The Linux kernel has recently been facing a series of discovered privilege escalation vulnerabilities, starting with the Copy Fail vulnerability and followed by subsequent vulnerabilities in the same spirit (Dirty Frag, Fragnesia). This development is part of a general trend where vulnerabilities are being found - and disclosed - faster than before. We expect it to continue, at least for the short-term.

The Gentoo Linux Kernel and Distribution Kernel teams are doing their best to keep Gentoo kernels secure. This includes both packaging the latest upstream releases as soon as possible, and backporting additional vulnerability fixes or mitigations whenever they become available. As example, while upstream kernel releases are still vulnerable to Fragnesia, the respective Gentoo kernels feature fixes from day one. At the time of writing, all supported Gentoo kernels feature the latest Fragnesia v5 patch. Please expect more updates. We recommend exploring ways to automate upgrading your kernel.

Please note that only sys-kernel/gentoo-kernel, sys-kernel/gentoo-kernel-bin and sys-kernel/gentoo-sources packages are security-supported. The vanilla kernel packages are vulnerable at the moment. Other kernel packages may carry fixes, but they usually are slower to be updated. Additionally, we recommend running the latest kernel version (~arch or latest stable LTS), as upstream does not reliably backport security fixes to older versions.

It’s taken a lot of time, but we have finally made the big step to upgrade our Gentoo Forums to phpBB3. You will notice a few differences between phpBB2 and today:

• It’s definitely not Discourse.
• Everyone must change their password at first login, just to freshen them up.
• Reports are more private-like now, but we may get the old public reporting topic back later.

Discussion and feedback are welcome on the ‘The Gentoo Big Forum Upgrade’ discussion thread.