Linux 2.4.36.1

All of lore.kernel.org
 help / color / mirror / Atom feed

* Linux 2.4.36.1
@ 2008-02-16 13:42 Willy Tarreau
  0 siblings, 0 replies; only message in thread
From: Willy Tarreau @ 2008-02-16 13:42 UTC (permalink / raw)
  To: linux-kernel


I've just released Linux 2.4.36.1.

It includes fixes for 6 minor security issues, most of them brought
by Dann Frazier of the Debian security team. It also restores the
ability to build user-space depending on kernel headers with GCC 4.2.

As usual when dealing with security, upgrading is recommended, but
there's nothing serious enough to justify a blind rush :

CVE-2008-0007 : insufficient range checks in certain fault handlers
CVE-2007-5093 : DoS in pwc USB video driver
CVE-2007-4308 : missing permission checks in aacraid ioctls
CVE-2006-5753 : memory corruption from misinterpreted bad_inode_ops ret values
CVE-2007-2525 : memory leak when a PPPoE socket is released
CVE-2006-6054 : ext2 denial of service in presence of malformed data structures

BTW, to make it clear to those who are wondering, since some are asking :
there is no vmsplice syscall in 2.4 so the exploit published last week has
no effect there, as it is only relevant to 2.6.18+.

The patch and changelog will appear soon at the following locations:
  ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/
  ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/patch-2.4.36.1.bz2
  ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.1

Git repository:
   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-v2.4.36.y.git
  http://www.kernel.org/pub/scm/linux/kernel/git/stable/linux-v2.4.36.y.git

Git repository through the gitweb interface:
  http://git.kernel.org/?p=linux/kernel/git/stable/linux-v2.4.36.y.git

Regards,
Willy

---

Summary of changes from v2.4.36 to v2.4.36.1
============================================

Willy Tarreau (4):
      Do not complain about gcc 4.2 for user-space
      i386: fix setCx86/getCx86 race in macros
      security: insufficient range checks in certain fault handlers
      Change VERSION to 2.4.36.1

dann frazier (7):
      ext2_readdir() filp->f_pos fix
      avoid semi-infinite loop when mounting bad ext2
      ext2: skip pages past number of blocks in ext2_find_entry
      memory leak when socket is release()d before PPPIOCGCHAN has been called on it
      2.4: fix memory corruption from misinterpreted bad_inode_ops return values
      2.4: [SCSI] aacraid: Fix security hole
      2.4: USB: fix DoS in pwc USB video driver


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2008-02-16 13:42 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-02-16 13:42 Linux 2.4.36.1 Willy Tarreau

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.