Alan Cox reported two kernel-bugs in < 2.6.9 (reported as CAN-2004-0814, but that isn't public yet). It can be used to crash the system as a local user and can cause a lock through ppp.
Moving to newly-created kernel-specific category
Ok, all patched. The following are externally maintained, so I'm CCing the relevant maintainers. Patches are at http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security... grsec-sources -- Adding solar. hardened-dev-sources -- Adding Gentoo/Hardened team. hardened-sources -- Adding scox. hppa(-dev)-sources -- Adding GMSoft. mips-sources -- Adding `Kumba. openmosix-sources -- Adding cluster herd. rsbac(-dev)-sources -- Adding kang. selinux-sources -- Adding pebenito. sparc-sources -- Adding Joker.
I get patch failures with these and the places where it fails I'm not sure I'm the best man for editing and ensureing that said code will function correctly. When it comes time for a GLSA. I guess you can mask grsec-sources or something cuz I'm going to wait for 2.4.28 and let this bug resolve itself... Oh hurry up 2.4.28 tree I'm sick of patching 2.4.27...
openmosix-sources patched.
Fixed in sparc-sources-2.4.27-r2
selinux-sources p.mask'ed as it will be removed soon
grsec kernel patched as sys-kernel/grsec-sources-2.4.27.2.0.1-r3 Sent the patch to the mirrors as 22860b67a043f4f2d601eab21fb3cfaf /usr/portage/distfiles/grsec-sources-2.4.27-CAN-2004-0814.patch.bz2 scox: the above patch should work for hardened-sources as well.
mips-sources updated.
plasmaroo, your linux-2.6.7-CAN-2004-0814.patch is missing this: --- linux-2.6.7-1140_CAN-2004-0814/drivers/char/tty_ioctl.c 2004-11-23 13:23:23.000000000 -0800 +++ linux-2.6.7-1140_CAN-2004-0814.fixed/drivers/char/tty_ioctl.c 2004-11-23 13:24:43.123269616 -0800 @@ -293,6 +293,7 @@ int retval; struct sgttyb tmp; struct termios termios; + unsigned long flags; retval = tty_check_change(tty); if (retval)
Created attachment 44603 [details, diff] 1140_CAN-2004-0814.patch-r1 - 2.6.7 patch with added hunk This applies cleanly against vanilla 2.6.7 and was updated from the patch in genpatches-2.6-7.47
Kumba, you will need to add the updated 2.6.7 patch (on this bug or on my devspace) to the 2.6.7 mips-sources. Thanks for the update, Jeremy.
hppa-(dev-)sources done.
Kumba please see comment #11
Created attachment 44858 [details, diff] ditto for the 2.6.8 patch I was just messing around with g-d-s-2.6.8, and I noticed the same thing with your 2.6.8.1 patch...
hardened-sources-2.4.28 ~arch in tree
rsba-sources bumped to 2.4.28 (~x86)
mips-sources fixed.
GMSoft: 2.6.8.1 needs an updated patch, please see attachment #44858 [details, diff] on this bug. Hardened herd: Only hardened-dev-sources is left for this bug. Some swift action would be appreciated since this is blocking the GLSA. We may need to mask if this issue is not dealt with quickly. Thanks!
Fixed in stable hardened-dev-sources-r16
Patch updated for hppa-dev-sources.
Kang: rsbac-dev-sources still needs fixing on this one...
rsbac-dev-sources was fixed too
All kernels fixed, closing bug; notifications are being migrated away from GLSAs for kernels, more news coming soon so stay tuned :-]
