Summary: | Linux <2.6.23.8 wait_task_stopped() DoS (CVE-2007-5500) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Aniruddha <mailingdotlist> |
Component: | Kernel | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bernd, chainsaw, kernel, kfm, svrmarty |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/27664/ | ||
Whiteboard: | [linux < 2.6.23.8][genpatches < 2.6.23-3] | ||
Package list: | Runtime testing required: | --- |
Description
Aniruddha
2007-11-19 19:56:10 UTC
Any update on this ? (In reply to comment #1) > Any update on this ? > Can someone confirm if the vulnerabilities are affecting the hardenend kernel please. The 2.6.23.18 patch was folded in to genpatches-2.6.23-3. Thus, hardened-sources-2.6.23-r2 was fixed as this was based upon that version of genpatches. Last time I checked, there are only 4 kernel ebuilds which are still based upon vulnerable versions of genpatches actually in portage: gentoo-sources-2.6.23 [genpatches-2.6.23-1] gentoo-sources-2.6.23-r1 [genpatches-2.6.23-2] tuxonice-sources-2.6.23 [genpatches-2.6.23-1] tuxonice-sources-2.6.23-r1 [genpatches-2.6.23-2] These versions have since been superceded by newer revisions (which are not subject to this vulnerability) so this bug is effectively resolved and I am marking it as such. Also removing hardened from the CC list as it is not a hardened issue. Actually, closing it is a little premature as there are still older kernel versions that are potentially affected. I'll add another post later, clarifying which ebuilds are affected. latest update from 2008 please close |