# Dirty COW (CVE-2016-5195)

## mgnut57

When will a fix for this be in  gentoo-sources 4.4.x? The bug https://bugs.gentoo.org/show_bug.cgi?id=597624 doesn't show when the updated ebuild will be released.

----------

## eccerr0r

Strange, I thought I verified the git commit in 4.4.26 and now it says it's in the vulnerable stage.

I have the stabilized gentoo-sources-4.4.26 installed and it does not seem to be vulnerable.

```
subaru:/tmp$ uname -a

Linux subaru 4.4.26-gentoo #1 SMP Sun Oct 23 14:27:44 MDT 2016 x86_64 Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz GenuineIntel GNU/Linux

subaru:/tmp$ cat foo 

this is a test

subaru:/tmp$ ls -l foo 

-r-----r-- 1 root root 15 Nov  6 14:17 foo

subaru:/tmp$ ./dirtyc0w foo moooooooooooooooooooooooo

mmap 7ff47dd4a000

madvise 0

procselfmem -1794967296

subaru:/tmp$ cat foo 

this is a test

subaru:/tmp$ 

```

More Gentoo references:

https://forums.gentoo.org/viewtopic-t-1053368-highlight-.html

----------

## goldfinch

4.4.26 is fine.

https://bugs.gentoo.org/show_bug.cgi?id=597738

Edit:

Personally, I've updated to 4.4.30 since a couple of patches were removed. Have a look:

http://lwn.net/Articles/705221/

----------

## eccerr0r

Yeah, I figured that someone made a mistake in the first bug report.

I backported to 4.0.5 on one machine since that was a network facing machine and 4.4.26 was not available at the time, so that's how I verified 4.4.26 indeed had the patch when it came out.

I'm waiting for Gentoo-devs to stabilize another gentoo-sources so I don't go and do an update of all my machines again and again... That 4.0.5 manual patch was enough trouble, then having to recompile all my other machines...

----------

