l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2004 Jun 20 09:30

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] Linux Kernel Security (updates to patches)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] Linux Kernel Security (updates to patches)



For those of you who are running with the openwall linux kernel security
patches, a new version was released which adds security against a number
of security holes not patched in the present 2.4.26 series kernel.

(Announcement)
http://marc.theaimsgroup.com/?l=openwall-announce&m=108763826328168

"This update fixes multiple security-related bugs in the Linux kernel
as well as two non-security bugs in the patch itself.

The now corrected Linux kernel issues include:

- Many security-related bugs discovered by Al Viro based on his run
of the Sparse source code checking tool over Linux 2.6.x, with the
fixes later back-ported to 2.4.x (CAN-2004-0495);

- The now widely publicized fsave/frstor local DoS on x86
(CAN-2004-0554);

- A leak of potentially sensitive data from uninitialized kernel
stack locations in the Intel PRO/1000 Gigabit Ethernet driver
(CAN-2004-0535);

- A use of a just-freed data structure in the procfs code, resulting
in undefined behavior should the memory get re-allocated for another
purpose;

- Two security-related IA64-specific bugs: a local DoS (CAN-2004-0477)
and an infoleak (CAN-2004-0565);

- The potential buffer overflow in panic(), even though there's no
known way to trigger it and no known way to exploit it once triggered
due to the nature of panic().
..."

Enjoy!
-ME

_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!