Gentoo Archives: gentoo-server

From: Kerin Millar <kerframil@×××××.com>
To: gentoo-server@l.g.o
Subject: [gentoo-server] Root exploit in IA32 emulation subsystem
Date: Wed, 22 Sep 2010 05:07:46
Message-Id: AANLkTimnjUZAK5+YCcFaUFhm3TnA4qq56Rr-xXRPRk2V@mail.gmail.com
Hello,

Those using amd64 systems should be aware of the following bug:

http://bugs.gentoo.org/show_bug.cgi?id=337645

For a quick fix in production, please note that individual patches are
available here, numbered 1700 and 1705:

http://sources.gentoo.org/cgi-bin/viewvc.cgi/linux-patches/genpatches-2.6/tags/2.6.35-8/

These are intended to be applied to 2.6.35 but will very likely apply
to previous releases without issue. If in doubt, make use of the
--dry-run feature before actually applying any patches:

# cd /usr/src/linux
# patch -p1 --dry-run -s < ~/1700_retruncate-rax-after-ia32-syscall.patch
# patch -p1 -s < ~/1700_retruncate-rax-after-ia32-syscall.patch
# patch -p1 --dry-run -s < ~/1705_syscall-number-test-fix.patch
# patch -p1 -s < ~/1705_syscall-number-test-fix.patch
# make

Note also that the problem has been resolved in the upstream 2.6.35.5
and the 2.6.32.22 releases (2.6.32 is currently the long term stable
branch).

Cheers,

--Kerin