Summary: | Kernel : sock_diag: out-of-bounds access to sock_diag_handlers[] (CVE-2013-1763) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED OBSOLETE | ||
Severity: | normal | CC: | alexander, bugs, dan, josef64, kernel, xenith |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=915052 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 459810, 459812, 460126 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-02-25 09:54:25 UTC
hardened-sources-3.7.5-r1 has this patch and will be rapid stabilize to replace 3.7.5 gregkh has tagged kernels 3.4.34, 3.7.10 and 3.8.1. Each one has the patch. 3.3.y, 3.5.7 and 3.6.7 appear to be end-of-life and have not had the patch backported. We probably should remove affected ebuilds from the tree. Tagged kernels have been introduced and fast track stabilized such that stable users get a proper upgrade (thank you ago and jer), affected versions have been removed (thank you ago) now that most of the fast track stabilization has finished. There are no longer any 2.x or <3.8.1 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security. |