| Summary: | Kernel: <2.6.27.12 (CVE-2009-0029) Enable syscall wrappers for 64-bit | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
| Component: | Kernel | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | hardened-kernel+disabled, kernel |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=479969 | ||
| Whiteboard: | [linux <2.6.27.12] [linux >=2.6.28 <2.6.28.1] [gp <2.6.27-10] [gp >=2.6.28-1 <2.6.28-2] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Stefan Behte (RETIRED)
2009-01-19 23:45:47 UTC
Here's the upstream patch: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ee6a093222549ac0c72cfd296c69fa5e7d6daa34 I've corrected the Status Whiteboard. Anything using >=genpatches-2.6.27-10 is unaffected (with the sole exception of genpatches-2.6.28-1). Hmm, upon closer inspection of the official kernel.org ChangeLogs, the situation is more complex than it initially appeared. Whilst the first patch intended to address the vulnerability was added to 2.6.27.12 and 2.6.28.1, it only encompassed ppc. A similar patch for sparc was later added in 2.6.27.18 and 2.6.28.6. However, it wasn't until the release of 2.6.29 that a *slew* of further patches was added to apparently bring closure to the matter. So, realising my mistake, I'm amending the Status Whiteboard to <2.6.29 and shall re-visit the bug later in order to figure out exactly which patches distinguish the 2.6.29 release. The prior scope was incorrect anyway as it implied that >=2.6.28 was OK. OK, I've been over the whole patch series with a fine toothcomb and was pleased to find that it was definitely resolved as of 2.6.27.12, 2.6.28.1 and 2.6.29. Amending Status Whiteboard. |