[kernel] r5222 - in dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches/series

Dann Frazier dannf at costa.debian.org
Wed Jan 4 06:53:18 UTC 2006 

Author: dannf
Date: Wed Jan  4 06:53:14 2006
New Revision: 5222

Modified:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2
Log:
* [SECURITY] Fix a potential local root exploit in the
  /proc/sys/net/ipv4/conf interface.  See CVE-2005-2709
  196_sysctl-unregistration-oops.diff
  ****CHANGES ABI****
  setkeys-needs-root-1.diff, setkeys-needs-root-2.
* 150_private_fragment_queues-1.diff, 150_private_fragment_queues-2.diff:
  Keep fragment queues private to each user. See CAN-2005-0449 and
  http://oss.sgi.com/archives/netdev/2005-01/msg01048.html


Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	Wed Jan  4 06:53:14 2006
@@ -55,16 +55,20 @@
   * [SECURITY] Fix infinite loop in udp_v6_get_port().  See CVE-2005-2973
     195_net-ipv6-udp_v6_get_port-loop.diff
 
-  # DISABLED DUE TO ABI CHANGE
-  # * [SECURITY] Fix a potential local root exploit in the
-  #   /proc/sys/net/ipv4/conf interface.  See CVE-2005-2709
-  #   196_sysctl-unregistration-oops.diff
+  * [SECURITY] Fix a potential local root exploit in the
+    /proc/sys/net/ipv4/conf interface.  See CVE-2005-2709
+    196_sysctl-unregistration-oops.diff
+    ****CHANGES ABI****
 
   * [SECURITY] Require root privilege to write the current
     function key string entry of other user's terminals.
     See CVE-2005-3257
-    setkeys-needs-root-1.diff, setkeys-needs-root-2.diff:
+    setkeys-needs-root-1.diff, setkeys-needs-root-2.
 
+  * 150_private_fragment_queues-1.diff, 150_private_fragment_queues-2.diff:
+    Keep fragment queues private to each user. See CAN-2005-0449 and
+    http://oss.sgi.com/archives/netdev/2005-01/msg01048.html
+  
  -- Simon Horman <horms at verge.net.au>  Tue, 20 Dec 2005 11:05:02 +0900
 
 kernel-source-2.4.27 (2.4.27-10sarge1) stable-security; urgency=high

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge2	Wed Jan  4 06:53:14 2006
@@ -6,7 +6,9 @@
 + 192_orinoco-info-leak.diff
 + 194_xfs-inode-race.diff
 + 195_net-ipv6-udp_v6_get_port-loop.diff
-# ABI CHANGE 196_sysctl-unregistration-oops.diff
++ 196_sysctl-unregistration-oops.diff
 + 197_setkeys-needs-root-1.diff
 + 197_setkeys-needs-root-2.diff
 + 198_fs-lock-lease-log-spam.diff
++ 150_private_fragment_queues-1.diff
++ 150_private_fragment_queues-2.diff

More information about the Kernel-svn-changes mailing list