Description: Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users and by malicious people to cause a DoS (Denial of Service). 1) An error within the "wait_task_stopped()" function can be exploited to cause a DoS by manipulating the state of a child process while the parent is waiting for the state to change (e.g. the parent is inside "wait()" or "waitpid()"). 2) An NULL-pointer dereference error exists within the "tcp_sacktag_write_queue()" function when processing ACK packets. This can be exploited to crash an affected system via specially crafted ACK packets. The vulnerabilities are reported in versions prior to 2.6.23.8. Solution: Update to version 2.6.23.8. Provided and/or discovered by: 1) Roland McGrath 2) Ilpo Järvinen Original Advisory: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.8 Reproducible: Always
Any update on this ?
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a3474224e6a01924be40a8255636ea5522c1023a
(In reply to comment #1) > Any update on this ? > Can someone confirm if the vulnerabilities are affecting the hardenend kernel please.
The 2.6.23.18 patch was folded in to genpatches-2.6.23-3. Thus, hardened-sources-2.6.23-r2 was fixed as this was based upon that version of genpatches. Last time I checked, there are only 4 kernel ebuilds which are still based upon vulnerable versions of genpatches actually in portage: gentoo-sources-2.6.23 [genpatches-2.6.23-1] gentoo-sources-2.6.23-r1 [genpatches-2.6.23-2] tuxonice-sources-2.6.23 [genpatches-2.6.23-1] tuxonice-sources-2.6.23-r1 [genpatches-2.6.23-2] These versions have since been superceded by newer revisions (which are not subject to this vulnerability) so this bug is effectively resolved and I am marking it as such. Also removing hardened from the CC list as it is not a hardened issue.
Actually, closing it is a little premature as there are still older kernel versions that are potentially affected. I'll add another post later, clarifying which ebuilds are affected.
latest update from 2008 please close