| 1 |
On 10/25/16 10:10 AM, Francisco Blas Izquierdo Riera (klondike) wrote: |
| 2 |
> El 25/10/16 a las 12:56, Miroslav Rovis escribió: |
| 3 |
>> Hi! |
| 4 |
> Hi Miroslav! |
| 5 |
>> Due to this bug: |
| 6 |
>> https://bugs.gentoo.org/show_bug.cgi?id=597554 |
| 7 |
>> |
| 8 |
>> I can't use the patched 4.7.9 of hardened sources. |
| 9 |
>> |
| 10 |
>> hardened-sources-4.4.8-r1 do not appear to me to be mad COW patched. |
| 11 |
> I guess you are talking about CVE-2016–5195 here. Please correct me if |
| 12 |
> mistaken. |
| 13 |
>> I looked up the sources, but am not able to see for sure how to patch |
| 14 |
>> 4.4.8-r1 myself. |
| 15 |
>> |
| 16 |
>> I have just rsynced my system and nothing new seems to have happened |
| 17 |
>> with 4.4.8-r1 yet. |
| 18 |
> If 4.4.8 gets patched you will find a new revision (i.e. 4.4.8-r2). This |
| 19 |
> is quite standard Gentoo policy, if a package is modifed after |
| 20 |
> publication (for example by backporting patches) the revision of the |
| 21 |
> packet has to be increased so that users will be able to use these when |
| 22 |
> updating. The only exceptions I know of are the -9999 packages for |
| 23 |
> bleeding edge trunks and some very minor changes (think for example of a |
| 24 |
> fix in the build system or a minor documentation fix) which a fix for |
| 25 |
> CVE-2016–5195 clearly wouldn't be. |
| 26 |
> |
| 27 |
> You can read more on the Gentoo project revision policy for ebuilds at |
| 28 |
> https://devmanual.gentoo.org/general-concepts/ebuild-revisions/ |
| 29 |
>> Is thare patching needed for those stable hardened sources and will |
| 30 |
>> there be a patch soon? |
| 31 |
> According to |
| 32 |
> https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails |
| 33 |
> CVE-2016-5195 has been around since 2.6.22 so 4.4.8-r1 is not patched |
| 34 |
> and is needed to protect against this issue, as for whether there will |
| 35 |
> or not be a backported patch you should ask blueness but my guess is |
| 36 |
> that there won't be one unless somebody provides such backported patch |
| 37 |
> to blueness. |
| 38 |
> |
| 39 |
> I'm CCing the Gentoo Hardened user list as other users may be able to |
| 40 |
> provide more and better input on this. |
| 41 |
> |
| 42 |
> Sincerely, |
| 43 |
> Francisco Blas Izquierdo Riera (klondike) |
| 44 |
> |
| 45 |
|
| 46 |
I'm testing 4.7.10 and will have it stabilized soon. |
| 47 |
|
| 48 |
-- |
| 49 |
Anthony G. Basile, Ph.D. |
| 50 |
Gentoo Linux Developer [Hardened] |
| 51 |
E-Mail : blueness@g.o |
| 52 |
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA |
| 53 |
GnuPG ID : F52D4BBA |
Archives