Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Tobias Weisserth <tobias@...>
Subject: new kernel vulnerability in 2.2, 2.4 and 2.6 series
Date: Mon, 05 Jan 2004 18:09:10 +0100
Hello everybody,

there is a new kernel vulnerability in the mremap system call. This
affects all kernels of the 2.2, 2,4 and 2.6 series with the exception of
2.4.24. There is some information on this at
http://isec.pl/vulnerabilities/isec-0013-mremap.txt.

Will there be a patch available in Portage? The 2.4.24 Vanilla sources
are already clean and available at kernel.org but Portage is lacking
them.

Together with that do_brk() bug this is already the second major
exploitable bug in the gentoo-sources. Will there be a gentoo-sources
ebuild in Portage with the Gentoo tweaks for the 2.4.24 kernel or is it
better to migrate to 2.6 immediately?

At the moment I am a bit at a loss on how to tell whether a kernel from
Portage, especially the gentoo-sources are patched against these kind of
bugs. What's the best way to enjoy a high performance yet secure Gentoo
Kernel, preferably a 2.4 series kernel? At the moment I am using the
gento-sources from Portage:

[ebuild   R   ] sys-kernel/gentoo-sources-2.4.22

regards,
Tobias


--
gentoo-security@g.o mailing list

Replies:
Re: new kernel vulnerability in 2.2, 2.4 and 2.6 series
-- pb
Re: new kernel vulnerability in 2.2, 2.4 and 2.6 series
-- Mike Frysinger
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Changes to traceroute in newest release
Next by thread:
Re: new kernel vulnerability in 2.2, 2.4 and 2.6 series
Previous by date:
Re: Changes to traceroute in newest release
Next by date:
Re: new kernel vulnerability in 2.2, 2.4 and 2.6 series


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.