Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: "Francisco Blas Izquierdo Riera (klondike)" <klondike@g.o>
To: Miroslav Rovis <miro.rovis@××××××××××××××.hr>
Cc: hardened@g.o, gentoo-hardened@l.g.o
Subject: [gentoo-hardened] Re: hardened-sources-4.4.8-r1 mad COW patched?
Date: Tue, 25 Oct 2016 14:10:22
Message-Id: 580F67BD.6020306@gentoo.org
1 El 25/10/16 a las 12:56, Miroslav Rovis escribió:
2 > Hi!
3 Hi Miroslav!
4 > Due to this bug:
5 > https://bugs.gentoo.org/show_bug.cgi?id=597554
6 >
7 > I can't use the patched 4.7.9 of hardened sources.
8 >
9 > hardened-sources-4.4.8-r1 do not appear to me to be mad COW patched.
10 I guess you are talking about CVE-2016–5195 here. Please correct me if
11 mistaken.
12 > I looked up the sources, but am not able to see for sure how to patch
13 > 4.4.8-r1 myself.
14 >
15 > I have just rsynced my system and nothing new seems to have happened
16 > with 4.4.8-r1 yet.
17 If 4.4.8 gets patched you will find a new revision (i.e. 4.4.8-r2). This
18 is quite standard Gentoo policy, if a package is modifed after
19 publication (for example by backporting patches) the revision of the
20 packet has to be increased so that users will be able to use these when
21 updating. The only exceptions I know of are the -9999 packages for
22 bleeding edge trunks and some very minor changes (think for example of a
23 fix in the build system or a minor documentation fix) which a fix for
24 CVE-2016–5195 clearly wouldn't be.
25
26 You can read more on the Gentoo project revision policy for ebuilds at
27 https://devmanual.gentoo.org/general-concepts/ebuild-revisions/
28 > Is thare patching needed for those stable hardened sources and will
29 > there be a patch soon?
30 According to
31 https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
32 CVE-2016-5195 has been around since 2.6.22 so 4.4.8-r1 is not patched
33 and is needed to protect against this issue, as for whether there will
34 or not be a backported patch you should ask blueness but my guess is
35 that there won't be one unless somebody provides such backported patch
36 to blueness.
37
38 I'm CCing the Gentoo Hardened user list as other users may be able to
39 provide more and better input on this.
40
41 Sincerely,
42 Francisco Blas Izquierdo Riera (klondike)

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
[gentoo-hardened] Re: hardened-sources-4.4.8-r1 mad COW patched? "Anthony G. Basile" <blueness@g.o>
[gentoo-hardened] Re: hardened-sources-4.4.8-r1 mad COW patched? Miroslav Rovis <miro.rovis@××××××××××××××.hr>
Report Message
Find on MARC Find on Google Groups