|| ||Willy Tarreau <firstname.lastname@example.org>|
|| ||Linux 126.96.36.199|
|| ||Tue, 22 Aug 2006 21:23:00 +0000|
"Patrick J. Volkerding" <email@example.com>,
Grant Coady <firstname.lastname@example.org>|
Linux 188.8.131.52 is out. It fixes a local privilege escalation in SCTP
(CVE-2006-3745). Also included are a fix for a bad address check in
binfmt_elf (already in 2.6), and a fix for build on some non-sparc
architectures which I broke in 184.108.40.206 when trying to fix the memchr()
export (problem reported by Mikael Pettersson).
If does not contain the UDF fix which went in 220.127.116.11. I will check
whether it applies to 2.4 and will backport it for a future release.
### Important note for users of Slackware 10.2 ###
Grant Coady informed me that 18.104.22.168 did not boot for him. After a long
series of tests from him and Pat Volkerding, it appeared that the problem
is caused by glibc 2.3.6 wrongly detecting kernel version as 4.33.1 and
mistakenly using the NTPL libs instead.
Patrick has fixed the problem and will (has ?) send the fix to the glibc
team. By now people using Slackware 10.2 must upgrade their glibc to
glibc-solibs-2.3.5-i486-6_slack10.2.tgz if they want to run a 2.4.33.x
kernel (user glibc-2.3.6 build -5 for -current). A workaround is either
to rename /lib/tls or to rename the kernel to something different than
4 numbers separated by dots. Since the problem is fixed, I don't intend
to change the numbering.
I dont think that this problem might affect many other distros since those
shipping an NPTL-enabled libc with both 2.4 and 2.6 mainline are rare. If
anyone else encounters the problem, Pat has the fix.
Summary of changes from v22.214.171.124 to v126.96.36.199
binfmt_elf.c : fix checks for bad address
[SCTP] Local privilege elevation - CVE-2006-3745
Revert "export memchr() which is used by smbfs and lp driver."
[SPARC] export memchr() which is used by smbfs and lp driver.
Change VERSION to 188.8.131.52