Attention all Media, Gentoo users and my fellow Gentoo devs:
A new kernel vulnerability has been reported and the gentoo bug has been filed. Within 4 hours of this filing, the kernel team has released the following:
The fix for CVE-2010-3904 has been back ported to all gentoo-source versions that are currently supported. (2.6.32-rX, 2.6.34-rX and 2.6.35-rX)
This fix is now released in the following genpatches:
The following newly released gentoo-sources kernels contain the patch:
The following stable request bugs have been filed for these kernels:
Please note that no stable request has been filed for 2.6.35-r11, as we wait for the prerequisite 30 days for the new baselayout to be requested to be stabled before we can do so. If you are running a 2.6.35 gentoo-source kernel, please upgrade to the latest version. Note that as of this post, upstream has not released new vanilla kernel versions containing the fix.