[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sheflug] Kernel 2.2.20 question

To: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Subject: [Sheflug] Kernel 2.2.20 question
From: Barrie Bremner <xxxxx [at] xxxxxxxxxxxxxxxxx>
Date: Sun, 4 Nov 2001 20:40:46 +0000
Envelope-To: <shef-lug [at] list.sheflug.org.uk>
List-Help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-Id: Sheflug <shef-lug.list.sheflug.org.uk>
List-Post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-Subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-Unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Reply-To: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Sender: shef-lug-admin [at] xxxxxxxxxxxxxxxxxxx

>>>>> "Chris" == Chris J <Chris> writes:

    Chris> Seeing as 2.2.20's been released, and Alan's not released
    Chris> the changelog yet, does anyone know if it fixes the
    Chris> deep-symlink and ptrace(3) vunerabilities of a few weeks
    Chris> back? If it does, I'll upgrade a remote box. If not, I'll
    Chris> leave 2.2.19 on :)

    Chris> Whether Alan does release the changelog or not I don't
    Chris> know, after all the talk in the linux-kernel list regarding
    Chris> the DMCA, etc.

    Chris> I would upgrade normally, but as the 2.2 box is a an hour
    Chris> and a bit down the M1, if an upgrade goes wrong I'd rather
    Chris> not have to drive down and fix things up. Not that it's
    Chris> difficult, it's more the hassle :) Thus I only want to
    Chris> upgrade when essential.

    Chris> I seem to recall the problem was fixed, but if anyone has a
    Chris> pointer or can confirm that, can ye let me know, ta.

This is probably about as informative as The Sun, but....

Cutting from Alan Cox's message to LKML:

A proper 2.2.20 summary as opposed to the changelog will follow probably
Monday.

2.2.20 final
o	Final fixes for the computone driver		(Michael Warfield)

2.2.20pre12
o	Update davicom driver to fix oopses		(Sten Wang)
o	Updated PC300 driver - fix SCA-II DMA bugs	
					(Daniela  P. R. Magri Squassoni)
o	Make syn cookies per socket			(Andi Kleen)
o	Computone driver fixes for fast PC's		(Michael Warfield)
	| Follow on devfs patches didnt apply so dropped
o	DAC960 update					(Leonard Zubkoff)

2.2.20pre11
o	Security fixes
	| Details censored in accordance with the US DMCA
[...more pre11 updates...]


And a post of questionable accuracy (*cough*slashdot*cough*, although
also posted on LKML, IIRC):

 2.2.20pre11
o Security fixes

- Quota buffer overrun , possibly locally exploitable (Solar Designer)
- Ptrace race - local root exploit
- Symlink local denial of service attack fix (Rafal Wojtczuk, Solar Designer, Linus Torvalds)
- Sparc exec fixups(Solar Designer) 

Cheers.

Baz.

-- 
Barrie J. Bremner		OpenPGP public key ID: 5164F553
baz [at] barriebremner.com	http://barriebremner.com/


___________________________________________________________________

Sheffield Linux User's Group - http://www.sheflug.co.uk . 
To unsubscribe from this list send mail to 
shef-lug-request@list.sheflug.org.uk with the word
"unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] Kernel 2.2.20 question
  - From: Chris J/#6

References:
- [Sheflug] Kernel 2.2.20 question
  - From: Chris J/#6

Prev by Date: [Sheflug] Kernel 2.2.20 question
Next by Date: [Sheflug] PDF
Prev by thread: [Sheflug] Kernel 2.2.20 question
Next by thread: Re: [Sheflug] Kernel 2.2.20 question
Index(es):
- Date
- Thread