My Digital ContributionPosts RSS Comments RSS

gentoo-sources-2.6.30-r3 released, all 2.6.30-rX users should update

gentoo-sources-2.6.30-r3 contains a fix for a security flaw that also comes complete with some exploit code.

Apparently, it only affects 2.6.30 so if you gentoo-sources-2.6.30 please upgrade to r3.

I just committed it, so it should hit the mirrors soon after I post this.

Thanks to everyone who brought to my attention and thanks kerframil for the links below that provide additional information.

http://isc.sans.org/diary.html?storyid=6820
http://lists.immunitysec.com/pipermail/dailydave/2009-July/005810.html
http://www.youtube.com/watch?v=UdkpJ13e6Z0

4 responses so far

4 Responses to “gentoo-sources-2.6.30-r3 released, all 2.6.30-rX users should update”

  1. Trizton Jul 19th 2009 at 3:52 am

    I have compiled the new 30-r3 kernel a couple of times now, using the same config as I used in 30-r1, but no the kernel don’t execute, sure you didn’t add something that shouldn’t be in the kernel with your fix?

  2. Jorge Moraison Jul 21st 2009 at 11:56 pm

    From
    http://lwn.net/Articles/342268/
    it seems that users of the vanilla sources are getting this error.

    So you could try vanilla-sources-2.6.30.2 and try to reproduce your bug.

    And in any case you should probably open a bug on Gentoo’s bugzilla.

  3. kerframilon Jul 23rd 2009 at 5:05 pm

    Trizt, please file a bug if you’re having problems running a newer instance of gentoo-sources. Between -r1 and -r3, the most significant change is that the upstream 2.9.30.1 stable patch was added:

    http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.1

    It’s very uncommon for a 2.6.X.Y stable patch to introduce a regression but not impossible. In any case, bugs.gentoo.org is the place for this.

  4. kerframilon Jul 23rd 2009 at 5:06 pm

    Oops, typo – I meant to say “upstream 2.6.30.1 stable patch” in the previous post.

Leave a Reply