Category Archives: gentoo

sys-kernel/grsecurity-sources available!

Is known that the grsecurity project since few weeks made available the grsecurity patches only for their customers. In the meantime some people made their fork of the latest publicly available patches. At Gentoo, for some reasons (which I respect) … Continue reading

Posted in gentoo, security | 10 Comments

pax-utils: scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c)

Description: pax-utils is a set of tools that check files for security relevant properties. A fuzz on scanelf exposed an out-of bound read. It was reported to vapier which fixed the issue immediately. Unfortunately I can’t get a symbolized ASan … Continue reading

Posted in advisories, gentoo, security | 1 Comment

pax-utils: scanelf: out of bounds read in scanelf_file_textrel (scanelf.c)

Description: pax-utils is a set of tools that check files for security relevant properties. A fuzz on scanelf exposed an out-of bound read. It was reported to vapier which fixed the issue immediately. Unfortunately I can’t get a symbolized ASan … Continue reading

Posted in advisories, gentoo, security | 1 Comment

<sys-libs/zlib-1.2.11 – possible data corruption

I don’t know if a news will be sent. A possibile data corruption was found on zlib 1.2.10. Please update your zlib to 1.2.11 and make sure you restart all services that are linked to zlib (a reboot may be … Continue reading

Posted in gentoo | Leave a comment

An alternative to git bisect with Gentoo and the live ebuild

Git bisect is absolutely powerful, but sometimes is more comfortable use emerge instead of compile the software outside the package manager. That was my case with media-libs/jasper which I’m picking as example for this ‘howto’ So basically, you are running … Continue reading

Posted in gentoo | 4 Comments

portage-utils: stack-based buffer overflow in qfile.c

Description: Portage-utils is small and fast portage helper tools written in C. I discovered that a crafted file is able to cause a stack-based buffer overflow. The complete ASan output: ~ # qfile -f qfile-OOB-crash.log ================================================================= ==12240==ERROR: AddressSanitizer: stack-buffer-overflow on … Continue reading

Posted in advisories, gentoo, security | 3 Comments

Use an EOL Kernel

This could appear as a strange request, but seems there are people that need some EOL version(s) of the Kernel. I’m just answering to the request. Alternatively go to kernel.org and download the archive(s). This is strongly discouraged by upstream but there … Continue reading

Posted in gentoo | 2 Comments

The maintainer is not the first listed in the ChangeLog

Dear users, community, $people, I receive more or less two mail per week, so I decided to point this out. I know that my activity is notable in the ChangeLog because of the stabilization but the maintainer is not the … Continue reading

Posted in gentoo | 4 Comments

Manage a security bug

It is a fact that in the last time the security team has a lack of manpower or in other words, the security bugs need more eyes. Please do not complain about that, because this post is not intended to … Continue reading

Posted in gentoo | Leave a comment

Avoid the spam on the gentoo.org mail with procmail

I use it since a long time, so since it works pretty good for me, I want to share how to handle the spam for your @gentoo.org address with procmail. First, you need to say that procmail will filter your … Continue reading

Posted in gentoo | 8 Comments