622228 – (CVE-2017-1000377) sys-kernel/hardened-sources: default stack guard page is not sufficiently large enough (CVE-2017-1000377)

Bug 622228 (CVE-2017-1000377) - sys-kernel/hardened-sources: default stack guard page is not sufficiently large enough (CVE-2017-1000377)

Summary: sys-kernel/hardened-sources: default stack guard page is not sufficiently lar...

Status:	RESOLVED OBSOLETE

Alias:	CVE-2017-1000377

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Kernel Security

URL:
Whiteboard:	A2 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2017-06-19 15:26 UTC by GLSAMaker/CVETool Bot
Modified:	2018-10-28 16:40 UTC (History)
CC List:	6 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2017-06-19 15:26:19 UTC

CVE-2017-1000377 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000377):
  An issue was discovered in the size of the default stack guard page on
  GRSecurity/PAX Linux, specifically the default stack guard page is not
  sufficiently large and can be jmp’ed over, this affects GRSecurity/PAX Linux
  Kernel versions as of June 19, 2017 (specific version information is not
  available at this time).

Comment 1 PaX Team 2017-06-19 22:38:20 UTC

this is a wrongly issued CVE, we're working on rescinding it.

Comment 2 Magnus Granberg gentoo-dev

2017-09-06 23:40:09 UTC

Hardened-sources is masked in the tree.

Comment 3 Magnus Granberg gentoo-dev

2018-10-28 14:12:11 UTC

Can this one be resolved?