Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 622228 (CVE-2017-1000377)

Summary: sys-kernel/hardened-sources: default stack guard page is not sufficiently large enough (CVE-2017-1000377)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED OBSOLETE    
Severity: major CC: blueness, bug, hardened, kernel, pageexec, sandino
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [ebuild]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2017-06-19 15:26:19 UTC
CVE-2017-1000377 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000377):
  An issue was discovered in the size of the default stack guard page on
  GRSecurity/PAX Linux, specifically the default stack guard page is not
  sufficiently large and can be jmp’ed over, this affects GRSecurity/PAX Linux
  Kernel versions as of June 19, 2017 (specific version information is not
  available at this time).
Comment 1 PaX Team 2017-06-19 22:38:20 UTC
this is a wrongly issued CVE, we're working on rescinding it.
Comment 2 Magnus Granberg gentoo-dev 2017-09-06 23:40:09 UTC
Hardened-sources is masked in the tree.
Comment 3 Magnus Granberg gentoo-dev 2018-10-28 14:12:11 UTC
Can this one be resolved?