| 1 |
Hello, |
| 2 |
|
| 3 |
a GLSA is in the works, but I decided that this ought to be posted in |
| 4 |
any case, for the benefit of the list :) |
| 5 |
|
| 6 |
Just about every set of 2.4 based kernel sources that was in Portage up |
| 7 |
until very recently was discovered to be vulnerable to a nasty root |
| 8 |
exploit described here: |
| 9 |
http://isec.pl/vulnerabilities/isec-0012-do_brk.txt |
| 10 |
|
| 11 |
Note that WOLK-4.10-pre7 is the only kernel that was not affected. If |
| 12 |
you have been using any other 2.4 kernel that it is strongly recommended |
| 13 |
that you emerge sync, then re-emerge the sources in question |
| 14 |
immediately. You do _not_ need to bump the version to be safe. If you |
| 15 |
are not using Portage to manage your sources then apply the following |
| 16 |
patch: |
| 17 |
|
| 18 |
--- a/mm/mmap.c Fri Sep 12 06:44:06 2003 |
| 19 |
+++ b/mm/mmap.c Thu Oct 2 01:18:19 2003 |
| 20 |
@@ -1041,6 +1041,9 @@ |
| 21 |
if (!len) |
| 22 |
return addr; |
| 23 |
|
| 24 |
+ if ((addr + len) > TASK_SIZE || (addr + len) < addr) |
| 25 |
+ return -EINVAL; |
| 26 |
+ |
| 27 |
/* |
| 28 |
* mlock MCL_FUTURE? |
| 29 |
*/ |
| 30 |
|
| 31 |
This patch is the one that has been applied to every single sources |
| 32 |
ebuild in Portage, aside from wolk-sources-4.10-pre7. In actual fact, |
| 33 |
Marc-Christian Peterson seems to have put in much saner checks in mmap.c |
| 34 |
from the wolk-sources (for some time now :-p), so I will probably come |
| 35 |
up with an alternate patch myself based on his mmap code, and post it |
| 36 |
here. |
| 37 |
|
| 38 |
Regards, |
| 39 |
|
| 40 |
--Kerin Francis Millar |
Archives