<gentoo-sources-2.6.30-r5 are vulnerable, but no >=gentoo-sources-2.6.30-r5 is marked as stable for amd64 ... *gentoo-sources-2.6.30-r5 (14 Aug 2009) 14 Aug 2009; Mike Pagano <mpagano@gentoo.org> +gentoo-sources-2.6.30-r5.ebuild: Fix for (CVE-2009-2692), Kernel: NULL pointer dereference due to incorrect proto_ops initializations. Fix for Linux Kernel clock_nanosleep() NULL Pointer Dereference, SA36200. Security hid dereference before null check fix. New patch for fbcondecor. Reproducible: Always Actual Results: gentoo-sources-2.6.30-r5 and gentoo-sources-2.6.30-r6 aren't stable for amd64 Expected Results: gentoo-sources-2.6.30-r5 or gentoo-sources-2.6.30-r6 marked as stable for amd64
Keywords: gentoo-sources-2.6.30-r4: amd64 hppa ppc ppc64 Keywords: gentoo-sources-2.6.30-r5: Keywords: gentoo-sources-2.6.30-r6: alpha arm ia64 sh sparc x86 ~amd64 ~hppa ~ppc ~ppc64
(In reply to comment #1) Glad someone pointed out the same problem exists on ppc. Given the seriousness of this bug, newer unstable kernels have to be used immediately, but it would be nice if they became stable soon. :-)
This is a serious security issue, especially for anyone running a multi-user system because there is a known method for privilege escalation *in the wild*. Please stabilize this.
Read the last paragraph on mitigation: http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html And now stop the hysteria. Thanks.
The security "hysteria" aside, this patch closes the hole, it's stable in x86 and even more exotic distros (but not ppc or amd64), and it's already been released to every other major distribution as a stable update. Why NOT stabilize it? And back to the "hysteria," why NOT stabilize it?
Tell us three times how serious it is won't make it happen faster.. anyway, amd64 done
ppc stable
pressed a wrong button, sorry
ppc64 done
Thanks, arch teams.