ------- 
Created an attachment (id=44854) [details]
2.6 Patch

------- Comment #5 From Adam Mondl (RETIRED) 2004-11-28 11:52:08 0000 ------- 
hardened-sources-2.4.28 ~arch in tree

------- Comment #6 From Tim Yamin (RETIRED) 2004-12-01 11:55:58 0000 ------- 
Ok, all done. Following externally maintained sources need patching:

gentoo-dev-sources - Adding dsd...
hardened-dev-sources - Adding hardened herd...
hppa-dev-sources - Adding GMSoft...
mips-sources - Adding Kumba...
openmosix-sources - Adding cluster herd...
pegasos-dev-sources - Adding dholm...
rsbac-dev-sources - Adding kang...

------- Comment #7 From Adam Mondl (RETIRED) 2004-12-01 13:54:44 0000 ------- 
Fixed in stable hardened-dev-sources-r16

------- Comment #8 From Joshua Kinard 2004-12-01 20:52:22 0000 ------- 
mips-sources fixed.

------- Comment #9 From Daniel Drake 2004-12-02 07:43:11 0000 ------- 
gentoo-dev-sources done

------- Comment #10 From Guillaume Destuynder (RETIRED) 2004-12-02 10:56:55 0000 ------- 
rsbac-dev-sources: fixed.

------- Comment #11 From Konstantin Arkhipov 2004-12-02 11:55:42 0000 ------- 
done for oM-sources.

------- Comment #12 From David Holm (RETIRED) 2004-12-04 05:49:12 0000 ------- 
pegasos-dev-sources fixed

------- Comment #13 From Guy Martin 2004-12-08 09:11:23 0000 ------- 
hppa-dev-sources done.

------- Comment #14 From Thierry Carrez (RETIRED) 2004-12-15 02:54:09 0000 ------- 
---------------snip-----------------
CAN-2004-1068:

A race condition was discovered in the handling of AF_UNIX network packets.
This reportedly allowed local users to modify arbitrary kernel memory,
facilitating privilege escalation, or possibly allowing code execution in the
context of the kernel.

CAN-2004-1069:

Ross Kendall Axe discovered a possible kernel panic (causing a Denial of
Service) while sending AF_UNIX network packages if the kernel options
CONFIG_SECURITY_NETWORK and CONFIG_SECURITY_SELINUX are enabled.
---------------snip--------------

Does our patches also cover the SELinux-specific problem (-1069) ?

------- Comment #15 From Daniel Drake 2004-12-15 08:27:10 0000 ------- 
Doubtful.. Perhaps this patch is it?
http://linux.bkbits.net:8080/linux-2.6/cset@1.2055.4.76
http://linux.bkbits.net:8080/linux-2.6/cset@1.2055.40.68

------- Comment #16 From Tim Yamin (RETIRED) 2004-12-19 10:38:40 0000 ------- 
Created an attachment (id=46357) [details]
Extra 2.6 Patch for CAN-2004-1069

------- Comment #17 From Tim Yamin (RETIRED) 2004-12-19 10:41:58 0000 ------- 
*** IMPORTANT *** The following maintainers need to add also the CAN-2004-1069
patch on this bug. Please note that CAN-2004-1069 only applies to 2.6...

gentoo-dev-sources - dsd, please patch...
hardened-dev-sources - hardened herd, please patch...
hppa-dev-sources - Adding GMSoft...
mips-sources - Adding Kumba...
pegasos-dev-sources - Adding dholm...
rsbac-dev-sources - kang, please patch...

------- Comment #18 From Guillaume Destuynder (RETIRED) 2004-12-19 15:52:36 0000 ------- 
rsbac-dev-sources: fixed for CAN-2004-1069.

------- Comment #19 From Adam Mondl (RETIRED) 2004-12-24 16:59:46 0000 ------- 
hardened-dev-sources-r18 has CAN-2004-1069 patch added

------- Comment #20 From Daniel Drake 2004-12-24 19:25:12 0000 ------- 
gentoo-dev-sources done

------- Comment #21 From David Holm (RETIRED) 2004-12-25 05:30:40 0000 ------- 
pegasos-dev-sources fixed

------- Comment #22 From Joshua Kinard 2005-01-05 21:21:15 0000 ------- 
mips-sources fixed.

------- Comment #23 From Guy Martin 2005-01-08 17:43:52 0000 ------- 
hppa-sources-2.6.10 isn't affected by this one. (patch say it's already
applied)

------- Comment #24 From Tim Yamin (RETIRED) 2005-01-15 14:41:37 0000 ------- 
All kernels fixed, closing bug; notifications are being migrated away from
GLSAs for kernels, more news coming soon so stay tuned :-]

------- Comment #25 From Robert Buchholz 2009-05-03 13:31:02 0000 ------- 
CAN-2004-1068:
http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=bfa523d1df4634ac74e412d0dc3afb9620071d00

CAN-2004-1069:
http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=2c6e4a98d34cce702ea5ffcf66fd8c414ee24cf8
First Last Prev Next    No search results available      Search page      Enter new bug