| 1 |
How recently is "very recently"? |
| 2 |
|
| 3 |
On Thu, 2003-12-04 at 13:44, Kerin Millar wrote: |
| 4 |
> Hello, |
| 5 |
> |
| 6 |
> a GLSA is in the works, but I decided that this ought to be posted in |
| 7 |
> any case, for the benefit of the list :) |
| 8 |
> |
| 9 |
> Just about every set of 2.4 based kernel sources that was in Portage up |
| 10 |
> until very recently was discovered to be vulnerable to a nasty root |
| 11 |
> exploit described here: |
| 12 |
> http://isec.pl/vulnerabilities/isec-0012-do_brk.txt |
| 13 |
> |
| 14 |
> Note that WOLK-4.10-pre7 is the only kernel that was not affected. If |
| 15 |
> you have been using any other 2.4 kernel that it is strongly recommended |
| 16 |
> that you emerge sync, then re-emerge the sources in question |
| 17 |
> immediately. You do _not_ need to bump the version to be safe. If you |
| 18 |
> are not using Portage to manage your sources then apply the following |
| 19 |
> patch: |
| 20 |
> |
| 21 |
> --- a/mm/mmap.c Fri Sep 12 06:44:06 2003 |
| 22 |
> +++ b/mm/mmap.c Thu Oct 2 01:18:19 2003 |
| 23 |
> @@ -1041,6 +1041,9 @@ |
| 24 |
> if (!len) |
| 25 |
> return addr; |
| 26 |
> |
| 27 |
> + if ((addr + len) > TASK_SIZE || (addr + len) < addr) |
| 28 |
> + return -EINVAL; |
| 29 |
> + |
| 30 |
> /* |
| 31 |
> * mlock MCL_FUTURE? |
| 32 |
> */ |
| 33 |
> |
| 34 |
> This patch is the one that has been applied to every single sources |
| 35 |
> ebuild in Portage, aside from wolk-sources-4.10-pre7. In actual fact, |
| 36 |
> Marc-Christian Peterson seems to have put in much saner checks in mmap.c |
| 37 |
> from the wolk-sources (for some time now :-p), so I will probably come |
| 38 |
> up with an alternate patch myself based on his mmap code, and post it |
| 39 |
> here. |
| 40 |
> |
| 41 |
> Regards, |
| 42 |
> |
| 43 |
> --Kerin Francis Millar |
| 44 |
-- |
| 45 |
Matthew Baxa <mbaxa@×××××××.edu> |
| 46 |
Applications Services Assistant |
| 47 |
K-State University Office of Mediated Education |
| 48 |
http://www.dce.ksu.edu |
Archives