I've just released Linux 2.4.35.3. This version fixes CVE-2007-4573 which may lead to local privilege escalation on x86_64.
It also fixes another problem reported by Gilles Espinasse: If the ATM module is loaded with CLIP support but the CLIP module is not loaded yet, any user reading /proc/net/atm/arp would cause a kernel panic to occur. Both x86_64 and ATM users are encouraged to upgrade. Note that USB DSL modems often use ATM. The patch and changelog will appear soon at the following locations: ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/ ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/patch-2.4.35.3.bz2 ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35.3 Git repository: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-v2.4.35.y.git http://www.kernel.org/pub/scm/linux/kernel/git/stable/linux-v2.4.35.y.git Git repository through the gitweb interface: http://git.kernel.org/?p=linux/kernel/git/stable/linux-v2.4.35.y.git Willy ------- Summary of changes from v2.4.35.2 to v2.4.35.3 ============================================ Andi Kleen (1): x86_64: Make sure to validate all 64bits of ptrace information Stephen Hemminger (1): Bridge STP timer fixes Willy Tarreau (2): ATM: avoid kernel panic upon access to /proc/net/atm/arp Change VERSION to 2.4.35.3 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
