| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Aug 2006 12:08:41 +1000 From: Grant Coady <gcoady.lk@...il.com> To: Willy Tarreau <wtarreau@...a.kernel.org> Cc: linux-kernel@...r.kernel.org, mtosatti@...hat.com, "Patrick J. Volkerding" <volkerdi@...ckware.com> Subject: Re: Linux 2.4.33.2 On Tue, 22 Aug 2006 21:23:00 +0000, Willy Tarreau <wtarreau@...a.kernel.org> wrote: > >Hi ! > >Linux 2.4.33.2 is out. It fixes a local privilege escalation in SCTP >(CVE-2006-3745). Also included are a fix for a bad address check in >binfmt_elf (already in 2.6), and a fix for build on some non-sparc >architectures which I broke in 2.4.33.1 when trying to fix the memchr() >export (problem reported by Mikael Pettersson). > >If does not contain the UDF fix which went in 2.6.17.10. I will check >whether it applies to 2.4 and will backport it for a future release. > >### Important note for users of Slackware 10.2 ### > >Grant Coady informed me that 2.4.33.1 did not boot for him. After a long >series of tests from him and Pat Volkerding, it appeared that the problem >is caused by glibc 2.3.6 wrongly detecting kernel version as 4.33.1 and >mistakenly using the NTPL libs instead. > >Patrick has fixed the problem and will (has ?) send the fix to the glibc >team. By now people using Slackware 10.2 must upgrade their glibc to >glibc-solibs-2.3.5-i486-6_slack10.2.tgz if they want to run a 2.4.33.x >kernel (user glibc-2.3.6 build -5 for -current). A workaround is either >to rename /lib/tls or to rename the kernel to something different than >4 numbers separated by dots. Since the problem is fixed, I don't intend >to change the numbering. > >I dont think that this problem might affect many other distros since those >shipping an NPTL-enabled libc with both 2.4 and 2.6 mainline are rare. If >anyone else encounters the problem, Pat has the fix. Okay here ;) <http://bugsplatter.mine.nu/test/linux-2.4/> + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + | kernel version |deltree|hal |niner |peetoo |pooh |sempro |silly |tosh | + - - - - - - - - + - - - + - - - + - - - + - - - + - - - + - - - + - - - + - - - + | 2.4.33.2 [2] | - | Y | Y | Y | | Y | Y | Y | | 2.4.33-2 [1] | Y | Y | Y | Y | | Y | Y | Y | | 2.4.33-1 [1] | Y | Y | Y | Y | | Y | Y | Y | | 2.4.33-final | Y | Y | Y | Y | | Y | Y | Y | + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + [1] unofficial rename of 2.4.33.1 for testing under slackware, to be resolved... [2] requires upgrade to glibc-solibs-2.3.5-i486-6_slack10.2.tgz for slack-10.2 Box deltree is halfway from slack-10.2 to slack-current, therefore not tested. Cheers, Grant. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists