[kernel] r8485 -
dists/sarge-security/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian
Dann Frazier
dannf at alioth.debian.org
Mon Apr 16 22:43:08 UTC 2007
Author: dannf
Date: Mon Apr 16 22:43:08 2007
New Revision: 8485
Modified:
dists/sarge-security/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/changelog
dists/sarge-security/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/control
Log:
* Rebuild against kernel-tree-2.6.8-16sarge7 which requires
an ABI increment:
* [ERRATA] smbfs-honor-mount-opts-2.dpatch
Fix some regressions with respect to file types (e.g., symlinks)
introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
* mincore_hang.dpatch
[SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
Holtmann for the patch.
See CVE-2006-4814
* mincore-fixes.dpatch
This patch includes a few fixes, necessary for mincore_hang.dpatch to
apply cleanly.
* dev_queue_xmit-error-path.dpatch
[SECURITY] Correct an error path in dev_queue_xmit() to rebalance
local_bh_enable() calls. Patch from Vasily Averin.
See CVE-2006-6535
* dvb-core-handle-0-length-ule-sndu.dpatch
[SECURITY] Avoid sending invalid ULE packets which may not properly
handled by the receiving side triggering a crash. This is a backport
of the patch that went into 2.6.17.y. It would be better to fix the
receiving end, but no patch for the era kernel has been developed yet.
See CVE-2006-4623
* bluetooth-capi-size-checks.dpatch
[SECURITY] Add additional length checks to avoid potential remote
DoS attacks in the handling of CAPI messages in the bluetooth driver
See CVE-2006-6106
* __find_get_block_slow-race.dpatch
[SECURITY] Fix infinite loop in __find_get_block_slow that can
be triggered by mounting and accessing a malicious iso9660 or NTFS
filesystem
See CVE-2006-5757, CVE-2006-6060
* listxattr-mem-corruption.dpatch
[SECURITY] Fix userspace corruption vulnerability caused by
incorrectly promoted return values in bad_inode_ops
This patches changes the kernel ABI.
See CVE-2006-5753
* aio-fix-nr_pages-init.dpatch
[SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
avoid a race that can lead to a system crash
See CVE-2006-5754
* unmap_hugepage_area-check-null-pte.dpatch
[SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
No kernel-image builds appear to compile this code, so this fix is only
for users that compile their own kernels with the Debian source and
enable/use huge pages.
See CVE-2005-4811
* ext3-fsfuzz.dpatch
[SECURITY] Fix a DoS vulnerability that can be triggered by a local
user with the ability to mount a corrupted ext3 filesystem
See CVE-2006-6053
* hfs-no-root-inode.dpatch
[SECURITY] Fix bug in HFS where hfs_fill_super returns success even
if no root inode is found. On an SELinux-enabled system, this can
be used to trigger a local DoS. Debian does not enable SELinux by
default.
See CVE-2006-6056
* ipv6_fl_socklist-no-share.dpatch
[SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
ipv6_fl_socklist between the listening socket and the socket created
for connection.
See CVE-2007-1592
* core-dump-unreadable-PT_INTERP.dpatch
[SECURITY] Fix a vulnerability that allows local users to read
otherwise unreadable (but executable) files by triggering a core dump.
See CVE-2007-0958
* appletalk-length-mismatch.dpatch
[SECURITY] Fix a remote DoS (crash) in appletalk
Depends upon appletalk-endianness-annotations.dpatch
See CVE-2007-1357
Modified: dists/sarge-security/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/changelog Mon Apr 16 22:43:08 2007
@@ -1,3 +1,77 @@
+kernel-image-2.6.8-ia64 (2.6.8-14sarge7) stable-security; urgency=high
+
+ * Rebuild against kernel-tree-2.6.8-16sarge7 which requires
+ an ABI increment:
+ * [ERRATA] smbfs-honor-mount-opts-2.dpatch
+ Fix some regressions with respect to file types (e.g., symlinks)
+ introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
+ * mincore_hang.dpatch
+ [SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
+ Holtmann for the patch.
+ See CVE-2006-4814
+ * mincore-fixes.dpatch
+ This patch includes a few fixes, necessary for mincore_hang.dpatch to
+ apply cleanly.
+ * dev_queue_xmit-error-path.dpatch
+ [SECURITY] Correct an error path in dev_queue_xmit() to rebalance
+ local_bh_enable() calls. Patch from Vasily Averin.
+ See CVE-2006-6535
+ * dvb-core-handle-0-length-ule-sndu.dpatch
+ [SECURITY] Avoid sending invalid ULE packets which may not properly
+ handled by the receiving side triggering a crash. This is a backport
+ of the patch that went into 2.6.17.y. It would be better to fix the
+ receiving end, but no patch for the era kernel has been developed yet.
+ See CVE-2006-4623
+ * bluetooth-capi-size-checks.dpatch
+ [SECURITY] Add additional length checks to avoid potential remote
+ DoS attacks in the handling of CAPI messages in the bluetooth driver
+ See CVE-2006-6106
+ * __find_get_block_slow-race.dpatch
+ [SECURITY] Fix infinite loop in __find_get_block_slow that can
+ be triggered by mounting and accessing a malicious iso9660 or NTFS
+ filesystem
+ See CVE-2006-5757, CVE-2006-6060
+ * listxattr-mem-corruption.dpatch
+ [SECURITY] Fix userspace corruption vulnerability caused by
+ incorrectly promoted return values in bad_inode_ops
+ This patches changes the kernel ABI.
+ See CVE-2006-5753
+ * aio-fix-nr_pages-init.dpatch
+ [SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
+ avoid a race that can lead to a system crash
+ See CVE-2006-5754
+ * unmap_hugepage_area-check-null-pte.dpatch
+ [SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
+ No kernel-image builds appear to compile this code, so this fix is only
+ for users that compile their own kernels with the Debian source and
+ enable/use huge pages.
+ See CVE-2005-4811
+ * ext3-fsfuzz.dpatch
+ [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+ user with the ability to mount a corrupted ext3 filesystem
+ See CVE-2006-6053
+ * hfs-no-root-inode.dpatch
+ [SECURITY] Fix bug in HFS where hfs_fill_super returns success even
+ if no root inode is found. On an SELinux-enabled system, this can
+ be used to trigger a local DoS. Debian does not enable SELinux by
+ default.
+ See CVE-2006-6056
+ * ipv6_fl_socklist-no-share.dpatch
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
+ * core-dump-unreadable-PT_INTERP.dpatch
+ [SECURITY] Fix a vulnerability that allows local users to read
+ otherwise unreadable (but executable) files by triggering a core dump.
+ See CVE-2007-0958
+ * appletalk-length-mismatch.dpatch
+ [SECURITY] Fix a remote DoS (crash) in appletalk
+ Depends upon appletalk-endianness-annotations.dpatch
+ See CVE-2007-1357
+
+ -- dann frazier <dannf at debian.org> Mon, 16 Apr 2007 15:40:39 -0700
+
kernel-image-2.6.8-ia64 (2.6.8-14sarge6) stable-security; urgency=high
* Build against kernel-tree-2.6.8-16sarge6:
Modified: dists/sarge-security/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/control
==============================================================================
--- dists/sarge-security/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/control (original)
+++ dists/sarge-security/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/control Mon Apr 16 22:43:08 2007
@@ -6,7 +6,7 @@
Standards-Version: 3.6.1
Build-Depends: debhelper (>= 2), kernel-package (>= 8.054), kernel-tree-2.6.8-16sarge6, module-init-tools
-Package: kernel-headers-2.6.8-3
+Package: kernel-headers-2.6.8-4
Architecture: ia64
Section: devel
Priority: optional
@@ -15,31 +15,31 @@
Description: Header files related to Linux kernel version 2.6.8
This package provides kernel header files for version 2.6.8, for sites
that want the latest kernel headers. Please read
- /usr/share/doc/kernel-headers-2.6.8-3/debian.README.gz for details.
+ /usr/share/doc/kernel-headers-2.6.8-4/debian.README.gz for details.
-Package: kernel-headers-2.6.8-3-itanium
+Package: kernel-headers-2.6.8-4-itanium
Architecture: ia64
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers 2.6.8 on Itanium
This package provides kernel header files for version 2.6.8 on
Itanium,
for sites that want the latest kernel headers.
- Please read /usr/share/doc/kernel-headers-2.6.8-3-itanium/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.6.8-4-itanium/debian.README.gz for
details.
Package: kernel-headers-2.6-itanium
Architecture: ia64
Section: devel
Priority: optional
-Depends: kernel-headers-2.6.8-3-itanium
+Depends: kernel-headers-2.6.8-4-itanium
Description: Linux kernel headers 2.6 on Itanium
This package will always depend on the latest 2.6 kernel headers available
for Itanium.
-Package: kernel-image-2.6.8-3-itanium
+Package: kernel-image-2.6.8-4-itanium
Architecture: ia64
Section: base
Priority: optional
@@ -62,16 +62,16 @@
Architecture: ia64
Section: base
Priority: optional
-Depends: kernel-image-2.6.8-3-itanium
+Depends: kernel-image-2.6.8-4-itanium
Description: Linux kernel image for version 2.6 on Itanium
This package will always depend on the latest 2.6 kernel image available
for Itanium.
-Package: kernel-headers-2.6.8-3-itanium-smp
+Package: kernel-headers-2.6.8-4-itanium-smp
Architecture: ia64
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers 2.6.8 on Itanium SMP
This package provides kernel header files for version 2.6.8 on
@@ -79,20 +79,20 @@
for sites that want the latest kernel headers.
SMP (symmetric multi-processing) is needed if you have multiple processors.
Please read
- /usr/share/doc/kernel-headers-2.6.8-3-itanium-smp/debian.README.gz for
+ /usr/share/doc/kernel-headers-2.6.8-4-itanium-smp/debian.README.gz for
details.
Package: kernel-headers-2.6-itanium-smp
Architecture: ia64
Section: devel
Priority: optional
-Depends: kernel-headers-2.6.8-3-itanium-smp
+Depends: kernel-headers-2.6.8-4-itanium-smp
Description: Linux kernel headers 2.6 on Itanium SMP
This package will always depend on the latest 2.6 kernel headers available
for Itanium with SMP support.
SMP (symmetric multi-processing) is needed if you have multiple processors.
-Package: kernel-image-2.6.8-3-itanium-smp
+Package: kernel-image-2.6.8-4-itanium-smp
Architecture: ia64
Section: base
Priority: optional
@@ -116,36 +116,36 @@
Architecture: ia64
Section: base
Priority: optional
-Depends: kernel-image-2.6.8-3-itanium-smp
+Depends: kernel-image-2.6.8-4-itanium-smp
Description: Linux kernel image for version 2.6 on Itanium SMP
This package will always depend on the latest 2.6 kernel image available
for Itanium with SMP support.
SMP (symmetric multi-processing) is needed if you have multiple processors.
-Package: kernel-headers-2.6.8-3-mckinley
+Package: kernel-headers-2.6.8-4-mckinley
Architecture: ia64
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers 2.6.8 on Itanium II
This package provides kernel header files for version 2.6.8 on
Itanium II (also known as McKinley),
for sites that want the latest kernel headers.
Please read
- /usr/share/doc/kernel-headers-2.6.8-3-mckinley/debian.README.gz for
+ /usr/share/doc/kernel-headers-2.6.8-4-mckinley/debian.README.gz for
details.
Package: kernel-headers-2.6-mckinley
Architecture: ia64
Section: devel
Priority: optional
-Depends: kernel-headers-2.6.8-3-mckinley
+Depends: kernel-headers-2.6.8-4-mckinley
Description: Linux kernel headers 2.6 on Itanium II
This package will always depend on the latest 2.6 kernel headers available
for Itanium II (also known as McKinley).
-Package: kernel-image-2.6.8-3-mckinley
+Package: kernel-image-2.6.8-4-mckinley
Architecture: ia64
Section: base
Priority: optional
@@ -168,16 +168,16 @@
Architecture: ia64
Section: base
Priority: optional
-Depends: kernel-image-2.6.8-3-mckinley
+Depends: kernel-image-2.6.8-4-mckinley
Description: Linux kernel image for version 2.6 on Itanium II
This package will always depend on the latest 2.6 kernel image available
for Itanium II (also known as McKinley).
-Package: kernel-headers-2.6.8-3-mckinley-smp
+Package: kernel-headers-2.6.8-4-mckinley-smp
Architecture: ia64
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers 2.6.8 on Itanium II SMP
This package provides kernel header files for version 2.6.8 on
@@ -185,20 +185,20 @@
for sites that want the latest kernel headers.
SMP (symmetric multi-processing) is needed if you have multiple processors.
Please read
- /usr/share/doc/kernel-headers-2.6.8-3-mckinley-smp/debian.README.gz for
+ /usr/share/doc/kernel-headers-2.6.8-4-mckinley-smp/debian.README.gz for
details.
Package: kernel-headers-2.6-mckinley-smp
Architecture: ia64
Section: devel
Priority: optional
-Depends: kernel-headers-2.6.8-3-mckinley-smp
+Depends: kernel-headers-2.6.8-4-mckinley-smp
Description: Linux kernel headers 2.6 on Itanium II SMP
This package will always depend on the latest 2.6 kernel headers available
for Itanium II (also known as McKinley) with SMP support.
SMP (symmetric multi-processing) is needed if you have multiple processors.
-Package: kernel-image-2.6.8-3-mckinley-smp
+Package: kernel-image-2.6.8-4-mckinley-smp
Architecture: ia64
Section: base
Priority: optional
@@ -222,7 +222,7 @@
Architecture: ia64
Section: base
Priority: optional
-Depends: kernel-image-2.6.8-3-mckinley-smp
+Depends: kernel-image-2.6.8-4-mckinley-smp
Description: Linux kernel image for version 2.6 on Itanium II SMP
This package will always depend on the latest 2.6 kernel image available
for Itanium II (also known as McKinley) with SMP support.
More information about the Kernel-svn-changes
mailing list