=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN161
_____________________________________________________________________

DATE                      : 07/05/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Linux running kernel versions 2.4.x.

======================================================================
http://www.ussg.iu.edu/hypermail/linux/kernel/0805.0/3127.html
______________________________________________________________________

I've just released Linux 2.4.36.4.

This release fixes two local security issues discovered by
Al Viro who also provided these patches :
CVE-2008-1669: Fix SMP ordering hole in fcntl_setlk()
CVE-2008-1375: Fix dnotify/close race

Note that during the process, he noticed that an earlier fix
related to 1669 was already missing, so all users of 2.4 are
really encouraged to upgrade, or at least to apply those
patches to their own tree.

The patch and changelog will appear soon at the following locations:
ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/
ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/patch-2.4.36.4.bz2
ftp://ftp.all.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4

Git repository:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-v2.4.36.y.git
http://www.kernel.org/pub/scm/linux/kernel/git/stable/linux-v2.4.36.y.git

Git repository through the gitweb interface:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-v2.4.36.y.git

Regards,
Willy
----

Summary of changes from v2.4.36.3 to v2.4.36.4
============================================

Al Viro (1):
Fix SMP ordering hole in fcntl_setlk() (CVE-2008-1669)

Willy Tarreau (2):
Fix dnotify/close race (CVE-2008-1375)
Change VERSION to 2.4.36.4

--

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================