Home » Forums » Linux » Linux kernel

Linux: 2.4.24 Stable Kernel Released

Submitted by midian
on January 5, 2004 - 7:40am

Marcelo Tosatti has released the final 2.4.24 stable Linux kernel unchanged from 2.4.24-rc1. The main reason for the release was a local vulnerability in mremap() syscall, that allows local users to gain root privileges.

It's recommended that all users upgrade their kernel.
The upgraded 2.4.24 kernel release is available from numerous kernel.org mirrors.

For more information on this newly identified vulnerability, please read the announcement. 

From: 	Marcelo Tosatti [email blocked]
To:  	linux-kernel
Subject: 	linux-2.4.24 released
Date: 	Mon, 5 Jan 2004 05:55:57 -0800

final:

- 2.4.24-rc1 was released as 2.4.24 with no changes.


Summary of changes from v2.4.23 to v2.4.24-rc1
============================================

<bjorn.helgaas:[blocked]>:
  o Fix 2.4 EFI RTC oops

<marcelo.tosatti:[blocked]>:
  o Andrea Arcangeli: malicious users of mremap() syscall can gain priviledges

<marcelo:[blocked]>:
  o Harald Welte: Fix ipchains MASQUERADE oops
  o Change EXTRAVERSION to 2.4.24-rc1

<trini:[blocked]>:
  o /dev/rtc can leak parts of kernel memory to unpriviledged users

Jean Tourrilhes:
  o IrDA kernel log buster
Related Links:
‹ Linux Kernel 2.6.0-mm2 Linux: 2.4.25-pre4 Released ›

xfs?

Anonymous
on
January 5, 2004 - 7:59am

Shouldn't 2.4.24 contain xfs?

/me wondering

2.4.24 has xfs

Anonymous
on
January 5, 2004 - 8:16am

It does. The changelog above is for 2.4.24-rc1 to 2.4.24 only.

it does not

Anonymous
on
January 5, 2004 - 8:21am

look on the patch

no it has _not_

Anonymous
on
January 5, 2004 - 8:22am

2.4.24 is a security release - the whole changelog from 2.4.23 to 2.4.24 is above. pre changes that were commited are postponed for 2.4.25-pre. So we'll see xfs and all in 2.4.25.

More details

Anonymous
on
January 5, 2004 - 9:37am

http://isec.pl/vulnerabilities/isec-0013-mremap.txt has more details

2.2 and 2.6?

Anonymous
on
January 5, 2004 - 10:19am

The link you gave says that also 2.2 and 2.6 are affected. Is there more information about this? 2.6 seems to have the same code so I think it is vulvenerable. How about 2.2? It has different code.

The bug is in mm/mremap.c, and this part of the 2.4.24 patch seems to fix it.

2.6 too

Anonymous
on
January 5, 2004 - 12:03pm

Yes, 2.6.0 is vulnerable. A fix just went in and we'll see it soon, probably 2.6.1rc2.

patch

Mind Booster Noori
on
January 5, 2004 - 3:28pm

The patch can be found here.
Linus said that -rc2 will have it.

On lkml discussion goes on how is 2.2 exploitable too, as it seems not...

2.2

Mind Booster Noori
on
January 6, 2004 - 12:37pm

It's prooved now 2.2 is not exploitable.

Openwall?

Anonymous
on
January 5, 2004 - 11:16am

Out of curiosity, does anybody know if the Openwall kernel is also affected by this security vulnerability?

Re: Openwall?

Anonymous
on
January 5, 2004 - 11:39am

Do you know a recent kernel root exploit that did not work on Openwall kernel?

this time marcelo has been faster

Anonymous
on
January 6, 2004 - 1:25am

In his interview Marcelo said that the people of kerneltrap only blame him.

I want to say that this time I really appreciate this new and fast kernel relase to fix this bugs without having to wait too long.

Good!

2.4.24-ck1

Valthonis
on
January 7, 2004 - 4:28pm

For those that care, the 2.4.24-ck1 patchset is available.

http://www.plumlocosoft.com/kernel/

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.