Summary: | kernel: use after free in DCCP protocol (CVE-2017-6074) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | hendrik, herrtimson, hydrapolic, kernel, kuzetsa |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2017/02/22/3 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 611824 | ||
Bug Blocks: |
Description
Thomas Deutschmann (RETIRED)
2017-02-22 20:08:43 UTC
There's no upstream release containing the fix yet.
Fix present in
>=sys-kernel/gentoo-sources-4.9.12
>=sys-kernel/gentoo-sources-4.4.51
also in
>=sys-kernel/gentoo-sources-4.1.44
commit 84dd15749e0931a21fcced926b60f054a5ae155a Author: Justin Lecher <jlec@gentoo.org> Date: Sat Feb 25 10:45:17 2017 +0000 sys-kernel/aufs-sources: Bump to latest aufs, genpatches and linux release fixes CVE-2017-6074 drop old Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=610600 Package-Manager: Portage-2.3.3, Repoman-2.3.1 Signed-off-by: Justin Lecher <jlec@gentoo.org> https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84dd15749e0931a21fcced926b60f054a5ae155a Upstream fix in 4.9.13 http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.9.y&id=171d92a9d915d238e05285ca67faf30f554d7df7 Currently, only other upstream branch with a fix looks like 4.4.y $ git tag --contains a95df078e86624ee330e82aad34cfd3b5fcf21ce v4.4.52 Fix for other longterm branches (upstream) don't appear to be in-tree yet. Upstream 4.10.y branch (any/all post-RC versions) contains the original version which is backported by genpatches-4.9-14 $ git tag --contains 5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 v4.10 v4.10.1 sys-kernel/ck-sources: CVE-2017-6074 (fixed by genpatches 4.9-14 / linux 4.10) Fixed in 4.10, 4.9.13 |