Date: Thu, 12 May 2005 07:52:49 +0400 From: Solar Designer <solar@...nwall.com> To: announce@...ts.openwall.com, owl-users@...ts.openwall.com Cc: lwn@....net Subject: Linux 2.4.30-ow3 Hi, Linux 2.4.30-ow3 is out and available at the usual location: http://www.openwall.com/linux/ This version adds a fix to the ELF core dump vulnerability (CVE CAN-2005-1263) discovered by Paul Starzetz: http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt Linux 2.2.x starting with 2.2.21-ow2(*) and 2.0.x kernels are unaffected. Also included in 2.4.30-ow3 is a fix to an x86-64 DoS vulnerability from Linux 2.4.31-pre1. (*) For the curious: Yes, I believe the iSEC advisory is incorrect in reporting all 2.2.x kernels as affected. I have yet to hear from them on whether this is indeed the case. I essentially had the bug fixed with 2.2.21-ow2 and the fix went into 2.2.22. -- Alexander Peslyak <solar at openwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.