[ale] Linux 2.2.16 (fwd)

[Chris Ricker]

For those of you who've somehow missed this ;-)

later,
chris

-- 
Chris Ricker                                               kaboom at gatech.edu
                                              chris.ricker at genetics.utah.edu

---------- Forwarded message ----------
Date: Wed, 7 Jun 2000 22:46:33 +0100 (BST)
From: Alan Cox <alan at lxorguk.ukuu.org.uk>
To: ale at ale.org
Subject: Linux 2.2.16

Linux 2.2.16 security release

The following security problems are fixed by this release

o	Setuid applications. even when correctly checking for failures of
	setuid() calls could fail to drop priviledges if the invoker had
	made certain adjustments to the capability sets

o	Opening a socket and issuing multiple connects on it could be used
	to hang the box

o	Readv/writev might misbehave on some very large inputs

o	Potentially remote exploitable hole in the sunrpc code 

o	User causable oopses in Appletalk and Socket code

o	Obscure exploitable bugs in the Sparc kernel

The full list of enhancements and other bug fixes will follow later.

Recommendations:

You should consider updating your 2.2 kernel to 2.2.16 if

o	You have untrusted users on your system
o	You have publically accessible kernel sunrpc services

Other major bug fixes include

o	The tcp retransmit crash on very high load
o	Poor VM performance under some load patterns
o	Fix for 3com 3c590 8K card stalls

Alan

Please read the FAQ at http://www.tux.org/lkml/

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.