* [gentoo-user] Linux Kernel Warning
@ 2006-07-14 21:01 Timothy A. Holmes
2006-07-14 21:15 ` Richard Fish
` (3 more replies)
0 siblings, 4 replies; 8+ messages in thread
From: Timothy A. Holmes @ 2006-07-14 21:01 UTC (permalink / raw
To: gentoo-user
Hi Folks:
I received the following warning from SANS yesterday, and I need to know
how to appropriately respond:
http://www.isc.sans.org/diary.php?storyid=1482
To summarize the story at the above link, there appears to be a
vulnerability in the linux kernel, which when exploited, will allow a
user to gain root privileges.
Normally, I would simply upgrade to the latest kernel from portage, and
be done with it, however, here is the problem:
QUOTING SANS HERE:
"As all kernels 2.6.13 up to version 2.6.17.4 and 2.6.16 before
2.6.16.24 are affected, you should patch as soon as possible, even if
you don't allow any local users on your machines."
As of this morning, the latest Kernel version in portage is 2.6.16-r12.
It seems that there is a different versioning / naming scheme used but
im not sure. Can someone please let me know how to respond, or point me
to appropriate reading so I can protect myself.
Thanks
TIM
Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher
Medina Christian Academy
A Higher Standard...
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] Linux Kernel Warning
2006-07-14 21:01 Timothy A. Holmes
@ 2006-07-14 21:15 ` Richard Fish
2006-07-14 21:22 ` Raymond Lewis Rebbeck
` (2 subsequent siblings)
3 siblings, 0 replies; 8+ messages in thread
From: Richard Fish @ 2006-07-14 21:15 UTC (permalink / raw
To: gentoo-user
On 7/14/06, Timothy A. Holmes <tholmes@mcaschool.net> wrote:
> As of this morning, the latest Kernel version in portage is 2.6.16-r12.
Using gentoo-sources? Check /usr/portage/sys-kernel/gentoo-sources/ChangeLog:
*gentoo-sources-2.6.16-r12 (06 Jul 2006)
06 Jul 2006; Daniel Drake <dsd@gentoo.org>
+gentoo-sources-2.6.16-r12.ebuild:
Update to Linux 2.6.16.24 for coredump privilege escalation security fix
-Richard
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] Linux Kernel Warning
2006-07-14 21:01 Timothy A. Holmes
2006-07-14 21:15 ` Richard Fish
@ 2006-07-14 21:22 ` Raymond Lewis Rebbeck
2006-07-14 21:24 ` Donnie Berkholz
2006-07-14 21:40 ` Daniel Drake
3 siblings, 0 replies; 8+ messages in thread
From: Raymond Lewis Rebbeck @ 2006-07-14 21:22 UTC (permalink / raw
To: gentoo-user
On Saturday, 15 July 2006 6:31, Timothy A. Holmes wrote:
> Hi Folks:
>
> I received the following warning from SANS yesterday, and I need to know
> how to appropriately respond:
>
> http://www.isc.sans.org/diary.php?storyid=1482
>
> To summarize the story at the above link, there appears to be a
> vulnerability in the linux kernel, which when exploited, will allow a
> user to gain root privileges.
>
> Normally, I would simply upgrade to the latest kernel from portage, and
> be done with it, however, here is the problem:
>
> QUOTING SANS HERE:
> "As all kernels 2.6.13 up to version 2.6.17.4 and 2.6.16 before
> 2.6.16.24 are affected, you should patch as soon as possible, even if
> you don't allow any local users on your machines."
>
> As of this morning, the latest Kernel version in portage is 2.6.16-r12.
> It seems that there is a different versioning / naming scheme used but
> im not sure. Can someone please let me know how to respond, or point me
> to appropriate reading so I can protect myself.
gentoo-sources-2.6.16-r2 includes the 2.6.16.24 patchset. Have a look at the
ebuild changelog:
http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/sys-kernel/gentoo-sources/ChangeLog
--
Raymond Lewis Rebbeck
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] Linux Kernel Warning
2006-07-14 21:01 Timothy A. Holmes
2006-07-14 21:15 ` Richard Fish
2006-07-14 21:22 ` Raymond Lewis Rebbeck
@ 2006-07-14 21:24 ` Donnie Berkholz
2006-07-14 21:44 ` Ow Mun Heng
2006-07-14 21:40 ` Daniel Drake
3 siblings, 1 reply; 8+ messages in thread
From: Donnie Berkholz @ 2006-07-14 21:24 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 786 bytes --]
Timothy A. Holmes wrote:
> As of this morning, the latest Kernel version in portage is 2.6.16-r12.
> It seems that there is a different versioning / naming scheme used but
> im not sure. Can someone please let me know how to respond, or point me
> to appropriate reading so I can protect myself.
http://marc.theaimsgroup.com/?l=git-commits-head&m=115273802320119&w=2
is the actual commit, with a fair bit of detail about it. You could pull
the 1-line patch from there and apply it to your kernel. There's also
the workaround mentioned in the SANS message if you don't feel
comfortable with patching, as long as you don't need to use core dumps
as non-root.
For gentoo-sources, the most reliable way to figure out what's going on
is the ChangeLog.
Thanks,
Donnie
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 249 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] Linux Kernel Warning
2006-07-14 21:01 Timothy A. Holmes
` (2 preceding siblings ...)
2006-07-14 21:24 ` Donnie Berkholz
@ 2006-07-14 21:40 ` Daniel Drake
2006-07-14 22:59 ` Daniel Drake
3 siblings, 1 reply; 8+ messages in thread
From: Daniel Drake @ 2006-07-14 21:40 UTC (permalink / raw
To: gentoo-user
Timothy A. Holmes wrote:
> As of this morning, the latest Kernel version in portage is 2.6.16-r12.
> It seems that there is a different versioning / naming scheme used but
> im not sure. Can someone please let me know how to respond, or point me
> to appropriate reading so I can protect myself.
2.6.16-r12 is protected from this bug. From the ChangeLog:
*gentoo-sources-2.6.16-r12 (06 Jul 2006)
06 Jul 2006; Daniel Drake <dsd@gentoo.org>
+gentoo-sources-2.6.16-r12.ebuild:
Update to Linux 2.6.16.24 for coredump privilege escalation security fix
However, there is a new security bug in the wild, with similar
implications. Keep an eye open for new kernel releases over the next few
hours.
Daniel
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] Linux Kernel Warning
2006-07-14 21:24 ` Donnie Berkholz
@ 2006-07-14 21:44 ` Ow Mun Heng
0 siblings, 0 replies; 8+ messages in thread
From: Ow Mun Heng @ 2006-07-14 21:44 UTC (permalink / raw
To: gentoo-user
On Fri, 2006-07-14 at 14:24 -0700, Donnie Berkholz wrote:
> There's also
> the workaround mentioned in the SANS message if you don't feel
> comfortable with patching, as long as you don't need to use core dumps
> as non-root.
Besides that, there's also the fact that if you don't have local users,
then it's pretty safe.(Unless you get hacked for a 0-day or for not
doing glsa-checks)
My Take anyway.
(that and the workaround)
--
Ow Mun Heng <Ow.Mun.Heng@wdc.com>
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [gentoo-user] Linux Kernel Warning
2006-07-14 21:40 ` Daniel Drake
@ 2006-07-14 22:59 ` Daniel Drake
0 siblings, 0 replies; 8+ messages in thread
From: Daniel Drake @ 2006-07-14 22:59 UTC (permalink / raw
To: gentoo-user
Daniel Drake wrote:
> However, there is a new security bug in the wild, with similar
> implications. Keep an eye open for new kernel releases over the next few
> hours.
No patch yet, suitable workaround is:
# mount -o remount,noexec /proc
Daniel
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: [gentoo-user] Linux Kernel Warning
@ 2006-07-15 14:47 Timothy A. Holmes
0 siblings, 0 replies; 8+ messages in thread
From: Timothy A. Holmes @ 2006-07-15 14:47 UTC (permalink / raw
To: gentoo-user
> -----Original Message-----
> From: Daniel Drake [mailto:dsd@gentoo.org]
> Sent: Friday, July 14, 2006 6:59 PM
> To: gentoo-user@lists.gentoo.org
> Subject: Re: [gentoo-user] Linux Kernel Warning
>
> Daniel Drake wrote:
> > However, there is a new security bug in the wild, with similar
> > implications. Keep an eye open for new kernel releases over the next
few
> > hours.
>
> No patch yet, suitable workaround is:
> # mount -o remount,noexec /proc
>
> Daniel
> --
> gentoo-user@gentoo.org mailing list
[Timothy A. Holmes]
Thanks folks:
Guess I learned something else new! -- I am finding out fast that
learning and using gentoo is mostly like trying to drink from a firehose
:)
Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher
Medina Christian Academy
A Higher Standard...
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2006-07-15 14:54 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-07-15 14:47 [gentoo-user] Linux Kernel Warning Timothy A. Holmes
-- strict thread matches above, loose matches on Subject: below --
2006-07-14 21:01 Timothy A. Holmes
2006-07-14 21:15 ` Richard Fish
2006-07-14 21:22 ` Raymond Lewis Rebbeck
2006-07-14 21:24 ` Donnie Berkholz
2006-07-14 21:44 ` Ow Mun Heng
2006-07-14 21:40 ` Daniel Drake
2006-07-14 22:59 ` Daniel Drake
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox