Wed Apr 30 20:36:48 CDT 2008
12.1 RC4. We think this should be the last one.
a/kernel-generic-18.104.22.168-i486-2.tgz: Patched to fix a security issue in fs/dnotify.c. The use of dnotify (largely replaced by inotify on 2.6.x systems) could lead to a local DoS, or possibly a local root hole. We said we wouldn't make changes now unless something was "critical" -- and it seems we got what we wished for. ;-) This flaw will also be addressed in the kernels for previous releases as soon as possible. The patch itself may be found in source/k/linux-22.214.171.124-CVE-2008-1375-patch/.
For additional information (when the CVE candidate is opened), see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375
All the kernel packages below should also be considered security fixes.
(* Security fix *)
a/kernel-generic-smp-126.96.36.199_smp-i686-2.tgz: Patched and recompiled.
a/kernel-huge-188.8.131.52-i486-2.tgz: Patched and recompiled.
a/kernel-huge-smp-184.108.40.206_smp-i686-2.tgz: Patched and recompiled.
a/kernel-modules-220.127.116.11-i486-2.tgz: Patched and recompiled.
a/kernel-modules-smp-18.104.22.168_smp-i686-2.tgz: Patched and recompiled.
d/kernel-headers-22.214.171.124_smp-x86-2.tgz: Rebuilt from a patched source tree.
k/kernel-source-126.96.36.199_smp-noarch-2.tgz: Patched (leaving dnotify.c.orig for comparison and/or reverting to patch up to a newer kernel later).
extra/linux-188.8.131.52-nosmp-sdk/: Updated SMP to no-SMP kernel source patch.
extra/slackpkg/slackpkg-2.70.3-noarch-1.tgz: Upgraded to slackpkg-2.70.3-noarch-1 (release ready). Thanks to Piter Punk! -:)
kernels/huge.s/*: Patched and recompiled.
kernels/hugesmp.s/*: Patched and recompiled.
kernels/speakup.s/*: Patched and recompiled.
isolinux/initrd.img: Rebuilt with newly compiled kernel modules.
usb-and-pxe-installers/: Rebuilt usbboot.img with newly compiled kernel modules.
Thursday, May 1, 2008
Only two changes here on RC 4, which are kernel patches to fix security issue in fs/dnotify.c and also slackpkg updates from Piter Punk. PV thinks this should be the last one, so we are hoping Slackware 12.1 should be released this month