lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Sat, 16 Feb 2008 13:42:20 +0000
From:	Willy Tarreau <wtarreau@...a.kernel.org>
To:	linux-kernel@...r.kernel.org
Subject: Linux 2.4.36.1


I've just released Linux 2.4.36.1.

It includes fixes for 6 minor security issues, most of them brought
by Dann Frazier of the Debian security team. It also restores the
ability to build user-space depending on kernel headers with GCC 4.2.

As usual when dealing with security, upgrading is recommended, but
there's nothing serious enough to justify a blind rush :

CVE-2008-0007 : insufficient range checks in certain fault handlers
CVE-2007-5093 : DoS in pwc USB video driver
CVE-2007-4308 : missing permission checks in aacraid ioctls
CVE-2006-5753 : memory corruption from misinterpreted bad_inode_ops ret values
CVE-2007-2525 : memory leak when a PPPoE socket is released
CVE-2006-6054 : ext2 denial of service in presence of malformed data structures

BTW, to make it clear to those who are wondering, since some are asking :
there is no vmsplice syscall in 2.4 so the exploit published last week has
no effect there, as it is only relevant to 2.6.18+.

The patch and changelog will appear soon at the following locations:
  ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/
  ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/patch-2.4.36.1.bz2
  ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.1

Git repository:
   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-v2.4.36.y.git
  http://www.kernel.org/pub/scm/linux/kernel/git/stable/linux-v2.4.36.y.git

Git repository through the gitweb interface:
  http://git.kernel.org/?p=linux/kernel/git/stable/linux-v2.4.36.y.git

Regards,
Willy

---

Summary of changes from v2.4.36 to v2.4.36.1
============================================

Willy Tarreau (4):
      Do not complain about gcc 4.2 for user-space
      i386: fix setCx86/getCx86 race in macros
      security: insufficient range checks in certain fault handlers
      Change VERSION to 2.4.36.1

dann frazier (7):
      ext2_readdir() filp->f_pos fix
      avoid semi-infinite loop when mounting bad ext2
      ext2: skip pages past number of blocks in ext2_find_entry
      memory leak when socket is release()d before PPPIOCGCHAN has been called on it
      2.4: fix memory corruption from misinterpreted bad_inode_ops return values
      2.4: [SCSI] aacraid: Fix security hole
      2.4: USB: fix DoS in pwc USB video driver

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ