| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 16 Dec 2007 23:38:33 +0000
From: Willy Tarreau <wtarreau@...a.kernel.org>
To: linux-kernel@...r.kernel.org
Subject: Linux 2.4.36-rc1
I've just released Linux 2.4.36-rc1.
It fixes several vulnerabilities, some of them discovered in 2.6.
Among them, we find 2 ISDN overflows, one case of insufficient
permissions checking on core dumps, the ability for a process to
escape ptrace-based syscall policy checking, and the possibility
for a specially crafted ELF binary to bypass the recently added
restrictions on the minimum MMAP address.
Due to several reports of mis-compilations with GCC 4.2, I have
explicitly disabled its use with an explicit message.
I got one report from Krzysztof Strasburger of a good old 386 not
booting anymore due to a misplaced "HAS_TSC" in the config. His
fix made perfect sense and looked good, but please complain if you
notice a related problem on old hardware.
It was also not possible to build for ia32 on x86_64 due to a
recent vulnerability fix in which an update to the size of the
instruction was missing (cmpl -> cmpq).
I'm still planning on releasing 2.4.36 around the end of the year
(eg: last week-end), if nothing new is discovered since. If new
fixes are merged by that time, I may delay it a little bit to the
beginning of January.
Please test it, beat it and report any problems (build or bugs).
The patch and changelog will appear soon at the following locations:
ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/testing/
ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.36-rc1.bz2
ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.36.log
Git repository:
git://git.kernel.org/pub/scm/linux/kernel/git/wtarreau/linux-2.4.git
http://www.kernel.org/pub/scm/linux/kernel/git/wtarreau/linux-2.4.git/
Git repository through the gitweb interface:
http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git
Thanks,
Willy
---
Summary of changes from v2.4.36-pre2 to v2.4.36-rc1
============================================
Jonas Danielsson (1):
net/ipv4/arp.c: Fix arp reply when sender ip 0
Krzysztof Strasburger (1):
fix arch/i386/config.in to be able to boot on 386
Pete Zaitcev (1):
usb: Move linux-usb-devel
Willy Tarreau (8):
GCC >= 4.2 miscompiles the kernel
prevent do_brk() from allocating below mmap_min_addr
fix build of ia32entry.S on x86_64
vfs: coredumping fix
isdn: avoid copying overly-long strings
prevent SIGCONT from waking up a PTRACED process (CVE-2007-4774)
isdn: fix isdn_ioctl memory overrun vulnerability
Change VERSION to 2.4.36-rc1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists