[kernel] r7325 - dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian

Dann Frazier dannf at costa.debian.org
Tue Sep 5 06:26:16 UTC 2006 

Author: dannf
Date: Tue Sep  5 06:26:15 2006
New Revision: 7325

Modified:
   dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/changelog
   dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/control

Log:
* Build against kernel-tree-2.4.27-10sarge4:
  * [ERRATA] 213_madvise_remove-restrict.diff
    [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with
    CVE-2006-1524. However, this patch fixes an mprotect issue that was
    split off from the original report into CVE-2006-2071. 2.4.27 is not
    vulnerable to CVE-2006-1524 the madvise_remove issue.
    See CVE-2006-2071
  * 223_nfs-handle-long-symlinks.diff
    [SECURITY] Fix buffer overflow in NFS readline handling that allows a
    remote server to cause a denial of service (crash) via a long symlink
    See CVE-2005-4798
  * 224_cdrom-bad-cgc.buflen-assign.diff
    [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially
    be used by a local user to trigger a buffer overflow via a specially
    crafted DVD, USB stick, or similar automatically mounted device.
    See CVE-2006-2935
  * 225_sg-no-mmap-VM_IO.diff
    [SECURITY] Fix DoS vulnerability whereby a local user could attempt
    a dio/mmap and cause the sg driver to oops.
    See CVE-2006-1528
  * 226_snmp-nat-mem-corruption-fix.diff
    [SECURITY] Fix memory corruption in snmp_trap_decode
    See CVE-2006-2444
  * 227_kfree_skb.diff
    [SECURITY] Fix race between kfree_skb and __skb_unlink
    See CVE-2006-2446
  * 228_sparc-mb-extraneous-semicolons.diff
    Fix a syntax error caused by extranous semicolons in smp_mb() macros
    which resulted in a build failure with 227_kfree_skb.diff
  * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff
    [SECURITY] Fix SCTP privelege escalation
    See CVE-2006-3745
  * 231_udf-deadlock.diff
    [SECURITY] Fix possible UDF deadlock and memory corruption
    See CVE-2006-4145

Modified: dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/changelog	(original)
+++ dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/changelog	Tue Sep  5 06:26:15 2006
@@ -1,3 +1,43 @@
+kernel-image-2.4.27-s390 (2.4.27-2sarge4) stable-security; urgency=high
+
+  * Build against kernel-tree-2.4.27-10sarge4:
+    * [ERRATA] 213_madvise_remove-restrict.diff
+      [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with
+      CVE-2006-1524. However, this patch fixes an mprotect issue that was
+      split off from the original report into CVE-2006-2071. 2.4.27 is not
+      vulnerable to CVE-2006-1524 the madvise_remove issue.
+      See CVE-2006-2071
+    * 223_nfs-handle-long-symlinks.diff
+      [SECURITY] Fix buffer overflow in NFS readline handling that allows a
+      remote server to cause a denial of service (crash) via a long symlink
+      See CVE-2005-4798
+    * 224_cdrom-bad-cgc.buflen-assign.diff
+      [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially
+      be used by a local user to trigger a buffer overflow via a specially
+      crafted DVD, USB stick, or similar automatically mounted device.
+      See CVE-2006-2935
+    * 225_sg-no-mmap-VM_IO.diff
+      [SECURITY] Fix DoS vulnerability whereby a local user could attempt
+      a dio/mmap and cause the sg driver to oops.
+      See CVE-2006-1528
+    * 226_snmp-nat-mem-corruption-fix.diff
+      [SECURITY] Fix memory corruption in snmp_trap_decode
+      See CVE-2006-2444
+    * 227_kfree_skb.diff
+      [SECURITY] Fix race between kfree_skb and __skb_unlink
+      See CVE-2006-2446
+    * 228_sparc-mb-extraneous-semicolons.diff
+      Fix a syntax error caused by extranous semicolons in smp_mb() macros
+      which resulted in a build failure with 227_kfree_skb.diff
+    * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff
+      [SECURITY] Fix SCTP privelege escalation
+      See CVE-2006-3745
+    * 231_udf-deadlock.diff
+      [SECURITY] Fix possible UDF deadlock and memory corruption
+      See CVE-2006-4145
+
+ -- dann frazier <dannf at debian.org>  Tue,  5 Sep 2006 00:24:23 -0600
+
 kernel-image-2.4.27-s390 (2.4.27-2sarge3) stable-security; urgency=high
 
   * Build against kernel-tree-2.4.27-10sarge3:

Modified: dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/control
==============================================================================
--- dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/control	(original)
+++ dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/control	Tue Sep  5 06:26:15 2006
@@ -4,7 +4,7 @@
 Maintainer: Debian S/390 Team <debian-s390 at lists.debian.org>
 Uploaders: Bastian Blank <waldi at debian.org>
 Standards-Version: 3.5.6
-Build-Depends: debhelper (>> 4.0.0), modutils (>= 2.4.21), kernel-tree-2.4.27-10sarge3, kernel-patch-2.4.27-s390 (>= 2.4.27-2sarge1), kernel-package (>= 8.084)
+Build-Depends: debhelper (>> 4.0.0), modutils (>= 2.4.21), kernel-tree-2.4.27-10sarge4, kernel-patch-2.4.27-s390 (>= 2.4.27-2sarge1), kernel-package (>= 8.084)
 
 Package: kernel-headers-2.4.27-3
 Architecture: s390

More information about the Kernel-svn-changes mailing list