1 |
Hello! |
2 |
|
3 |
I read the article http://neil.brown.name/blog/20120615073245 , which |
4 |
explains a nasty bug about raids, but i'm wondering if any of these code |
5 |
was backported to gentoo-sources or hardened-sources. |
6 |
|
7 |
From the article: |
8 |
|
9 |
"The bug was introduced by |
10 |
|
11 |
commit c744a65c1e2d59acc54333ce8 md: don't set md arrays to readonly on |
12 |
shutdown. |
13 |
|
14 |
and fixed by |
15 |
|
16 |
commit 30b8aa9172dfeaac6d77897c67ee9f9fc574cdbb md: fix possible |
17 |
corruption of array metadata on shutdown. |
18 |
|
19 |
These entered the upstream kernel for v3.4-rc1 and v3.4-rc5 |
20 |
respectively, so no main-line released kernel is vulnerable. |
21 |
|
22 |
However the first patch was tagged "Cc: stable@×××××××××××.org" as it |
23 |
fixed a bug, and so it was added to some stable releases. |
24 |
|
25 |
For v3.3.y the bug was introduced by commit ed1b69c5592d1 in v3.3.1 and |
26 |
fixed by commit ff459d1ea87ea7 in v3.3.4, so v3.3.1, v3.3,2, and v3.3.3 |
27 |
are vulnerable. |
28 |
|
29 |
For v3.2.y the bug was introduced by commit 6bd620a44f7fd in v3.2.14 and |
30 |
fixed by commit 31097a1c490c in v3.2.17 so v3.2.14, v3.2.15. v3.2.16 are |
31 |
all vulnerable. |
32 |
|
33 |
The bug was not backported to any other kernel.org kernels. so only |
34 |
those 6 are vulnerable. Some distributors may have picked up the patch |
35 |
applied it to their own kernel so it is possible that other kernels are |
36 |
vulnerable too." |