[gentoo-hardened] AMD64: use security releases hardened-sources 2.6.32-r18 or 2.6.34-r6

[gentoo-hardened] AMD64: use security releases hardened-sources 2.6.32-r18 or 2.6.34-r6

[Anthony G. Basile]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi guys,

This is a follow up on the "IA32 Syscall Entry Point Privilege
Escalation"  and "IA32 Emulation Stack Underflow".

hardened-sources 2.6.32-r18 or 2.6.34-r6 have now been fast-track
stabilized on amd64 arch only.  Users of amd64 are encouraged to switch
as soon as possible.

Since the exploit affects only amd64, there was no need to stabilize
x86, ppc or ppc64 early.  These will be stabilized via the usual
mechanism of waiting 30 days.

There is at least one issue with the fast-track stabilization that may
affect users, so a caveat is in order.  Because of changes in the grsec
patches for kernels > 2.6.32-r9, some packages may break.  This is due
to stricter requirements on mmap-ed pages.  See ref [1].  It affects,
among other thing, python's import ctypes.  We are working on
fast-tracking a fix for that, but in the mean time, amd64 users that
wish to continue using hardened-sources-2.6.32-r9 may due so securely
provided you follow the workaround discussed in ref [2].


Refs:
[1] https://bugs.gentoo.org/329499
[2] http://bugs.gentoo.org/show_bug.cgi?id=326885

- -- 
Anthony G. Basile, Ph.D.
Gentoo Developer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkyZ2FsACgkQl5yvQNBFVTXouQCfd4DUjyI5PdhmzCJd/nf7zTIN
orwAnRpzCENGINzd1JQctkLMYwn+qfEm
=+Etu
-----END PGP SIGNATURE-----