Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 37293

Summary: two security bugs in kernel (gentoo-sources affected)
Product: Gentoo Linux Reporter: Christian Gut <cycloon>
Component: [OLD] Core systemAssignee: x86-kernel (DEPRECATED) <x86-kernel>
Status: RESOLVED DUPLICATE    
Severity: critical CC: vorlon
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.24.log
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: Patch that fix the vulnerability

Description Christian Gut 2004-01-05 05:58:21 UTC 
more details: http://isec.pl/vulnerabilities/isec-0012-mremap.txt

seems to affect 2.2, 2.4, and 2.6 series

Reproducible: Always
Steps to Reproduce:
Comment 1 Christian Gut 2004-01-05 06:00:00 UTC 
forgot this in the details field:
http://kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.24.log
Comment 2 Christian Gut 2004-01-05 06:18:55 UTC 
- 2.4.24-rc1 was released as 2.4.24 with no changes.
http://marc.theaimsgroup.com/?l=linux-kernel&m=107331127632230&w=2

seems to be critical
Comment 3 Marc Bevand 2004-01-05 06:20:04 UTC 
Created attachment 23184 [details, diff]
Patch that fix the vulnerability

I have extracted this patch from the 2.4.23 -> 2.4.24-rc1 changes.

Marcelo Tosatti has released 2.4.24 because of this vulnerability.
So it may be a better idea to upgrade to 2.4.24 instead of backporting
the patch.
Comment 4 Boris 2004-01-05 06:45:50 UTC 
Here is the official diff from kernel.org
http://www.kernel.org/diff/diffview.cgi?file=%2Fpub%2Flinux%2Fkernel%2Fv2.4%2Fpatch-2.4.24.bz2;z=16
Matches your patch (did you take it from kernel.org?), so this link is just for completion.
Comment 5 SpanKY gentoo-dev 2004-01-05 10:04:18 UTC 

*** This bug has been marked as a duplicate of 37292 ***