[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: Kernel update status

On Fri, 17 Sep 2010 18:01:12 -0400 Michael Gilbert wrote:

> The fixes are already commited to the kernel svn and pending for
> 2.6.32-23.  I however don't know when that will be uploaded.  You > could
> get the kernel sources from their git tree and compile it on your own.

> There is also a workaround for CVE-2010-3081 [0].  Note that you have
> to run that after every boot.

I compiled the 2.6.32-23 kernel packages myself from `apt-get source
linux-2.6` since I didn't want to wait for them to be available via apt,
but my test system is still vulnerable to this exploit:
(ABftw.c didn't work for me on 2.6.32-5 or 2.6.32-23)

Unless I'm mistaken, all the appropriate patches mentioned earlier in
this thread have been applied to 2.6.32-23:
* c41d68a513c71e35a14f66d71782d27a79a81ea6 =
* c41d68a513c71e35a14f66d71782d27a79a81ea6 =
* eefdca043e8391dcd719711716492063030b55ac =

Has anyone with access to Mr. Gilber's compiled kernel had a chance to
test it? Did I bork `cd linux-2.6-2.6.32 && fakeroot debian/rules
binary` somehow or are we missing a patch?

(I did an md5sum on
and /boot/vmlinuz-2.6.32-bpo.5-amd64 and they match, so I'm pretty sure
I've got the right package installed correctly too).

Note that my non-backports systems running 2.6.26-25lenny1 aren't
vulnerable to that exploit. Unfortunately I patched them all before
trying it on the previous kernel, but I would assume whatever I was
running before that was vulnerable.

Adam Carheden

Reply to: