|From:||Solar Designer <solar-AT-openwall.com>|
|To:||announce-AT-lists.openwall.com, owl-users-AT-lists.openwall.com, lwn-AT-lwn.net|
|Subject:||Linux 2.4.25-ow1, 2.2.25-ow2|
|Date:||Sun, 22 Feb 2004 06:44:18 +0300|
Hi, Two Openwall Linux kernel patch updates have been released recently, one is a simple update to Linux 2.4.25, the other is a second revision of the patch for Linux 2.2.25 adding a number of kernel security bug fixes. As some of you are aware, a second local root vulnerability in the mremap(2) system call has been discovered by Paul Starzetz and made public on February 18. This vulnerability affects Linux 2.4.x kernels up to and including 2.4.24 (but not 2.4.25) and Linux 2.2.x kernels up to and including 2.2.25. Luckily, Linux 2.4.23-ow2 and 2.4.24-ow1 are not affected as these patches already included a kernel bug fix which was later determined to be security-critical and needed to avoid this second mremap(2) system call vulnerability. In fact, it's the exact same fix which went into Linux 2.4.25. Thus, upgrading of existing Linux 2.4.23-ow2 and 2.4.24-ow1 installs to 2.4.25-ow1 is not strictly required for most users, although the use of 2.4.25-ow1 is recommended over older versions for new installs. We didn't have as much luck with Linux 2.2.x this time, and Linux 2.2.25-ow2 actually includes a workaround for this new mremap(2) vulnerability. It also includes the /dev/rtc information leak fix and other minor fixes. Upgrading of existing Linux 2.2.x installs is strongly recommended. As usual, the patches are available from: http://www.openwall.com/linux/ -- Alexander Peslyak <firstname.lastname@example.org> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments
Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds