From: Willy Tarreau <wtarreau@hera.kernel.org>
To: linux-kernel@vger.kernel.org
Subject: Linux 2.4.37.6
Date: Sun, 13 Sep 2009 09:59:28 +0000 [thread overview]
Message-ID: <20090913095928.GA23158@hera.kernel.org> (raw)
I've just released Linux 2.4.37.6.
This version focuses on various vulnerabilities causing information
leaks to user processes. I would personally call them minor since at
most a few bytes per call or another task's pointer can be can be
collected. Still, those were fixed in 2.6 so it's better to have 2.4
at the same level. Most of them are recent, except the proc/pid/maps
which I missed one year ago and the netlink padding issue which was
fixed 4 years ago.
Most of them have CVE numbers assigned but I forgot to check them
while committing. I don't think users are reading them that much
anyway.
If you don't know whether you need to upgrade, it's simple : if you're
running something older than 2.4.37.5, you're potentially at risk so
you should upgrade anyway. If you have untrusted local users, I would
recommend you to upgrade. Otherwise you can wait for a more sensible
update.
The patch and changelog will appear soon at the following locations:
ftp://ftp.kernel.org/pub/linux/kernel/v2.4/
ftp://ftp.kernel.org/pub/linux/kernel/v2.4/patch-2.4.37.6.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6
Git repository:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.37.y.git
http://www.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.37.y.git
Git repository through the gitweb interface:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git
Willy
--
Summary of changes from v2.4.37.5 to v2.4.37.6
============================================
Eric Dumazet (6):
tc: Fix unitialized kernel memory leak
appletalk: fix atalk_getname() leak
econet: Fix econet_getname() leak
irda: Fix irda_getname() leak
netrom: Fix nr_getname() leak
rose: Fix rose_getname() leak
Jake Edge (1):
proc: avoid information leaks to non-privileged processes
Linus Torvalds (1):
do_sigaltstack: avoid copying 'stack_t' as a structure to user space
Patrick McHardy (3):
[NETLINK]: Missing initializations in dumped data
[NETLINK]: Clear padding in netlink messages
[NETLINK]: Missing padding fields in dumped structures
Willy Tarreau (2):
restrict reading from /proc/<pid>/maps to those who share ->mm or can ptrace pid
Change VERSION to 2.4.37.6
reply other threads:[~2009-09-13 9:59 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090913095928.GA23158@hera.kernel.org \
--to=wtarreau@hera.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=w@1wt.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox