1 |
El 25/10/16 a las 12:56, Miroslav Rovis escribió: |
2 |
> Hi! |
3 |
Hi Miroslav! |
4 |
> Due to this bug: |
5 |
> https://bugs.gentoo.org/show_bug.cgi?id=597554 |
6 |
> |
7 |
> I can't use the patched 4.7.9 of hardened sources. |
8 |
> |
9 |
> hardened-sources-4.4.8-r1 do not appear to me to be mad COW patched. |
10 |
I guess you are talking about CVE-2016–5195 here. Please correct me if |
11 |
mistaken. |
12 |
> I looked up the sources, but am not able to see for sure how to patch |
13 |
> 4.4.8-r1 myself. |
14 |
> |
15 |
> I have just rsynced my system and nothing new seems to have happened |
16 |
> with 4.4.8-r1 yet. |
17 |
If 4.4.8 gets patched you will find a new revision (i.e. 4.4.8-r2). This |
18 |
is quite standard Gentoo policy, if a package is modifed after |
19 |
publication (for example by backporting patches) the revision of the |
20 |
packet has to be increased so that users will be able to use these when |
21 |
updating. The only exceptions I know of are the -9999 packages for |
22 |
bleeding edge trunks and some very minor changes (think for example of a |
23 |
fix in the build system or a minor documentation fix) which a fix for |
24 |
CVE-2016–5195 clearly wouldn't be. |
25 |
|
26 |
You can read more on the Gentoo project revision policy for ebuilds at |
27 |
https://devmanual.gentoo.org/general-concepts/ebuild-revisions/ |
28 |
> Is thare patching needed for those stable hardened sources and will |
29 |
> there be a patch soon? |
30 |
According to |
31 |
https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails |
32 |
CVE-2016-5195 has been around since 2.6.22 so 4.4.8-r1 is not patched |
33 |
and is needed to protect against this issue, as for whether there will |
34 |
or not be a backported patch you should ask blueness but my guess is |
35 |
that there won't be one unless somebody provides such backported patch |
36 |
to blueness. |
37 |
|
38 |
I'm CCing the Gentoo Hardened user list as other users may be able to |
39 |
provide more and better input on this. |
40 |
|
41 |
Sincerely, |
42 |
Francisco Blas Izquierdo Riera (klondike) |