Date: Sat, 19 Jun 2004 13:37:07 +0400 From: Solar Designer <solar@...nwall.com> To: announce@...ts.openwall.com, owl-users@...ts.openwall.com Cc: lwn@....net Subject: Linux 2.4.26-ow2 Hi, Linux 2.4.26-ow2 is out: http://www.openwall.com/linux/ This update fixes multiple security-related bugs in the Linux kernel as well as two non-security bugs in the patch itself. The now corrected Linux kernel issues include: - Many security-related bugs discovered by Al Viro based on his run of the Sparse source code checking tool over Linux 2.6.x, with the fixes later back-ported to 2.4.x (CAN-2004-0495); - The now widely publicized fsave/frstor local DoS on x86 (CAN-2004-0554); - A leak of potentially sensitive data from uninitialized kernel stack locations in the Intel PRO/1000 Gigabit Ethernet driver (CAN-2004-0535); - A use of a just-freed data structure in the procfs code, resulting in undefined behavior should the memory get re-allocated for another purpose; - Two security-related IA64-specific bugs: a local DoS (CAN-2004-0477) and an infoleak (CAN-2004-0565); - The potential buffer overflow in panic(), even though there's no known way to trigger it and no known way to exploit it once triggered due to the nature of panic(). Now, to other changes applied to code added with -ow patches: Sergey Vlasov discovered that the non-executable stack feature with -ow patches for Linux 2.2.x and 2.4.x (but not 2.0.x) broke support for realtime signals when signal handlers were being installed by means other than the appropriate glibc functions. As Linux applications which do not use or which bypass glibc functions are rare, this problem went unnoticed for this long. Sergey determined that the problem was related to an incorrect fixup of the stack pointer value for the case of realtime signals (the non-realtime signals worked OK, even without glibc). This has now been corrected. Additionally, Sergey discovered that the GCC trampoline emulation code in -ow patches for Linux 2.2.x and 2.4.x (but again not 2.0.x) handled x86 instructions with certain addressing modes incorrectly, and he provided a patch which is now included with minor changes. These two fixes permit for Valgrind to run on Linux 2.4.26-ow2 without having to resort to doing a "chstk -e". Finally, Michael Tokarev has explained the need for a behavior change wrt the retried attempts to mount a root filesystem which -ow patches for Linux 2.4.x started to do some months ago in order to support booting off USB CD-ROMs. Per Michael's request, the kernel will now do a maximum of 10 retries (waiting for 1 second before each), falling back to the usual kernel panic should all 10 retries fail. This permits for unattended reboots into an untested configuration where the root filesystem might not mount and the system needs to return to its previous kernel image automagically. Please refer to Michael's description of this approach in his owl-users posting: http://marc.theaimsgroup.com/?l=owl-users&m=108739533920021 -- Alexander Peslyak <solar@...nwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.