Linux 2.4.37.6

From: Willy Tarreau
Date: Sun Sep 13 2009 - 06:01:24 EST


I've just released Linux 2.4.37.6.

This version focuses on various vulnerabilities causing information
leaks to user processes. I would personally call them minor since at
most a few bytes per call or another task's pointer can be can be
collected. Still, those were fixed in 2.6 so it's better to have 2.4
at the same level. Most of them are recent, except the proc/pid/maps
which I missed one year ago and the netlink padding issue which was
fixed 4 years ago.

Most of them have CVE numbers assigned but I forgot to check them
while committing. I don't think users are reading them that much
anyway.

If you don't know whether you need to upgrade, it's simple : if you're
running something older than 2.4.37.5, you're potentially at risk so
you should upgrade anyway. If you have untrusted local users, I would
recommend you to upgrade. Otherwise you can wait for a more sensible
update.

The patch and changelog will appear soon at the following locations:
ftp://ftp.kernel.org/pub/linux/kernel/v2.4/
ftp://ftp.kernel.org/pub/linux/kernel/v2.4/patch-2.4.37.6.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6

Git repository:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.37.y.git
http://www.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.4.37.y.git

Git repository through the gitweb interface:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git


Willy

--
Summary of changes from v2.4.37.5 to v2.4.37.6
============================================

Eric Dumazet (6):
tc: Fix unitialized kernel memory leak
appletalk: fix atalk_getname() leak
econet: Fix econet_getname() leak
irda: Fix irda_getname() leak
netrom: Fix nr_getname() leak
rose: Fix rose_getname() leak

Jake Edge (1):
proc: avoid information leaks to non-privileged processes

Linus Torvalds (1):
do_sigaltstack: avoid copying 'stack_t' as a structure to user space

Patrick McHardy (3):
[NETLINK]: Missing initializations in dumped data
[NETLINK]: Clear padding in netlink messages
[NETLINK]: Missing padding fields in dumped structures

Willy Tarreau (2):
restrict reading from /proc/<pid>/maps to those who share ->mm or can ptrace pid
Change VERSION to 2.4.37.6

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/