Is this kernel security issue handled by gentoo?

devsk

http://www.h-online.com/security/news/item/Hole-in-Linux-kernel-provides-root-rights-1081317.html

Normal users can get a root shell by using the exploit code, which is really scary.

I don't see the change being made available in vanilla 2.6.35.X. Is gentoo-sources including it?

PaulBredbury · Watchman Joined: 14 Jul 2005 Posts: 7310

You can take a look.

Yuu · Apprentice Joined: 23 Dec 2008 Posts: 223 Location: France

Thank you for the reply, I was worried too.

Maybe a little offtopic : how long did lastest hardened-sources (which include the CVE-2010-3301 fix) will stay on ~unstable, before it will go to +stable ?

Thank you :]
_________________
Main laptop : T8300 cpu | 200 GB hard drive | 2 GB of ram | 8600M GT | Gentoo x86_64
Server : Celeron 220 cpu | 250 GB hard drive | 2 GB of ram | SiS 662 VGA | Gentoo x86_64

Hu · Administrator Joined: 06 Mar 2007 Posts: 23333

It will show up in sys-kernel/vanilla-sources when someone, most likely Greg KH, releases a 2.6.x.y kernel that contains the fix.

See also x86_64 root sploit in Networking & Security.

The fix is relatively small, so concerned users could pull it into a custom kernel derived from their normal kernel sources if they have an urgent need for it before the corresponding maintainer can act. For example, if you cannot or will not upgrade an existing sys-kernel/hardened-sources to a version with the fix (due to concern about other changes made in the bump), the fix can be pulled into an existing version easily.

devsk · Posted: Sun Sep 19, 2010 4:40 pm Post subject:

I ended up pulling the fix manually into my /usr/src/linux-2.6.35.4.

I wish we could get rid of this 32-bit emulation business once and for all. But google went ahead and distribute their talk plugin binary in 32-bit. Interestingly, the plugin itself is 64-bit but the supporting binary /opt/google/talkplugin/GoogleTalkPlugin is 32-bit.