Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 22 Feb 2004 06:44:18 +0300
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com, owl-users@...ts.openwall.com,
	lwn@....net
Subject: Linux 2.4.25-ow1, 2.2.25-ow2

Hi,

Two Openwall Linux kernel patch updates have been released recently,
one is a simple update to Linux 2.4.25, the other is a second revision
of the patch for Linux 2.2.25 adding a number of kernel security bug
fixes.

As some of you are aware, a second local root vulnerability in the
mremap(2) system call has been discovered by Paul Starzetz and made
public on February 18.  This vulnerability affects Linux 2.4.x
kernels up to and including 2.4.24 (but not 2.4.25) and Linux 2.2.x
kernels up to and including 2.2.25.

Luckily, Linux 2.4.23-ow2 and 2.4.24-ow1 are not affected as these
patches already included a kernel bug fix which was later determined
to be security-critical and needed to avoid this second mremap(2)
system call vulnerability.  In fact, it's the exact same fix which
went into Linux 2.4.25.

Thus, upgrading of existing Linux 2.4.23-ow2 and 2.4.24-ow1 installs
to 2.4.25-ow1 is not strictly required for most users, although the
use of 2.4.25-ow1 is recommended over older versions for new installs.

We didn't have as much luck with Linux 2.2.x this time, and Linux
2.2.25-ow2 actually includes a workaround for this new mremap(2)
vulnerability.  It also includes the /dev/rtc information leak fix and
other minor fixes.  Upgrading of existing Linux 2.2.x installs is
strongly recommended.

As usual, the patches are available from:

	http://www.openwall.com/linux/

-- 
Alexander Peslyak <solar@...nwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ