1 |
On 10/25/16 10:10 AM, Francisco Blas Izquierdo Riera (klondike) wrote: |
2 |
> El 25/10/16 a las 12:56, Miroslav Rovis escribió: |
3 |
>> Hi! |
4 |
> Hi Miroslav! |
5 |
>> Due to this bug: |
6 |
>> https://bugs.gentoo.org/show_bug.cgi?id=597554 |
7 |
>> |
8 |
>> I can't use the patched 4.7.9 of hardened sources. |
9 |
>> |
10 |
>> hardened-sources-4.4.8-r1 do not appear to me to be mad COW patched. |
11 |
> I guess you are talking about CVE-2016–5195 here. Please correct me if |
12 |
> mistaken. |
13 |
>> I looked up the sources, but am not able to see for sure how to patch |
14 |
>> 4.4.8-r1 myself. |
15 |
>> |
16 |
>> I have just rsynced my system and nothing new seems to have happened |
17 |
>> with 4.4.8-r1 yet. |
18 |
> If 4.4.8 gets patched you will find a new revision (i.e. 4.4.8-r2). This |
19 |
> is quite standard Gentoo policy, if a package is modifed after |
20 |
> publication (for example by backporting patches) the revision of the |
21 |
> packet has to be increased so that users will be able to use these when |
22 |
> updating. The only exceptions I know of are the -9999 packages for |
23 |
> bleeding edge trunks and some very minor changes (think for example of a |
24 |
> fix in the build system or a minor documentation fix) which a fix for |
25 |
> CVE-2016–5195 clearly wouldn't be. |
26 |
> |
27 |
> You can read more on the Gentoo project revision policy for ebuilds at |
28 |
> https://devmanual.gentoo.org/general-concepts/ebuild-revisions/ |
29 |
>> Is thare patching needed for those stable hardened sources and will |
30 |
>> there be a patch soon? |
31 |
> According to |
32 |
> https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails |
33 |
> CVE-2016-5195 has been around since 2.6.22 so 4.4.8-r1 is not patched |
34 |
> and is needed to protect against this issue, as for whether there will |
35 |
> or not be a backported patch you should ask blueness but my guess is |
36 |
> that there won't be one unless somebody provides such backported patch |
37 |
> to blueness. |
38 |
> |
39 |
> I'm CCing the Gentoo Hardened user list as other users may be able to |
40 |
> provide more and better input on this. |
41 |
> |
42 |
> Sincerely, |
43 |
> Francisco Blas Izquierdo Riera (klondike) |
44 |
> |
45 |
|
46 |
I'm testing 4.7.10 and will have it stabilized soon. |
47 |
|
48 |
-- |
49 |
Anthony G. Basile, Ph.D. |
50 |
Gentoo Linux Developer [Hardened] |
51 |
E-Mail : blueness@g.o |
52 |
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA |
53 |
GnuPG ID : F52D4BBA |