|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[owl-users] Linux 2.4.28-ow1 is out
From: Solar Designer (solar
openwall.com)
Date: Mon Nov 22 2004 - 22:42:15 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
I've released Linux 2.4.28-ow1 a few days ago. (Apologies for the
delayed announcement.)
Linux 2.4.28, and thus 2.4.28-ow1, fixes a number of security-related
bugs, including the ELF loader vulnerabilities discovered by Paul
Starzetz (confirmed: ability for users to read +s-r binaries;
potential: local root), a race condition with reads from Unix domain
sockets (potential local root), smbfs support vulnerabilities
discovered by Stefan Esser (confirmed: remote DoS by a malicious smbfs
server; potential: remote root by a malicious smbfs server). More
information on these vulnerabilities can be found here:
http://isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt
http://marc.theaimsgroup.com/?l=bugtraq&m=110091183206580
http://security.e-matters.de/advisories/142004.html
The updated patch is available at:
http://www.openwall.com/linux/
Owl-current and Owl 1.1-stable have been updated to include Linux
2.4.28-ow1 as the recommended kernel.
--
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQFBor+mc8OikLNdNZgRAmz2AJ0aLI+ZsxU3dcHgKflsYEcNrOu+EACcCFZl
isJjXQQYQopbC5UAAzPUCUQ=
=kXlQ
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]