Archive for October 2010
While it pains me a bit to say this, and I don’t have a great deal of time to type this, I wanted to at least try to get some kind of word out to our user community that the high-profile kernel regression announced a few weeks ago (and fixed a few weeks ago in almost every other distro), remains a vulnerability in Gentoo with no clear timeline for resolution.
Gentoo bug 337654 is tracking this issue.
Users can emerge a more recent version of gentoo-sources to get the patch, and I’d recommend doing so if local root exploits are something that concern you.
I’d like to dwell a bit longer on solutions, but I don’t really have time to do so right now. Clearly the kernel team could use help with security issues. The security team probably could use help as well in staying on top of these kinds of issues. I don’t want to kick people when they are down – Gentoo is an all-volunteer effort. However, situations like this really don’t do much to improve the reputation of the distro, and at the very least we need to inform users when problems like this arise.