139668 – Bump req: vanilla-sources to 2.6.17.4

Bug 139668 - Bump req: vanilla-sources to 2.6.17.4

Summary: Bump req: vanilla-sources to 2.6.17.4

Status:	RESOLVED DUPLICATE of bug 139475

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Linux bug wranglers

URL:	http://www.kernel.org
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-07-08 07:41 UTC by Kelly Price
Modified:	2006-07-08 07:52 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kelly Price 2006-07-08 07:41:05 UTC

Bump request -- 2.6.17.4 fixes a bug in core dumping that could give a local user a privlage escalation.

From the changelogs:

commit 4f9619cdd90ac846fa0ca6e9e8a9d87a0d6b4f57
Author: Greg Kroah-Hartman <gregkh@suse.de>
Date:   Thu Jul 6 13:02:28 2006 -0700

    Linux 2.6.17.4

commit 0af184bb9f80edfbb94de46cb52e9592e5a547b0
Author: Greg Kroah-Hartman <gregkh@suse.de>
Date:   Thu Jul 6 13:02:05 2006 -0700

    fix prctl privilege escalation and suid_dumpable (CVE-2006-2451)
    
    Based on a patch from Ernie Petrides
    
    During security research, Red Hat discovered a behavioral flaw in core
    dump handling. A local user could create a program that would cause a
    core file to be dumped into a directory they would not normally have
    permissions to write to. This could lead to a denial of service (disk
    consumption), or allow the local user to gain root privileges.
    
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Comment 1 Jakub Moc (RETIRED) gentoo-dev

2006-07-08 07:52:15 UTC


*** This bug has been marked as a duplicate of 139475 ***