[kernel] r6656 - dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian

Dann Frazier dannf at costa.debian.org
Sat May 20 21:02:15 UTC 2006 

Author: dannf
Date: Sat May 20 21:02:12 2006
New Revision: 6656

Modified:
   dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/changelog
   dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/control

Log:
rebuild for sarge3

Modified: dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/changelog	Sat May 20 21:02:12 2006
@@ -1,3 +1,106 @@
+kernel-image-2.6.8-amd64 (2.6.8-16sarge3) stable-security; urgency=low
+
+  * Build against kernel-tree-2.6.8-16sarge3:
+    * net-protocol-mod-refcounts-pre.dpatch, net-protocol-mod-refcounts.dpatch
+      [SECURITY] Fix potential DoS (panic) cause by inconsistent reference
+      counting in network protocol modules.
+      See CVE-2005-3359
+    * netfilter-do_replace-overflow.dpatch
+      [SECURITY] Fix buffer overflow in netfilter do_replace which can could
+      be triggered by users with CAP_NET_ADMIN rights.
+      See CVE-2006-0038
+    * sys_mbind-sanity-checking.dpatch
+      [SECURITY] Make sure maxnodes is safe size before calculating nlongs in
+      get_nodes() to prevent a local DoS vulnerability.
+      See CVE-2006-0557
+    * smbfs-chroot-escape.dpatch
+      [SECURITY] Fix directory traversal vulnerability in smbfs that permits
+      local users to escape chroot restrictions
+      See CVE-2006-1864
+    * perfmon-exit-race.dpatch
+      [SECURITY][ia64] Fix local denial of service vulnerability (oops) in
+      the ia64 perfmon subsystem
+      See CVE-2006-0558
+    * ia64-die_if_kernel-returns.dpatch
+      [SECURITY][ia64] Fix a potential local DoS on ia64 systems caused by
+      an incorrect 'noreturn' attribute on die_if_kernel()
+      See CVE-2006-0742
+    * smbfs-chroot-escape.dpatch
+      [SECURITY] Fix directory traversal vulnerability in smbfs that permits
+      local users to escape chroot restrictions
+      See CVE-2006-1863
+    * binfmt-bad-elf-entry-address.dpatch
+      [SECURITY][amd64] Fix potential local DoS vulnerability in the binfmt_elf
+      code on em64t processors
+      See CVE-2006-0741
+    * em64t-uncanonical-return-addr.dpatch
+      [SECURITY][amd64] Fix local DoS vulnerability on em64t systems that
+      arises when returning program control using SYSRET
+      See CVE-2006-0744
+    * sctp-discard-unexpected-in-closed.dpatch
+      [SECURITY] Fix remote DoS in SCTP code by discarding unexpected chunks
+      received in CLOSED state instead of calling BUG()
+      See CVE-2006-2271
+    * ipv4-id-no-increment.dpatch
+      [SECURITY] Fix vulnerability that allows remote attackers to conduct an
+      Idle Scan attack, bypassing intended protections against such attacks
+      See CVE-2006-1242
+    * usb-gadget-rndis-bufoverflow.dpatch
+      [SECURITY] Fix buffer overflow in the USB Gadget RNDIS implementation that
+      allows for a remote DoS attack (kmalloc'd memory corruption)
+      See CVE-2006-1368
+    * group_complete_signal-BUG_ON.dpatch
+      [SECURITY] Fix improper use of BUG_ON in __group_complete_signal()
+      See CVE-2006-1523
+    * madvise_remove-restrict.dpatch
+      [SECURITY] Fix vulnerability that allows local users to bypass IPC
+      permissions and replace portions of read-only tmpfs files with zeroes.
+      See CVE-2006-1524
+    * mcast-ip-route-null-deref.dpatch
+      [SECURITY] Fix local DoS vulnerability that allows local users to panic
+      a system by requesting a route for a multicast IP
+      See CVE-2006-1525
+    * sctp-fragment-recurse.dpatch
+      [SECURITY] Fix remote DoS vulnerability that can lead to infinite
+      recursion when a packet containing two or more DATA fragments is received
+      See CVE-2006-2274
+    * sctp-fragmented-receive-fix.dpatch
+      [SECURITY] Fix remote DoS vulnerability that allows IP fragmented
+      COOKIE_ECHO and HEARTBEAT SCTP control chunks to cause a kernel panic
+      See CVE-2006-2272
+    * amd64-fp-reg-leak-dep[1-3].dpatch, amd64-fp-reg-leak.dpatch
+      [SECURITY][amd64] Fix an information leak that allows a process to see
+      a portion of the floating point state of other processes, possibly
+      exposing sensitive information.
+      See CVE-2006-1056
+    * do_add_counters-race.dpatch
+      [SECURITY] Fix race condition in the do_add_counters() function in
+      netfilter that allows local users with CAP_NET_ADMIN capabilities to
+      read kernel memory
+      See CVE-2006-0039
+    * s390-strnlen_user-return.dpatch
+      [SECURITY][s390] Fix local DoS on s390 that may result from strnlen_user
+      returning a value that is too large
+      See CVE-2006-0456
+    * xfs-ftruncate-leak.dpatch
+      [SECURITY] Fix leak in the ftruncate call in the XFS filesystem that may
+      permit local users to view sensitive information
+      See CVE-2006-0554
+    * nfs-another-O_DIRECT-fix.dpatch
+      [SECURITY] Fix a potential local DoS vulnerability in the NFS O_DIRECT
+      code
+      See CVE-2006-0555
+    * sctp-hb-ack-overflow.dpatch
+      [SECURITY] Fix a remote buffer overflow that can result from a badly
+      formatted HB-ACK chunk
+      See CVE-2006-1857
+    * sctp-param-bound-checks.dpatch
+      [SECURITY] Fix a bound checking error (remote DoS) in the SCTP parameter
+      checking code
+      See CVE-2006-1858
+
+ -- dann frazier <dannf at debian.org>  Sat, 20 May 2006 13:40:20 -0500
+
 kernel-image-2.6.8-amd64 (2.6.8-16sarge2) stable-security; urgency=high
 
   * Rebuild against kernel-tree-2.6.8-16sarge2

Modified: dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/control
==============================================================================
--- dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/control	(original)
+++ dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/control	Sat May 20 21:02:12 2006
@@ -4,7 +4,7 @@
 Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>
 Uploaders: Frederik Schüler <fschueler at gmx.net> 
 Standards-Version: 3.6.1
-Build-Depends: debhelper (>= 4), kernel-package (>= 8.131), kernel-tree-2.6.8-16sarge2, module-init-tools, gcc-3.4 (>= 3.4.1-6), dpkg-dev (>= 1.10.23)
+Build-Depends: debhelper (>= 4), kernel-package (>= 8.131), kernel-tree-2.6.8-16sarge3, module-init-tools, gcc-3.4 (>= 3.4.1-6), dpkg-dev (>= 1.10.23)
 
 Package: kernel-headers-2.6.8-12
 Architecture: amd64 i386

More information about the Kernel-svn-changes mailing list