Willy Tarreau, the new maintainer of the Linux 2.4 kernel [story], released the 2.4.33.1 kernel. This is a security fix release for the 2.4.33 kernel. This is the first time a 2.4-series kernel is being released with 4 version fields. The fourth version field, introduced in the 2.6 kernel series, has now also been implemented for the 2.4 kernel.

About this release, Willy says

"As there were a few security fixes pending and 2.4.34-pre1 has not received enough validation, I've released 2.4.33.1 with the most important fixes. All those fixes are already in 2.4.34-pre1.

"Particularly important ones are :
- CVE-2006-1528 : local DoS via direct I/O from the sg driver to mmapped I/O space fix from Dann Frazier
- CVE-2006-4093 : possible local DoS on some PPC970.
fix from Olof Johansson"

List:       linux-kernel
Subject:    Linux 2.4.33.1
From:       Willy Tarreau [email blocked]
Date:       2006-08-19 14:13:55


Hi !

As there were a few security fixes pending and 2.4.34-pre1 has not
received enough validation, I've released 2.4.33.1 with the most
important fixes. All those fixes are already in 2.4.34-pre1.

Particularly important ones are :
 - CVE-2006-1528 : local DoS via direct I/O from the sg driver to mmapped I/O space
   fix from Dann Frazier
 - CVE-2006-4093 : possible local DoS on some PPC970.
   fix from Olof Johansson

Hotfix patches for older versions should follow within a short time.

Regards,
Willy

Summary of changes from v2.4.33 to v2.4.33.1
============================================

dann frazier:
      drivers/scsi/sg.c : fix CVE-2006-1528

Jeff Layton:
      2.4 NFS client - update d_cache when server reports ENOENT on an NFS remove

Willy Tarreau:
      [BLKMTD] : missing offset sometimes causes panics
      [PKTGEN] : fix an oops when used with bonding driver (Tien ChenLi)
      export memchr() which is used by smbfs and lp driver.
      powerpc: Clear HID0 attention enable on PPC970 at boot time
      Change VERSION to 2.4.33.1

• Archive of above thread
• Linux: New v2.4 Kernel Maintainer