The Gentoo Kernel Team (thanks, asn!) have released 3 patched kernels that cover the Econet root exploit described at: http://lwn.net/Articles/419141/ This covers (CVE-2010-3850), (CVE-2010-3849) and (CVE-2010-4258). The following gentoo-sources contain the fixes: gentoo-sources-2.6.36-r4, gentoo-sources-2.6.35-r14 and gentoo-sources-2.6.32-r23. Edit: 2.6.36-r4, not r6,…
Read more
If you haven’t heard about the new ~200 line patch which, for some users, has improved interactivity on the desktop, you can read about it here. I have released a masked version of gentoo-sources (gentoo-sources-2.6.36-r2) which contains the backport to…
Read more
Attention all Media, Gentoo users and my fellow Gentoo devs: A new kernel vulnerability has been reported and the gentoo bug has been filed. Within 4 hours of this filing, the kernel team has released the following: The fix for…
Read more
In light of the recent kernel vulnerabilities, issues with our kernel stabilization policy have been brought to light. The discussion and potential solution was initiated by Kerin Millar, one of our more technical users (who I would like to see…
Read more
Let’s talk about kernel releases, the latest two kernel vulnerabilities, and what vanilla or gentoo-sources you should be running. The two vulnerabilities I’m talking about are: CVE-2010-3301 (http://bugs.gentoo.org/show_bug.cgi?id=337645) CVE-2010-3081 (http://bugs.gentoo.org/show_bug.cgi?id=337659) Kernel Versions 2.6.32 >=gentoo-sources-2.6.32-r18 and vanilla-sources-2.6.32.23 contain the fixes for…
Read more
Why isn’t any version of gentoo-sources 2.6.35 stable? There exists a bug that appears with the combination of the dhcpcd module from baselayout-1 and kernel versions >= 2.6.35. Since we could not use a stable kernel with a stable baselayout,…
Read more
Does anyone have an suggestions for a good sized (60+ inch ) desk that can handle multiple computer systems? It would be great to have trays to hide wires and be one level to handle 3 or more computers with…
Read more
The kernel vulnerability detailed at the register has been fixed in the follow gentoo-source versions: 2.6.32-r17 2.6.34-r10 2.6.35-r7 This vulnerability allows root access escalation on 64 bit installations. Hardened users can read blueness’ post to the mailing list. Details on what patches are contained…
Read more
I just released gentoo-sources 2.6.32-r14, 2.6.34-r6 and 2.6.35-r2. These all include the patch for the local privilege escalation flaw bug that was recently announced. So, I do recommended all gentoo-sources users upgrade to these latest versions. There is also a…
Read more