Summary: | Kernel: perf_swevent_enabled array out-of-bound access (CVE-2013-2094) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tom Wijsman (TomWij) (RETIRED) <tomwij> |
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alexander, blueness, hardened, kernel, kfm, randy |
Priority: | Normal | Flags: | nattka:
sanity-check-
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f | ||
See Also: | https://bugzilla.redhat.com/show_bug.cgi?id=962792 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 469956, 522930 | ||
Bug Blocks: |
Description
Tom Wijsman (TomWij) (RETIRED)
2013-05-14 16:28:55 UTC
Fix is present in the following kernels: # git tag --contains 8176cced706b5e5d15887584150764894e94e02f v3.9 v3.9-rc8 v3.9.1 v3.9.2 # git tag --contains ff91fd5bc105f29a34755a6dd6d547c877b7d027 v3.8.10 v3.8.11 v3.8.12 v3.8.13 v3.8.9 # git tag --contains da307d100cd4979e353e8265d0691263aa2a0086 v3.4.42 v3.4.43 v3.4.44 v3.4.45 # git tag --contains 3fc8fc1cc2d585c1f695f7de914063258aafe50e v3.2.45 # git tag --contains 456edf57d7a6fe1b238ec708b19063d78cf4b250 v3.0.75 v3.0.76 v3.0.77 v3.0.78 Immediate actions which I will take for sys-kernel/gentoo-sources within minutes: - Removal of affected v3.0.74, v3.2.41, v3.2.42, v3.2.43, v3.2.44, v3.4.34, v3.4.41, v3.6.11-r1, v3.6.11-r2. - Addition of v3.2.45. Delayed actions which will be taken for sys-kernel/gentoo-sources: - Removal of v3.7.10, v3.7.10-r1 once v3.8.13 has been stabilized. + 14 May 2013; Tom Wijsman <TomWij@gentoo.org> ChangeLog + -gentoo-sources-3.0.74.ebuild, -gentoo-sources-3.2.41.ebuild, + -gentoo-sources-3.2.42.ebuild, -gentoo-sources-3.2.43.ebuild, + -gentoo-sources-3.2.44.ebuild, +gentoo-sources-3.2.45.ebuild, + -gentoo-sources-3.4.34.ebuild, -gentoo-sources-3.4.41.ebuild, + -gentoo-sources-3.6.11-r1.ebuild, -gentoo-sources-3.6.11-r2.ebuild, Metadata + Linux patch 3.2.45. Removal of affected versions 3.0.74, 3.2.41, 3.2.42, + 3.2.43, 3.2.44, 3.4.34, 3.4.41, 3.6.11-r1, 3.6.11-r2; see bug #469854. + 22 Jun 2013; Tom Wijsman <TomWij@gentoo.org> +gentoo-sources-3.7.10-r1.ebuild, + -gentoo-sources-3.7.10.ebuild, metadata.xml: + Revision bump. Applied security patch to 3.7.10 such that the root exploit is + no longer present on the remaining arches, which have not responded to + stabilization in a long time, directly to stable as the patches involved are + stable; as per the decision in bug #338739 comment 44. All upstream LTS kernels are including the patch; All sys-kernel/gentoo-sources ebuilds excluding sys-kernel/gentoo-sources-3.4.x have stable ebuilds containing the fix. sys-kernel/gentoo-sources-3.4.x is currently being stabilized in bug 522930. Unable to check for sanity:
> no match for package: =sys-kernel/gentoo-sources-3.4.113
THe 3.X is no longer in tree. Closing Bug. |