[kernel] r7308 -
dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian
Dann Frazier
dannf at costa.debian.org
Mon Sep 4 16:11:40 UTC 2006
Author: dannf
Date: Mon Sep 4 16:11:39 2006
New Revision: 7308
Modified:
dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/changelog
dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/control
Log:
* Build against kernel-tree-2.6.8-16sarge5:
* [ERRATA] madvise_remove-restrict.dpatch
[SECURITY] The 2.6.8-16sarge3 changelog associated this patch with
CVE-2006-1524. However, this patch fixes an mprotect issue that was
split off from the original report into CVE-2006-2071. 2.6.8 is not
vulnerable to CVE-2006-1524 the madvise_remove issue.
See CVE-2006-2071
* fs-ext3-bad-nfs-handle.dpatch
[SECURITY] James McKenzie discovered a Denial of Service vulnerability
in the NFS driver. When exporting an ext3 file system over NFS, a remote
attacker could exploit this to trigger a file system panic by sending
a specially crafted UDP packet.
See CVE-2006-3468
* direct-io-write-mem-leak.dpatch
[SECURITY] Fix memory leak in O_DIRECT write.
See CVE-2004-2660
* nfs-handle-long-symlinks.dpatch
[SECURITY] Fix buffer overflow in NFS readline handling that allows a
remote server to cause a denial of service (crash) via a long symlink
See CVE-2005-4798
* cdrom-bad-cgc.buflen-assign.dpatch
[SECURITY] Fix buffer overflow in dvd_read_bca which could potentially
be used by a local user to trigger a buffer overflow via a specially
crafted DVD, USB stick, or similar automatically mounted device.
See CVE-2006-2935
* usb-serial-ftdi_sio-dos.patch
[SECURITY] fix userspace DoS in ftdi_sio driver
See CVE-2006-2936
* selinux-tracer-SID-fix.dpatch
[SECURITY] Fix vulnerability in selinux_ptrace that prevents local
users from changing the tracer SID to the SID of another process
See CVE-2006-1052
* netfilter-SO_ORIGINAL_DST-leak.dpatch
[SECURITY] Fix information leak in SO_ORIGINAL_DST
See CVE-2006-1343
* sg-no-mmap-VM_IO.dpatch
[SECURITY] Fix DoS vulnerability whereby a local user could attempt
a dio/mmap and cause the sg driver to oops.
See CVE-2006-1528
* exit-bogus-bugon.dpatch
[SECURITY] Remove bogus BUG() in exit.c which could be maliciously
triggered by a local user
See CVE-2006-1855
* readv-writev-missing-lsm-check.dpatch,
readv-writev-missing-lsm-check-compat.dpatch
[SECURITY] Add missing file_permission callback in readv/writev syscalls
See CVE-2006-1856
* snmp-nat-mem-corruption-fix.dpatch
[SECURITY] Fix memory corruption in snmp_trap_decode
See CVE-2006-2444
* kfree_skb-race.dpatch
[SECURITY] Fix race between kfree_skb and __skb_unlink
See CVE-2006-2446
* sctp-priv-elevation.dpatch, sctp-priv-elevation-2.dpatch
[SECURITY] Fix SCTP privelege escalation
See CVE-2006-3745
* ppc-hid0-dos.dpatch
[SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on
PPC970 at boot time
See CVE-2006-4093
* udf-deadlock.dpatch
[SECURITY] Fix possible UDF deadlock and memory corruption
See CVE-2006-4145
Modified: dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/changelog Mon Sep 4 16:11:39 2006
@@ -1,3 +1,71 @@
+kernel-image-2.6.8-hppa (2.6.8-6sarge5) stable-security; urgency=high
+
+ * Build against kernel-tree-2.6.8-16sarge5:
+ * [ERRATA] madvise_remove-restrict.dpatch
+ [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with
+ CVE-2006-1524. However, this patch fixes an mprotect issue that was
+ split off from the original report into CVE-2006-2071. 2.6.8 is not
+ vulnerable to CVE-2006-1524 the madvise_remove issue.
+ See CVE-2006-2071
+ * fs-ext3-bad-nfs-handle.dpatch
+ [SECURITY] James McKenzie discovered a Denial of Service vulnerability
+ in the NFS driver. When exporting an ext3 file system over NFS, a remote
+ attacker could exploit this to trigger a file system panic by sending
+ a specially crafted UDP packet.
+ See CVE-2006-3468
+ * direct-io-write-mem-leak.dpatch
+ [SECURITY] Fix memory leak in O_DIRECT write.
+ See CVE-2004-2660
+ * nfs-handle-long-symlinks.dpatch
+ [SECURITY] Fix buffer overflow in NFS readline handling that allows a
+ remote server to cause a denial of service (crash) via a long symlink
+ See CVE-2005-4798
+ * cdrom-bad-cgc.buflen-assign.dpatch
+ [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially
+ be used by a local user to trigger a buffer overflow via a specially
+ crafted DVD, USB stick, or similar automatically mounted device.
+ See CVE-2006-2935
+ * usb-serial-ftdi_sio-dos.patch
+ [SECURITY] fix userspace DoS in ftdi_sio driver
+ See CVE-2006-2936
+ * selinux-tracer-SID-fix.dpatch
+ [SECURITY] Fix vulnerability in selinux_ptrace that prevents local
+ users from changing the tracer SID to the SID of another process
+ See CVE-2006-1052
+ * netfilter-SO_ORIGINAL_DST-leak.dpatch
+ [SECURITY] Fix information leak in SO_ORIGINAL_DST
+ See CVE-2006-1343
+ * sg-no-mmap-VM_IO.dpatch
+ [SECURITY] Fix DoS vulnerability whereby a local user could attempt
+ a dio/mmap and cause the sg driver to oops.
+ See CVE-2006-1528
+ * exit-bogus-bugon.dpatch
+ [SECURITY] Remove bogus BUG() in exit.c which could be maliciously
+ triggered by a local user
+ See CVE-2006-1855
+ * readv-writev-missing-lsm-check.dpatch,
+ readv-writev-missing-lsm-check-compat.dpatch
+ [SECURITY] Add missing file_permission callback in readv/writev syscalls
+ See CVE-2006-1856
+ * snmp-nat-mem-corruption-fix.dpatch
+ [SECURITY] Fix memory corruption in snmp_trap_decode
+ See CVE-2006-2444
+ * kfree_skb-race.dpatch
+ [SECURITY] Fix race between kfree_skb and __skb_unlink
+ See CVE-2006-2446
+ * sctp-priv-elevation.dpatch, sctp-priv-elevation-2.dpatch
+ [SECURITY] Fix SCTP privelege escalation
+ See CVE-2006-3745
+ * ppc-hid0-dos.dpatch
+ [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on
+ PPC970 at boot time
+ See CVE-2006-4093
+ * udf-deadlock.dpatch
+ [SECURITY] Fix possible UDF deadlock and memory corruption
+ See CVE-2006-4145
+
+ -- dann frazier <dannf at debian.org> Mon, 4 Sep 2006 10:10:31 -0600
+
kernel-image-2.6.8-hppa (2.6.8-6sarge4) stable-security; urgency=high
* Build against kernel-tree-2.6.8-16sarge4:
Modified: dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/control
==============================================================================
--- dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/control (original)
+++ dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/control Mon Sep 4 16:11:39 2006
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Kyle McMartin <kyle at debian.org>
Uploaders: Bdale Garbee <bdale at gag.com>, dann frazier <dannf at debian.org>
-Build-Depends: kernel-tree-2.6.8-16sarge4, kernel-patch-2.6.8-hppa (>= 2.6.8-5), kernel-package, debianutils (>= 1.6), debhelper (>= 2), bzip2, module-init-tools, gcc-3.3-hppa64, binutils-hppa64
+Build-Depends: kernel-tree-2.6.8-16sarge5, kernel-patch-2.6.8-hppa (>= 2.6.8-5), kernel-package, debianutils (>= 1.6), debhelper (>= 2), bzip2, module-init-tools, gcc-3.3-hppa64, binutils-hppa64
Standards-Version: 3.5.4
Package: kernel-headers-2.6.8-3
More information about the Kernel-svn-changes
mailing list