Linux 2.4.37.6

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* Linux 2.4.37.6
@ 2009-09-13  9:59 Willy Tarreau
  0 siblings, 0 replies; only message in thread
From: Willy Tarreau @ 2009-09-13  9:59 UTC (permalink / raw)
  To: linux-kernel

I've just released Linux 2.4.37.6.

This version focuses on various vulnerabilities causing information
leaks to user processes. I would personally call them minor since at
most a few bytes per call or another task's pointer can be can be
collected. Still, those were fixed in 2.6 so it's better to have 2.4
at the same level. Most of them are recent, except the proc/pid/maps
which I missed one year ago and the netlink padding issue which was
fixed 4 years ago.

Most of them have CVE numbers assigned but I forgot to check them
while committing. I don't think users are reading them that much
anyway.

If you don't know whether you need to upgrade, it's simple : if you're
running something older than 2.4.37.5, you're potentially at risk so
you should upgrade anyway. If you have untrusted local users, I would
recommend you to upgrade. Otherwise you can wait for a more sensible
update.

The patch and changelog will appear soon at the following locations:
  ftp://ftp.kernel.org/pub/linux/kernel/v2.4/
  ftp://ftp.kernel.org/pub/linux/kernel/v2.4/patch-2.4.37.6.bz2
  ftp://ftp.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6

Git repository:
   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.37.y.git
  http://www.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.37.y.git

Git repository through the gitweb interface:
  http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git

Willy

--
Summary of changes from v2.4.37.5 to v2.4.37.6
============================================

Eric Dumazet (6):
      tc: Fix unitialized kernel memory leak
      appletalk: fix atalk_getname() leak
      econet: Fix econet_getname() leak
      irda: Fix irda_getname() leak
      netrom: Fix nr_getname() leak
      rose: Fix rose_getname() leak

Jake Edge (1):
      proc: avoid information leaks to non-privileged processes

Linus Torvalds (1):
      do_sigaltstack: avoid copying 'stack_t' as a structure to user space

Patrick McHardy (3):
      [NETLINK]: Missing initializations in dumped data
      [NETLINK]: Clear padding in netlink messages
      [NETLINK]: Missing padding fields in dumped structures

Willy Tarreau (2):
      restrict reading from /proc/<pid>/maps to those who share ->mm or can ptrace pid
      Change VERSION to 2.4.37.6

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2009-09-13  9:59 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-09-13  9:59 Linux 2.4.37.6 Willy Tarreau

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox