23914 2010-08-19 20:51:54 +0400 CVE-2010-2240 kernel: mm: keep a guard page below a grow-down stack segment 2010-08-21 20:10:04 +0400 1 1 4 Development Sisyphus kernel-image-tmc-tc unstable all Linux CLOSED FIXED https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2240 security P3 blocker --- 1 ldv mike aspsk boris boyarsh ldv mike mithraen oddity rider shrek silicium sin vitty vsu zerg qa-sisyphus oldest_to_newest 111286 0 ldv 2010-08-19 20:51:54 +0400 http://theinvisiblethings.blogspot.com/2010/08/skeletons-hidden-in-linux-closet.html 111291 1 mike 2010-08-20 03:54:01 +0400 Какой именно фикс предлагается использовать? 320b2b8de12698082609ebbc1a17165727f4c893 сочли достаточным или нет? 111292 2 ldv 2010-08-20 04:48:26 +0400 ----- Forwarded message from Greg KH ----- > >You need more than just that one patch to solve all of the issues here. > >The latest round of stable kernel releases have all of the needed > >patches, with the exception of the .27-stable kernel, that one is still > >out for review for more testing. > > Greg, did I miss out any? > > http://git.kernel.org/linus/320b2b8de12698082609ebbc1a17165727f4c893 > http://git.kernel.org/linus/5528f9132cf65d4d892bcbc5684c61e7822b21e9 > http://git.kernel.org/linus/96054569190bdec375fe824e48ca1f4e3b53dd36 > http://git.kernel.org/linus/11ac552477e32835cb6970bf0a70c210807f5673 > http://git.kernel.org/linus/d7824370e26325c881b665350ce64fb0a4fde24a No, I think that's it. But watch out if you have kernels older than 2.6.28, the above patches don't apply there properly. I have released a 2.6.27.52-rc3 with them reworked, but I don't really feel comfortable with it at the moment, so any help and testing would be greatly appreciated. ----- End forwarded message ----- 111303 3 mike 2010-08-20 13:59:02 +0400 (В ответ на комментарий №2) > But watch out if you have kernels older than 2.6.28, the above patches > don't apply there properly. I have released a 2.6.27.52-rc3 with them > reworked, but I don't really feel comfortable with it at the moment, so > any help and testing would be greatly appreciated. Думаю дождаться 2.6.27.52, атака на терминал чревата максимум доступом в локальную сеть с правами root (и к примонтированным флэшкам-сидюшкам). Если получится раньше, попробую прикрутить SUSE'шный патч, хотя что-то подсказывает, что быстрее выйдет 2.6.27.y. Спасибо! 111336 4 mike 2010-08-21 15:44:23 +0400 Дождался. 111343 5 repository-robot 2010-08-21 20:10:04 +0400 kernel-image-tmc-tc-2.6.27-alt10 -> sisyphus: * Sat Aug 21 2010 Michael Shigorin <mike@altlinux> 2.6.27-alt10 - 2.6.27.52: fixes local root vulnerability CVE-2010-2240 (kernel: mm: keep a guard page below a grow-down stack segment) + thanks ldv@ for convenient support (closes: #23914)