| Summary: | stabilize sys-kernel/gentoo-sources-2.6.30-r5 | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Huemi <gentoobugs> |
| Component: | Kernel | Assignee: | Gentoo Kernel Bug Wranglers and Kernel Maintainers <kernel> |
| Status: | RESOLVED FIXED | ||
| Severity: | critical | CC: | axiator, brayan, bugzilla, security |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | AMD64 | ||
| OS: | Linux | ||
| URL: | http://www.h-online.com/security/Critical-vulnerability-in-the-Linux-kernel-affects-all-versions-since-2001--/news/114004 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Huemi
2009-09-07 06:13:22 UTC
Keywords: gentoo-sources-2.6.30-r4: amd64 hppa ppc ppc64 Keywords: gentoo-sources-2.6.30-r5: Keywords: gentoo-sources-2.6.30-r6: alpha arm ia64 sh sparc x86 ~amd64 ~hppa ~ppc ~ppc64 (In reply to comment #1) Glad someone pointed out the same problem exists on ppc. Given the seriousness of this bug, newer unstable kernels have to be used immediately, but it would be nice if they became stable soon. :-) This is a serious security issue, especially for anyone running a multi-user system because there is a known method for privilege escalation *in the wild*. Please stabilize this. Read the last paragraph on mitigation: http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html And now stop the hysteria. Thanks. The security "hysteria" aside, this patch closes the hole, it's stable in x86 and even more exotic distros (but not ppc or amd64), and it's already been released to every other major distribution as a stable update. Why NOT stabilize it? And back to the "hysteria," why NOT stabilize it? Tell us three times how serious it is won't make it happen faster.. anyway, amd64 done ppc stable pressed a wrong button, sorry ppc64 done Thanks, arch teams. |
