Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Willy Tarreau <willy <at> w.ods.org>
Subject: Re: Linux-2.4.31-hf6
Newsgroups: gmane.linux.kernel
Date: Monday 26th September 2005 16:51:43 UTC (over 11 years ago)
- resent because it was empty the first time. strange... -

Hi all,

this is the sixth hotfix for kernel 2.4.31. Patches for 2.4.29 and 2.4.30
are also provided. This time, there were several security issues, one
possible panic fixed on ia64, and several possible DoS in 32 bits emulation
on 64 bits machines. The complete changelog is appended to this message.

To make it simple: ia64, x86_64, sparc64 and ppc64 users should upgrade.

This patch will bring your kernel to the same fix level as 2.4.32-rc1. I
was
a bit late on this one. This is because I have completely reworked the
patch
build system. Now when you'll download the split patches for 2.4.31-hf6,
you'll in fact be able to rebuild 2.4.29-hf16, 2.4.30-hf9 and 2.4.31-hf6.
Split patches are only provided as the last version from which all others
can be rebuilt. This will allow me to release really faster with fewer
risks of errors, while still providing you with all the required files
to rebuild any version. Maybe I should reference the root version in the
files names for older versions ? I have no opinion on this yet, time will
tell.

A "LATEST" symlink will automatically be inserted in the kernel directories
which will be available on the web site, although hidden. This way, you can
automate scripts to always download "2.4-hf/LATEST/LATEST/*". I've also
been requested to add an RSS feed so that some of you can be informed about
new releases. One of my coworkers, Julien Perrot, wrote a script for this
which updates a file every 30 min (see link below).

Grant, I hope nothing will break in your automatic build process. If you
get into trouble, please tell me.

As usual, everything is available for download there :

    hotfixes home : http://linux.exosec.net/kernel/2.4-hf/
     last version : http://linux.exosec.net/kernel/2.4-hf/LATEST/LATEST/
         RSS feed : http://linux.exosec.net/kernel/hf.xml
    build results : http://bugsplatter.mine.nu/test/linux-2.4/
(Grant's site)

I've built 2.4.31-hf6 with all modules, but not run it.

Regards,
Willy


Changelog from 2.4.31-hf5 to 2.4.31-hf6
---------------------------------------
'+' = added ; '-' = removed

+ 2.4.31-fix-can-2005-0204-1                         (Suresh Siddha /
Horms)

  [CAN-2005-0204]: AMD64, allows local users to write to privileged
  IO ports via OUTS instruction. Added definition of IO_BITMAP_BYTES.

+ 2.4.31-routing_ioctl-lost-sockfd_put-1                   (Kirill
Korotaev)

  This patch adds lost sockfd_put() in 32bit compat rounting_ioctl() on
  64bit platforms. I believe this is a security issues, since user can
  fget() file as many times as he wants to. The oops can be done under
  files_lock and others, so this can be an exploitable DoS on SMP.
  Didn't checked it on practice actually.

+ 2.4.31-x86_64-lost-fput-32bit-ioctl-1                    (Kirill
Korotaev)

  This patch adds lost fput in 32bit tiocgdev ioctl on x86-64. I believe
  this is a security issues, since user can fget() file as many times as
  he wants to. The oops can be done under files_lock and others, so this
  is really exploitable DoS on SMP. Didn't checked it on practice actually.

+ 2.4.31-ia64-page_no_present-fault-1                         (Kiyoshi
Ueda)

  [PATCH] IA64: page_not_present fault in region 5 is normal
  Without this patch, exception handler can be unexpectedly invoked
  for page-not-present fault in region 5 and cause panic etc.

+ 2.4.31-nfs-client-long-symlinks-1                       (Assar
Westerlund)

  [PATCH] nfs client: handle long symlinks properly.
  In 2.4.31, the v2/3 nfs readlink accepts too long symlinks.
  I have tested this by having a server return long symlinks.

-- END --
 
CD: 3ms