Gentoo Archives: gentoo-server

From: Kerin Millar <kerframil@×××××.com>
To: gentoo-server@l.g.o
Subject: [gentoo-server] Root exploit in IA32 emulation subsystem
Date: Wed, 22 Sep 2010 05:07:46

Those using amd64 systems should be aware of the following bug:

For a quick fix in production, please note that individual patches are
available here, numbered 1700 and 1705:

These are intended to be applied to 2.6.35 but will very likely apply
to previous releases without issue. If in doubt, make use of the
--dry-run feature before actually applying any patches:

# cd /usr/src/linux
# patch -p1 --dry-run -s < ~/1700_retruncate-rax-after-ia32-syscall.patch
# patch -p1 -s < ~/1700_retruncate-rax-after-ia32-syscall.patch
# patch -p1 --dry-run -s < ~/1705_syscall-number-test-fix.patch
# patch -p1 -s < ~/1705_syscall-number-test-fix.patch
# make

Note also that the problem has been resolved in the upstream
and the releases (2.6.32 is currently the long term stable