r4149 - dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian
Simon Horman
horms at costa.debian.org
Fri Sep 9 02:56:06 UTC 2005
Author: horms
Date: 2005-09-09 02:56:05 +0000 (Fri, 09 Sep 2005)
New Revision: 4149
Modified:
dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
Log:
fix security annotations
Modified: dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-09-09 02:55:55 UTC (rev 4148)
+++ dists/sarge/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-09-09 02:56:05 UTC (rev 4149)
@@ -2,7 +2,7 @@
[ Dann Frazier ]
* mckinley_icache.dpatch:
- [Security] Fix a cache coherency bug unearthed by a new ia64 processor,
+ [SECURITY] Fix a cache coherency bug unearthed by a new ia64 processor,
codenamed Montecito. This bug causes data corruption that has manifested
itself in kernel hangs and userspace crashes, and causes d-i to fail.
Reference: http://www.intel.com/cd/ids/developer/asmo-na/eng/215766.htm
@@ -16,24 +16,24 @@
(closes: #311357)
* arch-x86_64-kernel-ptrace-boundary-check.dpatch
- [Security, x86_64] Don't allow accesses below register frame in ptrace
+ [SECURITY, x86_64] Don't allow accesses below register frame in ptrace
See CAN-2005-1763.
* arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch
- [Security, x86_64] This works around an AMD Erratum by
+ [SECURITY, x86_64] This works around an AMD Erratum by
checking if the ptrace RIP is canonical.
See CAN-2005-1762
* arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch
- [Security, x86_64] Fix canonical checking for segment registers in ptrace
+ [SECURITY, x86_64] Fix canonical checking for segment registers in ptrace
See CAN-2005-0756
* arch-x86_64-kernel-smp-boot-race.dpatch
- [Security, x86_64] Keep interrupts disabled during smp bootup
+ [SECURITY, x86_64] Keep interrupts disabled during smp bootup
This avoids a race that breaks SMP bootup on some machines.
* arch-x86_64-mm-ioremap-page-lookup.dpatch
- [Security, x86_64] Don't look up struct page pointer of physical address
+ [SECURITY, x86_64] Don't look up struct page pointer of physical address
in iounmap as it may be in a memory hole not mapped in mem_map and that
causes the hash lookup to go off to nirvana.
@@ -41,17 +41,17 @@
Allow Leadtek WinFast VC100 XP cards to work.
* fs-exec-ptrace-core-exec-race.dpatch
- [Security] Fix race between core dumping and exec with shared mm
+ [SECURITY] Fix race between core dumping and exec with shared mm
* fs-exec-ptrace-deadlock.dpatch
- [Security] Fix coredump_wait deadlock with ptracer & tracee on shared mm
+ [SECURITY] Fix coredump_wait deadlock with ptracer & tracee on shared mm
* fs-exec-posix-timers-leak-1.dpatch,
- [Security] fs-exec-posix-timers-leak-2.dpatch
+ [SECURITY] fs-exec-posix-timers-leak-2.dpatch
Make exec clean up posix timers.
* fs-hfs-oops-and-leak.dpatch
- [Security] Fix a leak in HFS and HFS+
+ [SECURITY] Fix a leak in HFS and HFS+
Fix an oops that occurs when an attempt is made to
mount a non-hfs filesystem as HFS+.
N.B: Marked as security as users may have mount privelages.
@@ -62,7 +62,7 @@
lists if we don't retry after writing something to disk.
* mm-mmap-range-test.dpatch
- [Security] Make sure get_unmapped_area sanity tests are done regardless of
+ [SECURITY] Make sure get_unmapped_area sanity tests are done regardless of
wheater MAP_FIXED is set or not.
See CAN-2005-1265
@@ -70,7 +70,7 @@
Stop try_to_unmap_cluster() passing out-of-bounds pte to pte_unmap()
* net-bridge-netfilter-etables-smp-race.dpatch
- [Security] The patch below fixes an smp race that happens on such
+ [SECURITY] The patch below fixes an smp race that happens on such
systems under heavy load.
* net-bridge-mangle-oops-1.dpatch, net-bridge-mangle-oops-2.dpatch
@@ -79,7 +79,7 @@
* net-bridge-forwarding-poison-1.dpatch,
net-bridge-forwarding-poison-2.dpatch:
- [Security] Avoid poisoning of the bridge forwarding table by frames that
+ [SECURITY] Avoid poisoning of the bridge forwarding table by frames that
have been dropped by filtering. This prevents spoofed source addresses on
hostile side of bridge from causing packet leakage, a small but possible
security risk.
@@ -87,15 +87,15 @@
* net-ipv4-netfilter-ip_queue-deadlock.dpatch
Fix deadlock with ip_queue and tcp local input path.
- * [Security] net-rose-ndigis-verify.dpatch
+ * [SECURITY] net-rose-ndigis-verify.dpatch
Verify ndigis argument of a new route.
* sound-usb-usbaudio-unplug-oops.dpatch
- [Security] Prevent oops & dead keyboard on usb unplugging while the device
+ [SECURITY] Prevent oops & dead keyboard on usb unplugging while the device
is being used.
* net-ipv4-ipvs-conn_tab-race.dpatch
- [Security] Fix race condition on ip_vs_conn_tab list modification
+ [SECURITY] Fix race condition on ip_vs_conn_tab list modification
* asm-i386-mem-clobber.dpatch:
Make sure gcc doesn't reorder memory accesses in strncmp and friends on
@@ -113,20 +113,20 @@
bad.
* fs-ext3-64bit-offset.dpatch
- [Security] Incorrect offset checks for ext3 xattr on 64 bit architectures
+ [SECURITY] Incorrect offset checks for ext3 xattr on 64 bit architectures
an lead to a local DoS.
See CAN-2005-0757. (see: #311164).
* arch-x86_64-mm-mmap.dpatch
- [Security, x86_64] Compat mode program can hang kernel
+ [SECURITY, x86_64] Compat mode program can hang kernel
See CAN-2005-1765.
* arch-ia64-ptrace-getregs-putregs.dpatch
- [Security, ia64] Fix unchecked user-memory accesses in ptrage_getregs()
+ [SECURITY, ia64] Fix unchecked user-memory accesses in ptrage_getregs()
and ptrace_setregs.
* arch-ia64-ptrace-restore_sigcontext.dpatch
- [Security, ia64] Fix to prevent users from using ptrace to set the pl field
+ [SECURITY, ia64] Fix to prevent users from using ptrace to set the pl field
of the ar.rsc reginster to any value, leading to the
ability to overwrite kernel memory.
Note, this patch requires the arch-ia64-ptrace-getregs-putregs.dpatch
@@ -143,38 +143,38 @@
[ dann frazier ]
* Merge in applicable fixes from 2.6.12.3
- - [Security] ppc32-time_offset-misuse.dpatch
+ - [SECURITY] ppc32-time_offset-misuse.dpatch
- v4l-cx88-hue-offset-fix.dpatch
- tty_ldisc_ref-return-null-check.dpatch
* Merge in applicable fixes from 2.6.12.4
- - [Security] netfilter-NAT-memory-corruption.dpatch
+ - [SECURITY] netfilter-NAT-memory-corruption.dpatch
- netfilter-deadlock-ip6_queue.dpatch
- - [Security] ipsec-array-overflow.dpatch See CAN-2005-2456
+ - [SECURITY] ipsec-array-overflow.dpatch See CAN-2005-2456
(See: #321401) (Closes: #321401)
- - [Security] netfilter-ip_conntrack_untracked-refcount.dpatch
- - [Security] sys_get_thread_area-leak.dpatch
+ - [SECURITY] netfilter-ip_conntrack_untracked-refcount.dpatch
+ - [SECURITY] sys_get_thread_area-leak.dpatch
- rocket_c-fix-ldisc-ref-count.dpatch
- early-vlan-fix.dpatch
[ Simon Horman ]
* fs_ext2_ext3_xattr-sharing.dpatch
- [Security] Xattr sharing bug
+ [SECURITY] Xattr sharing bug
See http://lists.debian.org/debian-kernel/2005/08/msg00238.html
See CAN-2005-2801
* vlan-mii-ioctl.dpatch
- [Security] MII ioctl pass through was passing the wrong device.
+ [SECURITY] MII ioctl pass through was passing the wrong device.
See http://lists.osdl.org/pipermail/bridge/2004-September/000638.html
See CAN-2005-2548 (Closes: #309308)
* fs-sysfs-read-write-race.dpatch
- [Security] Fix race in sysfs_read_file() and sysfs_write_file()
+ [SECURITY] Fix race in sysfs_read_file() and sysfs_write_file()
that can lead to a user-space DoS.
See CAN-2004-2302 (Closes: #322339)
* net-ipv4-netfilter-ip_recent-last_pkts.dpatch
- [Security] Fixes remote DoS when using ipt_recent on a 64 bit machine.
+ [SECURITY] Fixes remote DoS when using ipt_recent on a 64 bit machine.
See CAN-2005-2802
(Closes: #322237)
@@ -190,11 +190,11 @@
* arch-x86_64-kernel-stack-faults.dpatch
arch-x86_64-nmi.dpatch
arch-x86_64-private-tss.dpatch
- [Security, x86_64] Disable exception stack for stack faults
+ [SECURITY, x86_64] Disable exception stack for stack faults
See CAN-2005-1767
* linux-zlib-fixes.dpatch, zlib-revert-broken-change.dpatch
- [Security] Fix security bugs in the Linux zlib implementations.
+ [SECURITY] Fix security bugs in the Linux zlib implementations.
See CAN-2005-2458, CAN-2005-2459
From 2.6.12.5 and 2.6.12.6
http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
@@ -210,18 +210,16 @@
From 2.6.12.5
* net-sockglue-cap.dpatch
- [Security] Restrict socket policy loading to CAP_NET_ADMIN.
+ [SECURITY] Restrict socket policy loading to CAP_NET_ADMIN.
See CAN-2005-2555.
Also in 2.6.12.6 as ipsec-socket-policy-use-cap.patch
* fix-dst-leak-in-icmp_push_reply.dpatch
- [Maybe-Security: Can remote traffic trigger this]
- Fix DST leak in icmp_push_reply()
+ [SECURITY] Fix DST leak in icmp_push_reply(); Possible remote DoS?
From 2.6.12.6
* nptl-signal-delivery-deadlock-fix.dpatch
- [Maybe-Security: Seems like a local DoS]
- NPTL signal delivery deadlock fix
+ [SECURITY] NPTL signal delivery deadlock fix; Possible local DoS?
Backported From 2.6.12.6
* genelink-usbnet-skb-typo.dpatch
@@ -229,14 +227,12 @@
Backported From 2.6.12.6
* fix-memory-leak-in-sg.c-seq_file.dpatch
- [Maybe-Security: Seems like a local DoS]
- fix a memory leak in devices seq_file implementation
- From 2.6.12.6
+ [SECURITY] fix a memory leak in devices seq_file implementation;
+ local DoS. From 2.6.12.6
See CAN-2005-2800
* ipv6-skb-leak.dpatch
- [Maybe-Security: Seems like a local DoS]
- Fix SKB leak in ip6_input_finish()
+ [SECURITY] Fix SKB leak in ip6_input_finish(); local DoS.
From 2.6.12.6
* drivers-ide-ppp-pmac-build.dpatch
More information about the Kernel-svn-changes
mailing list