lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080907103038.GA11570@hera.kernel.org>
Date:	Sun, 7 Sep 2008 10:30:38 +0000
From:	Willy Tarreau <wtarreau@...a.kernel.org>
To:	linux-kernel@...r.kernel.org
Subject: Linux 2.4.36.7

Hi all,

I've just released Linux 2.4.36.7.

The patch and changelog will appear soon at the following locations:
  ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/
  ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/patch-2.4.36.7.bz2
  ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.7

Git repository:
   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.36.y.git
  http://www.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.36.y.git

Git repository through the gitweb interface:
  http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.36.y.git

This release fixes several minor security issues and a few not other issues.
There's normally no emergency to upgrade, but I wanted to flush the patch
queue. I've also fixed an uninitialized variable in the sky2 backport. It
might have caused random trouble to some users.

Given that most distros today ship with a version of GCC which is not
compatible with kernel 2.4, I have added a small documentation explaining
how to build an older GCC when you only have a newer one. Building a
stripped-down GCC only takes between 1 and 2 minutes on recent machines,
so it's really worth it. This doc does not cover cross-compilation.

For those interested, please check Documentation/using-newer-gcc.txt.

Willy
--
Summary of changes from v2.4.36.6 to v2.4.36.7
============================================

David S. Miller (1):
      sctp: Make sure N * sizeof(union sctp_addr) does not overflow (CVE-2008-2826)

Eugene Teo (1):
      wan: Missing capability checks in sbni_ioctl() (CVE-2008-3525)

Florin Malita (1):
      [PPPOE]: Missing result check in __pppoe_xmit().

Gilbert Ashley Gilbert (1):
      udf: fix uid/gid permissions

Herbert Xu (1):
      net pppoe: Check packet length on all receive paths

Stephen Hemminger (1):
      ipv6: use timer pending

Vlad Yasevich (2):
      sctp: Do not leak memory on multiple listen() calls
      sctp: Allow only 1 listening socket with SO_REUSEADDR

Willy Tarreau (4):
      doc: explain how to build a suitable gcc in Documentation/using-newer-gcc.txt
      sound: fix warning due to incorrect error code checking in ad1889
      sky2: fix uninitialized "mss" variable in sky2_xmit_frame()
      Change VERSION to 2.4.36.7

Xiong Wu (1):
      Correct the upto value during list conntrack information

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ