[kernel] r8488 - dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian

Dann Frazier dannf at alioth.debian.org
Mon Apr 16 22:56:24 UTC 2007 

Author: dannf
Date: Mon Apr 16 22:56:23 2007
New Revision: 8488

Modified:
   dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/changelog
   dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/control
Log:
* Rebuild against kernel-tree-2.6.8-16sarge7 which requires
  an ABI increment:
  * [ERRATA] smbfs-honor-mount-opts-2.dpatch
    Fix some regressions with respect to file types (e.g., symlinks)
    introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
  * mincore_hang.dpatch
    [SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
    Holtmann for the patch.
    See CVE-2006-4814
  * mincore-fixes.dpatch
    This patch includes a few fixes, necessary for mincore_hang.dpatch to
    apply cleanly.
  * dev_queue_xmit-error-path.dpatch
    [SECURITY] Correct an error path in dev_queue_xmit() to rebalance
    local_bh_enable() calls. Patch from Vasily Averin.
    See CVE-2006-6535
  * dvb-core-handle-0-length-ule-sndu.dpatch
    [SECURITY] Avoid sending invalid ULE packets which may not properly
    handled by the receiving side triggering a crash. This is a backport
    of the patch that went into 2.6.17.y. It would be better to fix the
    receiving end, but no patch for the era kernel has been developed yet.
    See CVE-2006-4623
  * bluetooth-capi-size-checks.dpatch
    [SECURITY] Add additional length checks to avoid potential remote
    DoS attacks in the handling of CAPI messages in the bluetooth driver
    See CVE-2006-6106
  * __find_get_block_slow-race.dpatch
    [SECURITY] Fix infinite loop in __find_get_block_slow that can
    be triggered by mounting and accessing a malicious iso9660 or NTFS
    filesystem
    See CVE-2006-5757, CVE-2006-6060
  * listxattr-mem-corruption.dpatch
    [SECURITY] Fix userspace corruption vulnerability caused by
    incorrectly promoted return values in bad_inode_ops
    This patches changes the kernel ABI.
    See CVE-2006-5753
  * aio-fix-nr_pages-init.dpatch
    [SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
    avoid a race that can lead to a system crash
    See CVE-2006-5754
  * unmap_hugepage_area-check-null-pte.dpatch
    [SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
    No kernel-image builds appear to compile this code, so this fix is only
    for users that compile their own kernels with the Debian source and
    enable/use huge pages.
    See CVE-2005-4811
  * ext3-fsfuzz.dpatch
    [SECURITY] Fix a DoS vulnerability that can be triggered by a local
    user with the ability to mount a corrupted ext3 filesystem
    See CVE-2006-6053
  * hfs-no-root-inode.dpatch
    [SECURITY] Fix bug in HFS where hfs_fill_super returns success even
    if no root inode is found. On an SELinux-enabled system, this can
    be used to trigger a local DoS. Debian does not enable SELinux by
    default.
    See CVE-2006-6056
  * ipv6_fl_socklist-no-share.dpatch
    [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
    ipv6_fl_socklist between the listening socket and the socket created
    for connection.
    See CVE-2007-1592
  * core-dump-unreadable-PT_INTERP.dpatch
    [SECURITY] Fix a vulnerability that allows local users to read
    otherwise unreadable (but executable) files by triggering a core dump.
    See CVE-2007-0958
  * appletalk-length-mismatch.dpatch
    [SECURITY] Fix a remote DoS (crash) in appletalk
    Depends upon appletalk-endianness-annotations.dpatch
    See CVE-2007-1357

Modified: dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/changelog	Mon Apr 16 22:56:23 2007
@@ -1,3 +1,77 @@
+kernel-image-2.6.8-i386 (2.6.8-16sarge7) oldstable-security; urgency=high
+
+  * Rebuild against kernel-tree-2.6.8-16sarge7 which requires
+    an ABI increment:
+    * [ERRATA] smbfs-honor-mount-opts-2.dpatch
+      Fix some regressions with respect to file types (e.g., symlinks)
+      introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
+    * mincore_hang.dpatch
+      [SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
+      Holtmann for the patch.
+      See CVE-2006-4814
+    * mincore-fixes.dpatch
+      This patch includes a few fixes, necessary for mincore_hang.dpatch to
+      apply cleanly.
+    * dev_queue_xmit-error-path.dpatch
+      [SECURITY] Correct an error path in dev_queue_xmit() to rebalance
+      local_bh_enable() calls. Patch from Vasily Averin.
+      See CVE-2006-6535
+    * dvb-core-handle-0-length-ule-sndu.dpatch
+      [SECURITY] Avoid sending invalid ULE packets which may not properly
+      handled by the receiving side triggering a crash. This is a backport
+      of the patch that went into 2.6.17.y. It would be better to fix the
+      receiving end, but no patch for the era kernel has been developed yet.
+      See CVE-2006-4623
+    * bluetooth-capi-size-checks.dpatch
+      [SECURITY] Add additional length checks to avoid potential remote
+      DoS attacks in the handling of CAPI messages in the bluetooth driver
+      See CVE-2006-6106
+    * __find_get_block_slow-race.dpatch
+      [SECURITY] Fix infinite loop in __find_get_block_slow that can
+      be triggered by mounting and accessing a malicious iso9660 or NTFS
+      filesystem
+      See CVE-2006-5757, CVE-2006-6060
+    * listxattr-mem-corruption.dpatch
+      [SECURITY] Fix userspace corruption vulnerability caused by
+      incorrectly promoted return values in bad_inode_ops
+      This patches changes the kernel ABI.
+      See CVE-2006-5753
+    * aio-fix-nr_pages-init.dpatch
+      [SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
+      avoid a race that can lead to a system crash
+      See CVE-2006-5754
+    * unmap_hugepage_area-check-null-pte.dpatch
+      [SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
+      No kernel-image builds appear to compile this code, so this fix is only
+      for users that compile their own kernels with the Debian source and
+      enable/use huge pages.
+      See CVE-2005-4811
+    * ext3-fsfuzz.dpatch
+      [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+      user with the ability to mount a corrupted ext3 filesystem
+      See CVE-2006-6053
+    * hfs-no-root-inode.dpatch
+      [SECURITY] Fix bug in HFS where hfs_fill_super returns success even
+      if no root inode is found. On an SELinux-enabled system, this can
+      be used to trigger a local DoS. Debian does not enable SELinux by
+      default.
+      See CVE-2006-6056
+    * ipv6_fl_socklist-no-share.dpatch
+      [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+      ipv6_fl_socklist between the listening socket and the socket created
+      for connection.
+      See CVE-2007-1592
+    * core-dump-unreadable-PT_INTERP.dpatch
+      [SECURITY] Fix a vulnerability that allows local users to read
+      otherwise unreadable (but executable) files by triggering a core dump.
+      See CVE-2007-0958
+    * appletalk-length-mismatch.dpatch
+      [SECURITY] Fix a remote DoS (crash) in appletalk
+      Depends upon appletalk-endianness-annotations.dpatch
+      See CVE-2007-1357
+
+ -- dann frazier <dannf at debian.org>  Mon, 16 Apr 2007 15:49:36 -0700
+
 kernel-image-2.6.8-i386 (2.6.8-16sarge6) stable-security; urgency=high
 
   * Build against kernel-tree-2.6.8-16sarge6:

Modified: dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/control
==============================================================================
--- dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/control	(original)
+++ dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/control	Mon Apr 16 22:56:23 2007
@@ -4,9 +4,9 @@
 Maintainer: Debian kernel team <debian-kernel at lists.debian.org>
 Uploaders: William Lee Irwin III <wli at debian.org>, Andres Salomon <dilinger at debian.org>, Simon Horman <horms at debian.org>
 Standards-Version: 3.6.1
-Build-Depends: debhelper (>= 2), kernel-package (>= 8.054), kernel-tree-2.6.8-16sarge6, module-init-tools
+Build-Depends: debhelper (>= 2), kernel-package (>= 8.054), kernel-tree-2.6.8-16sarge7, module-init-tools
 
-Package: kernel-headers-2.6.8-3
+Package: kernel-headers-2.6.8-4
 Architecture: i386
 Section: devel
 Priority: optional
@@ -15,20 +15,20 @@
 Description: Header files related to Linux kernel version 2.6.8
  This package provides kernel header files for version 2.6.8.
  Please read
- /usr/share/doc/kernel-headers-2.6.8-3/debian.README.gz for details
+ /usr/share/doc/kernel-headers-2.6.8-4/debian.README.gz for details
 
-Package: kernel-headers-2.6.8-3-386
+Package: kernel-headers-2.6.8-4-386
 Architecture: i386
 Section: devel
 Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
 Provides: kernel-headers, kernel-headers-2.6
 Description: Linux kernel headers 2.6.8 on 386
  This package provides kernel header files for version 2.6.8 on 386.
- Please read /usr/share/doc/kernel-headers-2.6.8-3/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.6.8-4/debian.README.gz for
  details
 
-Package: kernel-image-2.6.8-3-386
+Package: kernel-image-2.6.8-4-386
 Architecture: i386
 Section: base
 Priority: optional
@@ -52,19 +52,19 @@
  and it is suggested that you install that package if you wish to
  create a custom kernel from the sources.
 
-Package: kernel-headers-2.6.8-3-686
+Package: kernel-headers-2.6.8-4-686
 Architecture: i386
 Section: devel
 Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
 Provides: kernel-headers, kernel-headers-2.6
 Description: Linux kernel headers 2.6.8 on PPro/Celeron/PII/PIII/P4
  This package provides kernel header files for version 2.6.8 on
  Pentium Pro/Celeron/Pentium II/Pentium III/Pentium 4.
- Please read /usr/share/doc/kernel-headers-2.6.8-3/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.6.8-4/debian.README.gz for
  details
 
-Package: kernel-image-2.6.8-3-686
+Package: kernel-image-2.6.8-4-686
 Architecture: i386
 Section: base
 Priority: optional
@@ -88,20 +88,20 @@
  and it is suggested that you install that package if you wish to
  create a custom kernel from the sources.
 
-Package: kernel-headers-2.6.8-3-686-smp
+Package: kernel-headers-2.6.8-4-686-smp
 Architecture: i386
 Section: devel
 Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
 Provides: kernel-headers, kernel-headers-2.6
 Description: Linux kernel headers 2.6.8 on PPro/Celeron/PII/PIII/P4 SMP
  This package provides kernel header files for version 2.6.8 on
  Pentium Pro/Celeron/Pentium II/Pentium III/Pentium 4 with SMP support.
  SMP (symmetric multi-processing) is needed if you have multiple processors.
- Please read /usr/share/doc/kernel-headers-2.6.8-3/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.6.8-4/debian.README.gz for
  details
 
-Package: kernel-image-2.6.8-3-686-smp
+Package: kernel-image-2.6.8-4-686-smp
 Architecture: i386
 Section: base
 Priority: optional
@@ -127,19 +127,19 @@
  and it is suggested that you install that package if you wish to
  create a custom kernel from the sources.
 
-Package: kernel-headers-2.6.8-3-k7
+Package: kernel-headers-2.6.8-4-k7
 Architecture: i386
 Section: devel
 Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
 Provides: kernel-headers, kernel-headers-2.6
 Description: Linux kernel headers 2.6.8 on AMD K7
  This package provides kernel header files for version 2.6.8 on
  32bit AMD Duron/Athlon/AthlonXP.
- Please read /usr/share/doc/kernel-headers-2.6.8-3/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.6.8-4/debian.README.gz for
  details
 
-Package: kernel-image-2.6.8-3-k7
+Package: kernel-image-2.6.8-4-k7
 Architecture: i386
 Section: base
 Priority: optional
@@ -163,20 +163,20 @@
  and it is suggested that you install that package if you wish to
  create a custom kernel from the sources.
 
-Package: kernel-headers-2.6.8-3-k7-smp
+Package: kernel-headers-2.6.8-4-k7-smp
 Architecture: i386
 Section: devel
 Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
 Provides: kernel-headers, kernel-headers-2.6
 Description: Linux kernel headers 2.6.8 on AMD K7 SMP
  This package provides kernel header files for version 2.6.8 on
  32bit AMD Duron/Athlon/AthlonXP with SMP support.
  SMP (symmetric multi-processing) is needed if you have multiple processors.
- Please read /usr/share/doc/kernel-headers-2.6.8-3/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.6.8-4/debian.README.gz for
  details
 
-Package: kernel-image-2.6.8-3-k7-smp
+Package: kernel-image-2.6.8-4-k7-smp
 Architecture: i386
 Section: base
 Priority: optional

More information about the Kernel-svn-changes mailing list