From $URL : Description: An unprivileged user can send a netlink message resulting in an out-of-bounds access of the sock_diag_handlers[] array which, in turn, allows userland to take over control while in kernel mode. References: http://seclists.org/oss-sec/2013/q1/420 http://thread.gmane.org/gmane.linux.network/260061 Upstream fix: http://thread.gmane.org/gmane.linux.network/260061
hardened-sources-3.7.5-r1 has this patch and will be rapid stabilize to replace 3.7.5
gregkh has tagged kernels 3.4.34, 3.7.10 and 3.8.1. Each one has the patch. 3.3.y, 3.5.7 and 3.6.7 appear to be end-of-life and have not had the patch backported. We probably should remove affected ebuilds from the tree.
Tagged kernels have been introduced and fast track stabilized such that stable users get a proper upgrade (thank you ago and jer), affected versions have been removed (thank you ago) now that most of the fast track stabilization has finished.
There are no longer any 2.x or <3.8.1 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.