A Linux Kernel Exploit was posted to Full-Disclosure effecting the 2.6.x kernels. The attached code exploits a root race in /proc, The exploit has been acknowledged and a patch is now available. The exploit can be found: http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047913.html A patch for this exploit can be found here: http://lkml.org/lkml/diff/2006/7/14/306/1 (written by _array on #gentoo-hardened) Note: http://lkml.org/lkml/2006/7/15/5 says that <HAL-0.5.7 may have troubles latest gentoo stable is hal-0.5.5.1-r3 (all arches)
CVE from http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.5
Please do *not* use the 2.6.16.25 or 2.6.17.5 fix; I'm attaching a better one which shouldn't break HAL & etc...
Created attachment 91781 [details, diff] Patch
Maintainers please bump your genpatches (2.6.16-15 or 2.6.17-4) or use the attached patch (don't use 2.6.17.5): ck-sources: marineam hardened-sources-2.6: johnm, hardened hppa-sources: GMSoft mips-sources: `Kumba rsbac-sources: kang sh-sources: sh suspend2-sources: brix usermode-sources: dang xbox-sources: chrb xen-sources: chrb, agriffis
workaround for those waiting for a release is to mount proc with options nosuid as suggested by padde in #gentoo-bugs
gentoo-sources-2.6.16/2.6.17 -> done suspend2-sources-2.6.16/2.6.17 -> done
openvz-sources-026.015 (2.6.16) -> done
ck-sources-2.6.16/2.6.17 -> done
hardened-sources-2.6.16-r11 bumped with genpatches 14
usermode-sources bumped.
(In reply to comment #9) I ment 15
*** Bug 140581 has been marked as a duplicate of this bug. ***
*** Bug 140797 has been marked as a duplicate of this bug. ***
(In reply to comment #4) > Maintainers please bump your genpatches (2.6.16-15 or 2.6.17-4) or use the > attached patch (don't use 2.6.17.5): > > ck-sources: marineam > hardened-sources-2.6: johnm, hardened > hppa-sources: GMSoft > mips-sources: `Kumba > rsbac-sources: kang > sh-sources: sh > suspend2-sources: brix > usermode-sources: dang > xbox-sources: chrb > xen-sources: chrb, agriffis > 2.6.16.26 fix these issues right? If so I have copied xen-sources-2.6.16.18 to xen-sources-2.6.16.26 and and it WFM on my xen test box. HTH.
(In reply to comment #14) > 2.6.16.26 fix these issues right? If so I have copied xen-sources-2.6.16.18 to > xen-sources-2.6.16.26 and and it WFM on my xen test box. Yes, .26 fixes these issues correctly.
Fixed on hppa. First commit from my new place \o/
I've updated xen and xbox -sources to 2.6.16.26.
SH, RSBAC, this one too. Bump or patch.
rsbac-sources bumped to 2.6.18 in ~
As discussed in the past, SH no longer is kept track of by Gentoo Kernel Security. Closing bug.