lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20090607200147.GA29197@hera.kernel.org>
Date:	Sun, 7 Jun 2009 20:01:47 +0000
From:	Willy Tarreau <wtarreau@...a.kernel.org>
To:	linux-kernel@...r.kernel.org
Subject: Linux 2.4.37.2


I've just released Linux 2.4.37.2.

The main goal was to address a regression brought by 2.4.37.1. The
CAP_KILL fix caused modprobe to leave zombies on auto-loading (easily
seen with CONFIG_IPV6=m).

While working on this, I also merged some fixes which did not get into
2.4.37.1 either because it was too late or because I missed them. The
only really relevant one is the fix for the SCTP overflow (CVE-2009-0065)
which has been demonstrated to be remotely exploitable when an SCTP
application was running.

Users of 2.4.37.1 with modules autoloading enabled are really encouraged
to upgrade.

The patch and changelog will appear soon at the following locations:
  ftp://ftp.kernel.org/pub/linux/kernel/v2.4/
  ftp://ftp.kernel.org/pub/linux/kernel/v2.4/patch-2.4.37.2.bz2
  ftp://ftp.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.2

Git repository:
   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.37.y.git
  http://www.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.37.y.git

Git repository through the gitweb interface:
  http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git

Regards,
Willy


Summary of changes from v2.4.37.1 to v2.4.37.2
============================================

David S. Miller (1):
      ipv6: Disallow rediculious flowlabel option sizes.

Eugene Teo (1):
      net: amend the fix for SO_BSDCOMPAT gsopt infoleak

Jesse Brandeburg (1):
      e1000: fix bug with shared interrupt during reset

Neil Horman (1):
      e1000: add missing length check to e1000 receive routine

Wei Yongjun (1):
      sctp: Avoid memory overflow while FWD-TSN chunk is received with bad stream ID

Willy Tarreau (2):
      exit_notify: fix regression uncovered by the CAP_KILL fix
      Change VERSION to 2.4.37.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ