LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Kernel page

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Linux 2.4.30-ow3

From:  Solar Designer <solar@openwall.com>
To:  announce@lists.openwall.com, owl-users@lists.openwall.com
Subject:  Linux 2.4.30-ow3
Date:  Thu, 12 May 2005 07:52:49 +0400
Cc:  lwn@lwn.net

Hi,

Linux 2.4.30-ow3 is out and available at the usual location:

	http://www.openwall.com/linux/

This version adds a fix to the ELF core dump vulnerability (CVE
CAN-2005-1263) discovered by Paul Starzetz:

	http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt

Linux 2.2.x starting with 2.2.21-ow2(*) and 2.0.x kernels are unaffected.

Also included in 2.4.30-ow3 is a fix to an x86-64 DoS vulnerability
from Linux 2.4.31-pre1.

(*) For the curious:
Yes, I believe the iSEC advisory is incorrect in reporting all 2.2.x
kernels as affected.  I have yet to hear from them on whether this is
indeed the case.  I essentially had the bug fixed with 2.2.21-ow2 and
the fix went into 2.2.22.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds