lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20101218155219.GA32284@hera.kernel.org>
Date:	Sat, 18 Dec 2010 15:52:19 +0000
From:	Willy Tarreau <wtarreau@...a.kernel.org>
To:	linux-kernel@...r.kernel.org
Subject: [ANNOUNCE] Linux 2.4.37.11

Hi,

I've just released Linux 2.4.37.11.

It fixes a number of minor security issues, mainly information leaks
from the kernel stack on some 64-bit architectures, or possible NULL
derefs and crashes in some less commonly used protocols (eg: econet,
x25, irda).

A build issue introduced in 2.4.37.10 when atm/clip was configured to
build as a module was fixed.

An ext3 quota bug causing occasional random panics was fixed, thanks
to a report from Sascha Umlang who also made lots of efforts to get
a debuggable capture of the issue and test the backport for two months.

Last, various MIPS-related fixes provided by Ralf Baechle were merged.

The new 2.4 EOL is now pushed to end of 2011.

Willy

--
The patch and changelog will appear soon at the following locations:
  ftp://ftp.kernel.org/pub/linux/kernel/v2.4/
  ftp://ftp.kernel.org/pub/linux/kernel/v2.4/patch-2.4.37.11.bz2
  ftp://ftp.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.11

Git repository:
   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.37.y.git
  http://www.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.37.y.git

Git repository through the gitweb interface:
  http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git

Summary of changes from v2.4.37.10 to v2.4.37.11
============================================

Dan Rosenberg (3):
      drivers/net/eql.c: prevent reading uninitialized stack memory
      sys_semctl: fix kernel stack leakage
      x25: Prevent crashing when parsing bad X.25 facilities

David S. Miller (1):
      rose: Fix signedness issues wrt. digi count.

Ladislav Michl (1):
      NET: SGIseeq: Add support for Challenge S Mezz board

Nelson Elhage (1):
      do_exit(): make sure that we run with get_fs() == USER_DS

Pete Popov (1):
      MTD: Add AMD Alchemy Mirage mapping driver.

Phil Blundell (3):
      econet: fix CVE-2010-3848
      econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849
      econet: fix CVE-2010-3850

Ralf Baechle (2):
      NET: hdlcdrv: Make driver stop method stop queue.
      CHAR: New key map for IBM WorkPad z50.

Samuel Ortiz (1):
      irda: Fix parameter extraction stack overflow

Vasiliy Kulikov (2):
      drivers/char/ppdev.c: fix information leak to userland
      ipc: shm: fix information leak to userland

Willy Tarreau (6):
      net: atm/clip does not work anymore as a module
      ext3: ext3_symlink should use GFP_NOFS allocations inside
      net: packet: fix information leak to userland
      usb: core: fix information leak to userland
      block: ioctl: fix information leak to userland
      Change VERSION to 2.4.37.11

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ