[kernel] r8488 -
dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian
Dann Frazier
dannf at alioth.debian.org
Mon Apr 16 22:56:24 UTC 2007
Author: dannf
Date: Mon Apr 16 22:56:23 2007
New Revision: 8488
Modified:
dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/changelog
dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/control
Log:
* Rebuild against kernel-tree-2.6.8-16sarge7 which requires
an ABI increment:
* [ERRATA] smbfs-honor-mount-opts-2.dpatch
Fix some regressions with respect to file types (e.g., symlinks)
introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
* mincore_hang.dpatch
[SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
Holtmann for the patch.
See CVE-2006-4814
* mincore-fixes.dpatch
This patch includes a few fixes, necessary for mincore_hang.dpatch to
apply cleanly.
* dev_queue_xmit-error-path.dpatch
[SECURITY] Correct an error path in dev_queue_xmit() to rebalance
local_bh_enable() calls. Patch from Vasily Averin.
See CVE-2006-6535
* dvb-core-handle-0-length-ule-sndu.dpatch
[SECURITY] Avoid sending invalid ULE packets which may not properly
handled by the receiving side triggering a crash. This is a backport
of the patch that went into 2.6.17.y. It would be better to fix the
receiving end, but no patch for the era kernel has been developed yet.
See CVE-2006-4623
* bluetooth-capi-size-checks.dpatch
[SECURITY] Add additional length checks to avoid potential remote
DoS attacks in the handling of CAPI messages in the bluetooth driver
See CVE-2006-6106
* __find_get_block_slow-race.dpatch
[SECURITY] Fix infinite loop in __find_get_block_slow that can
be triggered by mounting and accessing a malicious iso9660 or NTFS
filesystem
See CVE-2006-5757, CVE-2006-6060
* listxattr-mem-corruption.dpatch
[SECURITY] Fix userspace corruption vulnerability caused by
incorrectly promoted return values in bad_inode_ops
This patches changes the kernel ABI.
See CVE-2006-5753
* aio-fix-nr_pages-init.dpatch
[SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
avoid a race that can lead to a system crash
See CVE-2006-5754
* unmap_hugepage_area-check-null-pte.dpatch
[SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
No kernel-image builds appear to compile this code, so this fix is only
for users that compile their own kernels with the Debian source and
enable/use huge pages.
See CVE-2005-4811
* ext3-fsfuzz.dpatch
[SECURITY] Fix a DoS vulnerability that can be triggered by a local
user with the ability to mount a corrupted ext3 filesystem
See CVE-2006-6053
* hfs-no-root-inode.dpatch
[SECURITY] Fix bug in HFS where hfs_fill_super returns success even
if no root inode is found. On an SELinux-enabled system, this can
be used to trigger a local DoS. Debian does not enable SELinux by
default.
See CVE-2006-6056
* ipv6_fl_socklist-no-share.dpatch
[SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
ipv6_fl_socklist between the listening socket and the socket created
for connection.
See CVE-2007-1592
* core-dump-unreadable-PT_INTERP.dpatch
[SECURITY] Fix a vulnerability that allows local users to read
otherwise unreadable (but executable) files by triggering a core dump.
See CVE-2007-0958
* appletalk-length-mismatch.dpatch
[SECURITY] Fix a remote DoS (crash) in appletalk
Depends upon appletalk-endianness-annotations.dpatch
See CVE-2007-1357
Modified: dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/changelog Mon Apr 16 22:56:23 2007
@@ -1,3 +1,77 @@
+kernel-image-2.6.8-i386 (2.6.8-16sarge7) oldstable-security; urgency=high
+
+ * Rebuild against kernel-tree-2.6.8-16sarge7 which requires
+ an ABI increment:
+ * [ERRATA] smbfs-honor-mount-opts-2.dpatch
+ Fix some regressions with respect to file types (e.g., symlinks)
+ introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
+ * mincore_hang.dpatch
+ [SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
+ Holtmann for the patch.
+ See CVE-2006-4814
+ * mincore-fixes.dpatch
+ This patch includes a few fixes, necessary for mincore_hang.dpatch to
+ apply cleanly.
+ * dev_queue_xmit-error-path.dpatch
+ [SECURITY] Correct an error path in dev_queue_xmit() to rebalance
+ local_bh_enable() calls. Patch from Vasily Averin.
+ See CVE-2006-6535
+ * dvb-core-handle-0-length-ule-sndu.dpatch
+ [SECURITY] Avoid sending invalid ULE packets which may not properly
+ handled by the receiving side triggering a crash. This is a backport
+ of the patch that went into 2.6.17.y. It would be better to fix the
+ receiving end, but no patch for the era kernel has been developed yet.
+ See CVE-2006-4623
+ * bluetooth-capi-size-checks.dpatch
+ [SECURITY] Add additional length checks to avoid potential remote
+ DoS attacks in the handling of CAPI messages in the bluetooth driver
+ See CVE-2006-6106
+ * __find_get_block_slow-race.dpatch
+ [SECURITY] Fix infinite loop in __find_get_block_slow that can
+ be triggered by mounting and accessing a malicious iso9660 or NTFS
+ filesystem
+ See CVE-2006-5757, CVE-2006-6060
+ * listxattr-mem-corruption.dpatch
+ [SECURITY] Fix userspace corruption vulnerability caused by
+ incorrectly promoted return values in bad_inode_ops
+ This patches changes the kernel ABI.
+ See CVE-2006-5753
+ * aio-fix-nr_pages-init.dpatch
+ [SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
+ avoid a race that can lead to a system crash
+ See CVE-2006-5754
+ * unmap_hugepage_area-check-null-pte.dpatch
+ [SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
+ No kernel-image builds appear to compile this code, so this fix is only
+ for users that compile their own kernels with the Debian source and
+ enable/use huge pages.
+ See CVE-2005-4811
+ * ext3-fsfuzz.dpatch
+ [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+ user with the ability to mount a corrupted ext3 filesystem
+ See CVE-2006-6053
+ * hfs-no-root-inode.dpatch
+ [SECURITY] Fix bug in HFS where hfs_fill_super returns success even
+ if no root inode is found. On an SELinux-enabled system, this can
+ be used to trigger a local DoS. Debian does not enable SELinux by
+ default.
+ See CVE-2006-6056
+ * ipv6_fl_socklist-no-share.dpatch
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
+ * core-dump-unreadable-PT_INTERP.dpatch
+ [SECURITY] Fix a vulnerability that allows local users to read
+ otherwise unreadable (but executable) files by triggering a core dump.
+ See CVE-2007-0958
+ * appletalk-length-mismatch.dpatch
+ [SECURITY] Fix a remote DoS (crash) in appletalk
+ Depends upon appletalk-endianness-annotations.dpatch
+ See CVE-2007-1357
+
+ -- dann frazier <dannf at debian.org> Mon, 16 Apr 2007 15:49:36 -0700
+
kernel-image-2.6.8-i386 (2.6.8-16sarge6) stable-security; urgency=high
* Build against kernel-tree-2.6.8-16sarge6:
Modified: dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/control
==============================================================================
--- dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/control (original)
+++ dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/control Mon Apr 16 22:56:23 2007
@@ -4,9 +4,9 @@
Maintainer: Debian kernel team <debian-kernel at lists.debian.org>
Uploaders: William Lee Irwin III <wli at debian.org>, Andres Salomon <dilinger at debian.org>, Simon Horman <horms at debian.org>
Standards-Version: 3.6.1
-Build-Depends: debhelper (>= 2), kernel-package (>= 8.054), kernel-tree-2.6.8-16sarge6, module-init-tools
+Build-Depends: debhelper (>= 2), kernel-package (>= 8.054), kernel-tree-2.6.8-16sarge7, module-init-tools
-Package: kernel-headers-2.6.8-3
+Package: kernel-headers-2.6.8-4
Architecture: i386
Section: devel
Priority: optional
@@ -15,20 +15,20 @@
Description: Header files related to Linux kernel version 2.6.8
This package provides kernel header files for version 2.6.8.
Please read
- /usr/share/doc/kernel-headers-2.6.8-3/debian.README.gz for details
+ /usr/share/doc/kernel-headers-2.6.8-4/debian.README.gz for details
-Package: kernel-headers-2.6.8-3-386
+Package: kernel-headers-2.6.8-4-386
Architecture: i386
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers 2.6.8 on 386
This package provides kernel header files for version 2.6.8 on 386.
- Please read /usr/share/doc/kernel-headers-2.6.8-3/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.6.8-4/debian.README.gz for
details
-Package: kernel-image-2.6.8-3-386
+Package: kernel-image-2.6.8-4-386
Architecture: i386
Section: base
Priority: optional
@@ -52,19 +52,19 @@
and it is suggested that you install that package if you wish to
create a custom kernel from the sources.
-Package: kernel-headers-2.6.8-3-686
+Package: kernel-headers-2.6.8-4-686
Architecture: i386
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers 2.6.8 on PPro/Celeron/PII/PIII/P4
This package provides kernel header files for version 2.6.8 on
Pentium Pro/Celeron/Pentium II/Pentium III/Pentium 4.
- Please read /usr/share/doc/kernel-headers-2.6.8-3/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.6.8-4/debian.README.gz for
details
-Package: kernel-image-2.6.8-3-686
+Package: kernel-image-2.6.8-4-686
Architecture: i386
Section: base
Priority: optional
@@ -88,20 +88,20 @@
and it is suggested that you install that package if you wish to
create a custom kernel from the sources.
-Package: kernel-headers-2.6.8-3-686-smp
+Package: kernel-headers-2.6.8-4-686-smp
Architecture: i386
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers 2.6.8 on PPro/Celeron/PII/PIII/P4 SMP
This package provides kernel header files for version 2.6.8 on
Pentium Pro/Celeron/Pentium II/Pentium III/Pentium 4 with SMP support.
SMP (symmetric multi-processing) is needed if you have multiple processors.
- Please read /usr/share/doc/kernel-headers-2.6.8-3/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.6.8-4/debian.README.gz for
details
-Package: kernel-image-2.6.8-3-686-smp
+Package: kernel-image-2.6.8-4-686-smp
Architecture: i386
Section: base
Priority: optional
@@ -127,19 +127,19 @@
and it is suggested that you install that package if you wish to
create a custom kernel from the sources.
-Package: kernel-headers-2.6.8-3-k7
+Package: kernel-headers-2.6.8-4-k7
Architecture: i386
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers 2.6.8 on AMD K7
This package provides kernel header files for version 2.6.8 on
32bit AMD Duron/Athlon/AthlonXP.
- Please read /usr/share/doc/kernel-headers-2.6.8-3/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.6.8-4/debian.README.gz for
details
-Package: kernel-image-2.6.8-3-k7
+Package: kernel-image-2.6.8-4-k7
Architecture: i386
Section: base
Priority: optional
@@ -163,20 +163,20 @@
and it is suggested that you install that package if you wish to
create a custom kernel from the sources.
-Package: kernel-headers-2.6.8-3-k7-smp
+Package: kernel-headers-2.6.8-4-k7-smp
Architecture: i386
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers 2.6.8 on AMD K7 SMP
This package provides kernel header files for version 2.6.8 on
32bit AMD Duron/Athlon/AthlonXP with SMP support.
SMP (symmetric multi-processing) is needed if you have multiple processors.
- Please read /usr/share/doc/kernel-headers-2.6.8-3/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.6.8-4/debian.README.gz for
details
-Package: kernel-image-2.6.8-3-k7-smp
+Package: kernel-image-2.6.8-4-k7-smp
Architecture: i386
Section: base
Priority: optional
More information about the Kernel-svn-changes
mailing list