Category Archives: gentoo

gentoo tinderbox

If you are visiting this page, it is very likely that the software you maintain has been analyzed by my tinderbox system. What is a tinderbox? It is a machine that compiles 24/7 that aims to find build failures, test … Continue reading

Posted in arch testing, gentoo | Leave a comment

Why I stopped fuzzing research

If you followed me in the past, you may have noticed that I stopped fuzzing research. During this time many people have asked me why…so instead of repeating the same answer every time, why not write a few lines about … Continue reading

Posted in advisories, gentoo, security | 4 Comments

Install Gentoo in less than one minute

I’m pretty sure that the title of this post will catch your attention…and/or maybe your curiosity. Well..this is something I’m doing since years…and since did not cost too much to make it in a public and usable state, I decided … Continue reading

Posted in gentoo | 7 Comments

sys-kernel/grsecurity-sources available!

Is known that the grsecurity project since few weeks made available the grsecurity patches only for their customers. In the meantime some people made their fork of the latest publicly available patches. At Gentoo, for some reasons (which I respect) … Continue reading

Posted in gentoo, security | 10 Comments

pax-utils: scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c)

Description: pax-utils is a set of tools that check files for security relevant properties. A fuzz on scanelf exposed an out-of bound read. It was reported to vapier which fixed the issue immediately. Unfortunately I can’t get a symbolized ASan … Continue reading

Posted in advisories, gentoo, security | 1 Comment

pax-utils: scanelf: out of bounds read in scanelf_file_textrel (scanelf.c)

Description: pax-utils is a set of tools that check files for security relevant properties. A fuzz on scanelf exposed an out-of bound read. It was reported to vapier which fixed the issue immediately. Unfortunately I can’t get a symbolized ASan … Continue reading

Posted in advisories, gentoo, security | 1 Comment

<sys-libs/zlib-1.2.11 – possible data corruption

I don’t know if a news will be sent. A possibile data corruption was found on zlib 1.2.10. Please update your zlib to 1.2.11 and make sure you restart all services that are linked to zlib (a reboot may be … Continue reading

Posted in gentoo | Leave a comment

An alternative to git bisect with Gentoo and the live ebuild

Git bisect is absolutely powerful, but sometimes is more comfortable use emerge instead of compile the software outside the package manager. That was my case with media-libs/jasper which I’m picking as example for this ‘howto’ So basically, you are running … Continue reading

Posted in gentoo | 4 Comments

portage-utils: stack-based buffer overflow in qfile.c

Description: Portage-utils is small and fast portage helper tools written in C. I discovered that a crafted file is able to cause a stack-based buffer overflow. The complete ASan output: ~ # qfile -f qfile-OOB-crash.log ================================================================= ==12240==ERROR: AddressSanitizer: stack-buffer-overflow on … Continue reading

Posted in advisories, gentoo, security | 3 Comments

Use an EOL Kernel

This could appear as a strange request, but seems there are people that need some EOL version(s) of the Kernel. I’m just answering to the request. Alternatively go to kernel.org and download the archive(s). This is strongly discouraged by upstream but there … Continue reading

Posted in gentoo | 2 Comments