Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
gentoo-sources 3.10.105 - fix for CVE-2017-6074 ? [solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
Duncan Mac Leod
Apprentice
Apprentice


Joined: 02 May 2004
Posts: 251
Location: Germany

PostPosted: Sun Feb 26, 2017 5:27 pm    Post subject: gentoo-sources 3.10.105 - fix for CVE-2017-6074 ? [solved] Reply with quote

I've seen that Mike has released gentoo-sources 4.1.38-r1 which contains the fix fpr CVE-2017-6074.

Is this fix already included in gentoo-sources 3.10.105 ?


Last edited by Duncan Mac Leod on Mon Feb 27, 2017 8:09 pm; edited 1 time in total
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7267
Location: almost Mile High in the USA

PostPosted: Mon Feb 27, 2017 1:47 am    Post subject: Reply with quote

Quick scan of the patches in gentoo-sources-3.10.105 => CVE-2017-6074 NOT patched in this version.

Looks like:
gentoo-sources-4.4.52 has CVE-2017-6074 patched
gentoo-sources-4.9.13 has CVE-2017-6074 patched
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Mon Feb 27, 2017 4:07 am    Post subject: Reply with quote

Duncan Mac Leod ...

you should be able to apply the patch ... at least with 3.12.70 it applies cleanly:

Code:
% uname -r
3.12.70-ck
% wget --trust-server-names=on https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 -O /tmp/cve-2017-6074.patch
% su -
# patch -p1 --dry-run -d /usr/src/linux </tmp/cve-2017-6074.patch
checking file net/dccp/input.c
# patch -p1 -d /usr/src/linux </tmp/cve-2017-6074.patch
patching file net/dccp/input.c

HTH & best ... khay
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14360

PostPosted: Mon Feb 27, 2017 4:22 am    Post subject: Reply with quote

Also, since you undoubtedly build your own kernel, you have the option of excluding from compilation the affected code, in which case it would not matter whether you apply the patch.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7267
Location: almost Mile High in the USA

PostPosted: Mon Feb 27, 2017 6:25 am    Post subject: Reply with quote

If you modularized the dccp code and you don't need dccp, you can remove those module files until you get a known clean version:

# rm /lib/modules/kernelversion/kernel/net/dccp/dccp*ko

Instead of deleting you could prevent the kernel from autoloading the modules: Swiped from redhat:

# echo "install dccp /bin/true" >> /etc/modprobe.d/disable-dccp.conf

Note that like the ipv6 module, likely it can't be rmmoded without a reboot because of the large refcount that occurs when it get inserted.

Of course if you actually use dccp (you would know if you're using it, and mostly it's for routers it seems), you would have to patch. For me, I don't use dccp, and thus I can procrastinate.
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Duncan Mac Leod
Apprentice
Apprentice


Joined: 02 May 2004
Posts: 251
Location: Germany

PostPosted: Mon Feb 27, 2017 8:10 pm    Post subject: Reply with quote

Mike has just released gentoo-sources 3.10.105-r1 which contains the fix :D - thank you, Mike!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum