From: Willy Tarreau <wtarreau@hera.kernel.org>
To: linux-kernel@vger.kernel.org
Subject: Linux 2.4.36-rc1
Date: Sun, 16 Dec 2007 23:38:33 +0000 [thread overview]
Message-ID: <20071216233833.GA16691@hera.kernel.org> (raw)
I've just released Linux 2.4.36-rc1.
It fixes several vulnerabilities, some of them discovered in 2.6.
Among them, we find 2 ISDN overflows, one case of insufficient
permissions checking on core dumps, the ability for a process to
escape ptrace-based syscall policy checking, and the possibility
for a specially crafted ELF binary to bypass the recently added
restrictions on the minimum MMAP address.
Due to several reports of mis-compilations with GCC 4.2, I have
explicitly disabled its use with an explicit message.
I got one report from Krzysztof Strasburger of a good old 386 not
booting anymore due to a misplaced "HAS_TSC" in the config. His
fix made perfect sense and looked good, but please complain if you
notice a related problem on old hardware.
It was also not possible to build for ia32 on x86_64 due to a
recent vulnerability fix in which an update to the size of the
instruction was missing (cmpl -> cmpq).
I'm still planning on releasing 2.4.36 around the end of the year
(eg: last week-end), if nothing new is discovered since. If new
fixes are merged by that time, I may delay it a little bit to the
beginning of January.
Please test it, beat it and report any problems (build or bugs).
The patch and changelog will appear soon at the following locations:
ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/testing/
ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.36-rc1.bz2
ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.36.log
Git repository:
git://git.kernel.org/pub/scm/linux/kernel/git/wtarreau/linux-2.4.git
http://www.kernel.org/pub/scm/linux/kernel/git/wtarreau/linux-2.4.git/
Git repository through the gitweb interface:
http://git.kernel.org/?p=linux/kernel/git/wtarreau/linux-2.4.git
Thanks,
Willy
---
Summary of changes from v2.4.36-pre2 to v2.4.36-rc1
============================================
Jonas Danielsson (1):
net/ipv4/arp.c: Fix arp reply when sender ip 0
Krzysztof Strasburger (1):
fix arch/i386/config.in to be able to boot on 386
Pete Zaitcev (1):
usb: Move linux-usb-devel
Willy Tarreau (8):
GCC >= 4.2 miscompiles the kernel
prevent do_brk() from allocating below mmap_min_addr
fix build of ia32entry.S on x86_64
vfs: coredumping fix
isdn: avoid copying overly-long strings
prevent SIGCONT from waking up a PTRACED process (CVE-2007-4774)
isdn: fix isdn_ioctl memory overrun vulnerability
Change VERSION to 2.4.36-rc1
reply other threads:[~2007-12-16 23:38 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071216233833.GA16691@hera.kernel.org \
--to=wtarreau@hera.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.