|| ||Solar Designer <firstname.lastname@example.org>|
|| ||email@example.com, firstname.lastname@example.org|
|| ||Linux 2.4.30-ow3|
|| ||Thu, 12 May 2005 07:52:49 +0400|
Linux 2.4.30-ow3 is out and available at the usual location:
This version adds a fix to the ELF core dump vulnerability (CVE
CAN-2005-1263) discovered by Paul Starzetz:
Linux 2.2.x starting with 2.2.21-ow2(*) and 2.0.x kernels are unaffected.
Also included in 2.4.30-ow3 is a fix to an x86-64 DoS vulnerability
from Linux 2.4.31-pre1.
(*) For the curious:
Yes, I believe the iSEC advisory is incorrect in reporting all 2.2.x
kernels as affected. I have yet to hear from them on whether this is
indeed the case. I essentially had the bug fixed with 2.2.21-ow2 and
the fix went into 2.2.22.
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments