| 1 |
Hello! |
| 2 |
|
| 3 |
I read the article http://neil.brown.name/blog/20120615073245 , which |
| 4 |
explains a nasty bug about raids, but i'm wondering if any of these code |
| 5 |
was backported to gentoo-sources or hardened-sources. |
| 6 |
|
| 7 |
From the article: |
| 8 |
|
| 9 |
"The bug was introduced by |
| 10 |
|
| 11 |
commit c744a65c1e2d59acc54333ce8 md: don't set md arrays to readonly on |
| 12 |
shutdown. |
| 13 |
|
| 14 |
and fixed by |
| 15 |
|
| 16 |
commit 30b8aa9172dfeaac6d77897c67ee9f9fc574cdbb md: fix possible |
| 17 |
corruption of array metadata on shutdown. |
| 18 |
|
| 19 |
These entered the upstream kernel for v3.4-rc1 and v3.4-rc5 |
| 20 |
respectively, so no main-line released kernel is vulnerable. |
| 21 |
|
| 22 |
However the first patch was tagged "Cc: stable@×××××××××××.org" as it |
| 23 |
fixed a bug, and so it was added to some stable releases. |
| 24 |
|
| 25 |
For v3.3.y the bug was introduced by commit ed1b69c5592d1 in v3.3.1 and |
| 26 |
fixed by commit ff459d1ea87ea7 in v3.3.4, so v3.3.1, v3.3,2, and v3.3.3 |
| 27 |
are vulnerable. |
| 28 |
|
| 29 |
For v3.2.y the bug was introduced by commit 6bd620a44f7fd in v3.2.14 and |
| 30 |
fixed by commit 31097a1c490c in v3.2.17 so v3.2.14, v3.2.15. v3.2.16 are |
| 31 |
all vulnerable. |
| 32 |
|
| 33 |
The bug was not backported to any other kernel.org kernels. so only |
| 34 |
those 6 are vulnerable. Some distributors may have picked up the patch |
| 35 |
applied it to their own kernel so it is possible that other kernels are |
| 36 |
vulnerable too." |
Archives