lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090813222615.GA5675@hera.kernel.org>
Date:	Thu, 13 Aug 2009 22:26:15 +0000
From:	Willy Tarreau <wtarreau@...a.kernel.org>
To:	linux-kernel@...r.kernel.org
Subject: Linux 2.4.37.5

Hi all,

I've just released Linux 2.4.37.5.

I wanted to delay it a bit more to wait for other fixes to be ready
to be merged, but a very old vulnerability has recently been discovered,
and a local exploit is already circulating, though it does not work as-is
on 2.4, hehe ;-)

Thus I preferred to release 2.4.37.5 now so that users have the time
to patch before someone figures how to modify the exploit to get it
to work on 2.4. The issue only affects systems with untrusted local
users. For those who don't have time to revalidate and upgrade, just
set /proc/sys/vm/mmap_min_addr to 4096 or more, as it is enough to
stop the exploit, and is recommended anyway, unless you know that it
breaks one very old legacy application.

A few minor build issues have also been fixed BTW.

The patch and changelog will appear soon at the following locations:
  ftp://ftp.kernel.org/pub/linux/kernel/v2.4/
  ftp://ftp.kernel.org/pub/linux/kernel/v2.4/patch-2.4.37.5.bz2
  ftp://ftp.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5

Git repository:
   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.37.y.git
  http://www.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.37.y.git

Git repository through the gitweb interface:
  http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git


Willy
--
Summary of changes from v2.4.37.4 to v2.4.37.5
============================================

Willy Tarreau (5):
      build: fix for "make rpm" on RH9
      build: fix genksyms segfault in pcigame.c
      build: do not let genksyms silently fail anymore
      net: fix possible NULL dereference in sock_sendpage()
      Change VERSION to 2.4.37.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ