Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 12 May 2005 07:52:49 +0400
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com, owl-users@...ts.openwall.com
Cc: lwn@....net
Subject: Linux 2.4.30-ow3

Hi,

Linux 2.4.30-ow3 is out and available at the usual location:

	http://www.openwall.com/linux/

This version adds a fix to the ELF core dump vulnerability (CVE
CAN-2005-1263) discovered by Paul Starzetz:

	http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt

Linux 2.2.x starting with 2.2.21-ow2(*) and 2.0.x kernels are unaffected.

Also included in 2.4.30-ow3 is a fix to an x86-64 DoS vulnerability
from Linux 2.4.31-pre1.

(*) For the curious:
Yes, I believe the iSEC advisory is incorrect in reporting all 2.2.x
kernels as affected.  I have yet to hear from them on whether this is
indeed the case.  I essentially had the bug fixed with 2.2.21-ow2 and
the fix went into 2.2.22.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ