Bug 250559 (CVE-2008-5395)

Summary:	Kernel: PA-RISC DoS (CVE-2008-5395)
Product:	Gentoo Security	Reporter:	Stefan Behte (RETIRED) <craig>
Component:	Kernel	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	kernel
Priority:	High
Version:	unspecified
Hardware:	HPPA
OS:	Linux
URL:	http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=7a3f5134a8f5bd7fa38b5645eef05e8a4eb62951
Whiteboard:	[linux <2.6.27.8] [genpatches <2.6.27-8]
Package list:		Runtime testing required:	---
Bug Depends on:	266792
Bug Blocks:

Description Stefan Behte (RETIRED) gentoo-dev

2008-12-10 21:40:59 UTC

CVE-2008-5395 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5395):
  The parisc_show_stack function in arch/parisc/kernel/traps.c in the
  Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause
  a denial of service (system crash) via vectors associated with an
  attempt to unwind a stack that contains userspace addresses.

Comment 1 Axel Dyks 2008-12-16 20:33:33 UTC

Patch went into 2.6.27.9 vanilla
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commitdiff;h=16a476e1419249a1c0733fdb683f29c9bde6f941

--> it's in genpatches 2.6.27-8
--> it's in gentoo-sources-2.6.27-r6

Comment 2 Jeroen Roovers (RETIRED) gentoo-dev

2009-04-13 15:31:11 UTC

For the record: HPPA == PA-RISC. Thanks.

Comment 3 Jeroen Roovers (RETIRED) gentoo-dev

2009-04-13 15:34:05 UTC

I'll check whether going stable early on a 2.6.28 kernel is the way for HPPA. I've been meaning to stabilise a 2.6.28 for a while now. Btw, hardened has nothing to do with this as HPPA doesn't do a hardened kernel or profile.

Comment 4 Jeroen Roovers (RETIRED) gentoo-dev

2009-04-20 15:31:54 UTC

Stable for HPPA:
 =sys-kernel/gentoo-sources-2.6.28-r5
 =sys-kernel/vanilla-sources-2.6.28.9