Summary: | Kernel: Linux RDS Protocol Local Privilege Escalation (CVE-2010-3904) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Kernel | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | hardened-kernel+disabled, kernel, kfm |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=799c10559d60f159ab2232203f222f18fa3c4a5f | ||
Whiteboard: | [linux < 2.6.36] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2010-10-19 19:49:27 UTC
Just FYI, courtesy of Michael Pagano <mpagano@gentoo.org>. <-- snip --> This is an automated email announcing the release of genpatches-2.6.35-12 CHANGES SINCE 2.6.35-11 ----------------------- Revision 1809: Patch for CVE-2010-3904 Priviledge escalation (mpagano) Added: 1500_CVE-2010-3904-RDS-Priv-Escal-fix.patch Revision 1810: 2.6.35-12 release (mpagano) PATCHES ------- When the website updates, the complete patch list and split-out patches will be available here: http://dev.gentoo.org/~mpagano/genpatches/patches-2.6.35-12.htm http://dev.gentoo.org/~mpagano/genpatches/tarballs/genpatches-2.6.35-12.base.tar.bz2 http://dev.gentoo.org/~mpagano/genpatches/tarballs/genpatches-2.6.35-12.extras.tar.bz2 ABOUT GENPATCHES ---------------- genpatches is the patchset applied to some kernels available in Portage. For more information, see the genpatches homepage: http://dev.gentoo.org/~mpagano/genpatches For a simple example of how to use genpatches in your kernel ebuild, look at a recent gentoo-sources-2.6.* ebuild. This fix is now released in the following genpatches: genpatches-2.6.35-12 genpatches-2.6.34-14 genpatches-2.6.32-25 The following newly released gentoo-sources kernels contain the patch: gentoo-sources-2.6.35-r11 gentoo-sources-2.6.34-r12 gentoo-sources-2.6.32-r20 The following stable request bugs have been filed for these kernels: bug #341833 for gentoo-sources-2.6.32-r20 bug #341831 for gentoo-sources-2.6.34-r12 No stable request filed for 2.6.35-r11, as we wait for the prerequisite 30 days for the new baselayout to be requested to be stabled before we can do so. I added the archs to the wrong bug. My bad. The fix is in the following hardened sources patchsets: hardened-patches-2.6.32-25 hardened-patches-2.6.35-5 for the following ebuilds: hardened-sources-2.6.32-r22 hardened-sources-2.6.35-r4 Note that the fix is included the grsecurity patches: 4420_grsecurity-2.2.0-2.6.32.24-201010191911.patch 4420_grsecurity-2.2.0-2.6.35.7-201010191911.patch and so the hardened sources patchsets do not include 1500_CVE-2010-3904-RDS-Priv-Escal-fix.patch from genpatches (to avoid patch collision on the same issue). Fast track stabilization request for hardened-sources-2.6.32-r22 submitted in bug #341915. We're waiting on hardened-sources-2.6.35-r4 for the same reason as in Comment #2 --- we need baselayout 2 stabilization. |