Attention all Media, Gentoo users and my fellow Gentoo devs:
A new kernel vulnerability has been reported and the gentoo bug has been filed. Within 4 hours of this filing, the kernel team has released the following:
The fix for CVE-2010-3904 has been back ported to all gentoo-source versions that are currently supported. (2.6.32-rX, 2.6.34-rX and 2.6.35-rX)
This fix is now released in the following genpatches:
genpatches-2.6.35-12
genpatches-2.6.34-14
genpatches-2.6.32-25
The following newly released gentoo-sources kernels contain the patch:
gentoo-sources-2.6.35-r11
gentoo-sources-2.6.34-r12
gentoo-sources-2.6.32-r20
The following stable request bugs have been filed for these kernels:
bug #341833 for gentoo-sources-2.6.32-r20
bug #341831 for gentoo-sources-2.6.34-r12
Please note that no stable request has been filed for 2.6.35-r11, as we wait for the prerequisite 30 days for the new baselayout to be requested to be stabled before we can do so. If you are running a 2.6.35 gentoo-source kernel, please upgrade to the latest version. Note that as of this post, upstream has not released new vanilla kernel versions containing the fix.
Great work! Thanks!
Thanks, Bruno
Thanks for this post, the rapid response and for supporting previous (still relevant) instances of genpatches. The degree of maintainership demonstrated is second to none.
Great job – thanks!
Folks, if you don’t enable “RDS” in the kernel config (see networking -> networking options -> RDS protocol, CONFIG_RDS),
then it’s safe without this patch.
Thanks a lot, Mike Pagano.