lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Sun, 1 Jun 2008 23:27:27 +0000
From:	Willy Tarreau <wtarreau@...a.kernel.org>
To:	linux-kernel@...r.kernel.org
Subject: Linux 2.4.36.5


I've just released Linux 2.4.36.5.

The patch and changelog will appear soon at the following locations:
  ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/
  ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/patch-2.4.36.5.bz2
  ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.5

Git repository:
   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-v2.4.36.y.git
  http://www.kernel.org/pub/scm/linux/kernel/git/stable/linux-v2.4.36.y.git

Git repository through the gitweb interface:
  http://git.kernel.org/?p=linux/kernel/git/stable/linux-v2.4.36.y.git

It fixes 3 medium vulnerabilities :
  - sit: Add missing kfree_skb() on pskb_may_pull() failure (CVE-2008-2136)
  - sparc: Fix mmap VA span checking (CVE-2008-2137)
  - old buffer overflow in moxa driver (CVE-2005-0504)

The remaining patches are minor backports and fixes.
Given the nature of the vulnerabilities, it is recommended to upgrade.

Regards,
Willy
--

Summary of changes from v2.4.36.4 to v2.4.36.5
============================================

David S. Miller (2):
      sit: Add missing kfree_skb() on pskb_may_pull() failure (CVE-2008-2136)
      sparc: Fix mmap VA span checking (CVE-2008-2137)

Gunnar Larisch (1):
      3c980-TX needs EXTRA_PREAMBLE

Li Zefan (1):
      ACPI: check a return value correctly in acpi_power_get_context()

Roel Kluin (1):
      wireless, airo: waitbusy() won't delay

Steve Rosenbluth (2):
      signal.h: use an explicit cast to silent compiler warnings
      fix build error with some flavours of gcc 2.95.3

Willy Tarreau (1):
      Change VERSION to 2.4.36.5

dann frazier (1):
      old buffer overflow in moxa driver (CVE-2005-0504)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ