[kernel] r7407 -
dists/sarge-security/kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian
Dann Frazier
dannf at costa.debian.org
Thu Sep 14 02:23:08 UTC 2006
Author: dannf
Date: Thu Sep 14 02:23:08 2006
New Revision: 7407
Modified:
dists/sarge-security/kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian/control
Log:
* Build against kernel-tree-2.4.27-10sarge4:
* [ERRATA] 213_madvise_remove-restrict.diff
[SECURITY] The 2.4.27-10sarge3 changelog associated this patch with
CVE-2006-1524. However, this patch fixes an mprotect issue that was
split off from the original report into CVE-2006-2071. 2.4.27 is not
vulnerable to CVE-2006-1524 the madvise_remove issue.
See CVE-2006-2071
* 223_nfs-handle-long-symlinks.diff
[SECURITY] Fix buffer overflow in NFS readline handling that allows a
remote server to cause a denial of service (crash) via a long symlink
See CVE-2005-4798
* 224_cdrom-bad-cgc.buflen-assign.diff
[SECURITY] Fix buffer overflow in dvd_read_bca which could potentially
be used by a local user to trigger a buffer overflow via a specially
crafted DVD, USB stick, or similar automatically mounted device.
See CVE-2006-2935
* 225_sg-no-mmap-VM_IO.diff
[SECURITY] Fix DoS vulnerability whereby a local user could attempt
a dio/mmap and cause the sg driver to oops.
See CVE-2006-1528
* 226_snmp-nat-mem-corruption-fix.diff
[SECURITY] Fix memory corruption in snmp_trap_decode
See CVE-2006-2444
* 227_kfree_skb.diff
[SECURITY] Fix race between kfree_skb and __skb_unlink
See CVE-2006-2446
* 228_sparc-mb-extraneous-semicolons.diff
Fix a syntax error caused by extranous semicolons in smp_mb() macros
which resulted in a build failure with 227_kfree_skb.diff
* 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff
[SECURITY] Fix SCTP privelege escalation
See CVE-2006-3745
* 231_udf-deadlock.diff
[SECURITY] Fix possible UDF deadlock and memory corruption
See CVE-2006-4145
Modified: dists/sarge-security/kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian/changelog Thu Sep 14 02:23:08 2006
@@ -1,3 +1,43 @@
+kernel-image-2.4.27-m68k (2.4.27-3sarge4) stable-security; urgency=high
+
+ * Build against kernel-tree-2.4.27-10sarge4:
+ * [ERRATA] 213_madvise_remove-restrict.diff
+ [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with
+ CVE-2006-1524. However, this patch fixes an mprotect issue that was
+ split off from the original report into CVE-2006-2071. 2.4.27 is not
+ vulnerable to CVE-2006-1524 the madvise_remove issue.
+ See CVE-2006-2071
+ * 223_nfs-handle-long-symlinks.diff
+ [SECURITY] Fix buffer overflow in NFS readline handling that allows a
+ remote server to cause a denial of service (crash) via a long symlink
+ See CVE-2005-4798
+ * 224_cdrom-bad-cgc.buflen-assign.diff
+ [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially
+ be used by a local user to trigger a buffer overflow via a specially
+ crafted DVD, USB stick, or similar automatically mounted device.
+ See CVE-2006-2935
+ * 225_sg-no-mmap-VM_IO.diff
+ [SECURITY] Fix DoS vulnerability whereby a local user could attempt
+ a dio/mmap and cause the sg driver to oops.
+ See CVE-2006-1528
+ * 226_snmp-nat-mem-corruption-fix.diff
+ [SECURITY] Fix memory corruption in snmp_trap_decode
+ See CVE-2006-2444
+ * 227_kfree_skb.diff
+ [SECURITY] Fix race between kfree_skb and __skb_unlink
+ See CVE-2006-2446
+ * 228_sparc-mb-extraneous-semicolons.diff
+ Fix a syntax error caused by extranous semicolons in smp_mb() macros
+ which resulted in a build failure with 227_kfree_skb.diff
+ * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff
+ [SECURITY] Fix SCTP privelege escalation
+ See CVE-2006-3745
+ * 231_udf-deadlock.diff
+ [SECURITY] Fix possible UDF deadlock and memory corruption
+ See CVE-2006-4145
+
+ -- dann frazier <dannf at debian.org> Wed, 13 Sep 2006 20:21:24 -0600
+
kernel-image-2.4.27-m68k (2.4.27-3sarge3) stable-security; urgency=high
* Build against kernel-tree-2.4.27-10sarge3:
Modified: dists/sarge-security/kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian/control
==============================================================================
--- dists/sarge-security/kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian/control (original)
+++ dists/sarge-security/kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian/control Thu Sep 14 02:23:08 2006
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Christian T. Steigies <cts at debian.org>
Standards-Version: 3.6.1
-Build-Depends: kernel-tree-2.4.27-10sarge3, kernel-patch-2.4.27-m68k, kernel-package, debhelper, bzip2, console-tools, gcc-2.95
+Build-Depends: kernel-tree-2.4.27-10sarge4, kernel-patch-2.4.27-m68k, kernel-package, debhelper, bzip2, console-tools, gcc-2.95
Package: kernel-image-2.4.27-amiga
Section: base
More information about the Kernel-svn-changes
mailing list