2009年9月13日

Linux 2.4.37.6

I've just released Linux 2.4.37.6.

This version focuses on various vulnerabilities causing information
leaks to user processes. I would personally call them minor since at
most a few bytes per call or another task's pointer can be can be
collected. Still, those were fixed in 2.6 so it's better to have 2.4
at the same level. Most of them are recent, except the proc/pid/maps
which I missed one year ago and the netlink padding issue which was

fixed 4 years ago.

Most of them have CVE numbers assigned but I forgot to check them
while committing. I don't think users are reading them that much
anyway.

If you don't know whether you need to upgrade, it's simple : if you're
running something older than 2.4.37.5, you're potentially at risk so
you should upgrade anyway. If you have untrusted local users, I would
recommend you to upgrade. Otherwise you can wait for a more sensible
update.

The patch and changelog will appear soon at the following locations:
ftp://ftp.kernel.org/pub/linux/kernel/v2.4/
ftp://ftp.kernel.org/pub/linux/kernel/v2.4/patch-2.4.37.6.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6

Git repository:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.37.y.git
http://www.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.37.y.git

Git repository through the gitweb interface:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git


Willy

--
Summary of changes from v2.4.37.5 to v2.4.37.6
============================================

Eric Dumazet (6):
tc: Fix unitialized kernel memory leak
appletalk: fix atalk_getname() leak
econet: Fix econet_getname() leak
irda: Fix irda_getname() leak
netrom: Fix nr_getname() leak
rose: Fix rose_getname() leak

Jake Edge (1):
proc: avoid information leaks to non-privileged processes

Linus Torvalds (1):
do_sigaltstack: avoid copying 'stack_t' as a structure to user space

Patrick McHardy (3):
[NETLINK]: Missing initializations in dumped data
[NETLINK]: Clear padding in netlink messages
[NETLINK]: Missing padding fields in dumped structures

Willy Tarreau (2):
restrict reading from /proc/<pid>/maps to those who share ->mm or can ptrace pid
Change VERSION to 2.4.37.6

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/


投稿者 xml-rpc : 2009年9月13日 18:59
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/88540
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。