what about 2.4.24 upgrade?

Brian Connolly linus at literatigroup.com
Tue Jan 6 02:49:59 UTC 2004 

On Mon, 2004-01-05 at 18:56, Alexander Dalloz wrote:
> Am Di, den 06.01.2004 schrieb Brian Connolly um 01:09:
> > http://rss.com.com/2100-1002_3-5135129.html?part=rss&tag=feed&subj=news
> 
> A bug fix kernel for Fedora Core 1 is just out: kernel-2.4.22-1.2138
> 
> Alexander

Security flaws force Linux kernel upgrade

Last modified: January 5, 2004, 11:34 AM PST

By Robert Lemos
Staff Writer, CNET News.com

Open-source developers released a new version of the Linux kernel Monday
in a move aimed at quickly fixing several bugs--among them two serious
security flaws.

The 2.4.24 upgrade to the Linux kernel comes a month after the release
of the previous version of the core system software and only includes
patches for six software issues, including the two flaws. 

The release is intended to prompt users to upgrade quickly, said Marcelo
Tosatti, the maintainer of the 2.4 kernel series and a Linux developer
for data center management company Cyclades. 

"These security issues need to be fixed as soon as possible," Tosatti
told CNET News.com in an interview Monday. As maintainer, Tosatti
decides what changes can be made to the kernel and when to release new
versions of the core system software for Linux. 

The most serious flaw, which occurs in a function used by virtual
memory, resembles a vulnerability fixed in late November that had been
exploited by unknown attackers to control several key Linux servers
open-source developers use. Both flaws allow an intruder to increase the
privileges of a normal user account to the same level as the system's
owner. 

Tosatti said that once it became clear that the latest flaw could be
used to circumvent security on Linux systems, he and other developers
decided to immediately release the fixes. The move follows decisions by
the kernel developers to curtail new features in the 2.4 kernel series
in order to get developers and users to move to the next generation of
core Linux software, the 2.6 kernel. The final set of features that had
been intended for this release of the kernel have been postponed until
the next version, he said. 

"It is good that I have the ability--because this is open source--to
release the code so quickly," Tosatti said. 

The second security flaw results in a device driver problem that could
allow an intruder to read some memory the kernel uses.

More information about the fedora-list mailing list