[kernel] r8489 -
dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian
Dann Frazier
dannf at alioth.debian.org
Tue Apr 17 00:01:54 UTC 2007
Author: dannf
Date: Tue Apr 17 00:01:52 2007
New Revision: 8489
Modified:
dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/changelog
dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/control
Log:
* Rebuild against kernel-tree-2.6.8-16sarge7 which requires
an ABI increment:
* [ERRATA] smbfs-honor-mount-opts-2.dpatch
Fix some regressions with respect to file types (e.g., symlinks)
introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
* mincore_hang.dpatch
[SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
Holtmann for the patch.
See CVE-2006-4814
* mincore-fixes.dpatch
This patch includes a few fixes, necessary for mincore_hang.dpatch to
apply cleanly.
* dev_queue_xmit-error-path.dpatch
[SECURITY] Correct an error path in dev_queue_xmit() to rebalance
local_bh_enable() calls. Patch from Vasily Averin.
See CVE-2006-6535
* dvb-core-handle-0-length-ule-sndu.dpatch
[SECURITY] Avoid sending invalid ULE packets which may not properly
handled by the receiving side triggering a crash. This is a backport
of the patch that went into 2.6.17.y. It would be better to fix the
receiving end, but no patch for the era kernel has been developed yet.
See CVE-2006-4623
* bluetooth-capi-size-checks.dpatch
[SECURITY] Add additional length checks to avoid potential remote
DoS attacks in the handling of CAPI messages in the bluetooth driver
See CVE-2006-6106
* __find_get_block_slow-race.dpatch
[SECURITY] Fix infinite loop in __find_get_block_slow that can
be triggered by mounting and accessing a malicious iso9660 or NTFS
filesystem
See CVE-2006-5757, CVE-2006-6060
* listxattr-mem-corruption.dpatch
[SECURITY] Fix userspace corruption vulnerability caused by
incorrectly promoted return values in bad_inode_ops
This patches changes the kernel ABI.
See CVE-2006-5753
* aio-fix-nr_pages-init.dpatch
[SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
avoid a race that can lead to a system crash
See CVE-2006-5754
* unmap_hugepage_area-check-null-pte.dpatch
[SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
No kernel-image builds appear to compile this code, so this fix is only
for users that compile their own kernels with the Debian source and
enable/use huge pages.
See CVE-2005-4811
* ext3-fsfuzz.dpatch
[SECURITY] Fix a DoS vulnerability that can be triggered by a local
user with the ability to mount a corrupted ext3 filesystem
See CVE-2006-6053
* hfs-no-root-inode.dpatch
[SECURITY] Fix bug in HFS where hfs_fill_super returns success even
if no root inode is found. On an SELinux-enabled system, this can
be used to trigger a local DoS. Debian does not enable SELinux by
default.
See CVE-2006-6056
* ipv6_fl_socklist-no-share.dpatch
[SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
ipv6_fl_socklist between the listening socket and the socket created
for connection.
See CVE-2007-1592
* core-dump-unreadable-PT_INTERP.dpatch
[SECURITY] Fix a vulnerability that allows local users to read
otherwise unreadable (but executable) files by triggering a core dump.
See CVE-2007-0958
* appletalk-length-mismatch.dpatch
[SECURITY] Fix a remote DoS (crash) in appletalk
Depends upon appletalk-endianness-annotations.dpatch
See CVE-2007-1357
Modified: dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/changelog Tue Apr 17 00:01:52 2007
@@ -1,3 +1,77 @@
+kernel-image-2.6.8-amd64 (2.6.8-16sarge7) oldstable-security; urgency=high
+
+ * Rebuild against kernel-tree-2.6.8-16sarge7 which requires
+ an ABI increment:
+ * [ERRATA] smbfs-honor-mount-opts-2.dpatch
+ Fix some regressions with respect to file types (e.g., symlinks)
+ introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
+ * mincore_hang.dpatch
+ [SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
+ Holtmann for the patch.
+ See CVE-2006-4814
+ * mincore-fixes.dpatch
+ This patch includes a few fixes, necessary for mincore_hang.dpatch to
+ apply cleanly.
+ * dev_queue_xmit-error-path.dpatch
+ [SECURITY] Correct an error path in dev_queue_xmit() to rebalance
+ local_bh_enable() calls. Patch from Vasily Averin.
+ See CVE-2006-6535
+ * dvb-core-handle-0-length-ule-sndu.dpatch
+ [SECURITY] Avoid sending invalid ULE packets which may not properly
+ handled by the receiving side triggering a crash. This is a backport
+ of the patch that went into 2.6.17.y. It would be better to fix the
+ receiving end, but no patch for the era kernel has been developed yet.
+ See CVE-2006-4623
+ * bluetooth-capi-size-checks.dpatch
+ [SECURITY] Add additional length checks to avoid potential remote
+ DoS attacks in the handling of CAPI messages in the bluetooth driver
+ See CVE-2006-6106
+ * __find_get_block_slow-race.dpatch
+ [SECURITY] Fix infinite loop in __find_get_block_slow that can
+ be triggered by mounting and accessing a malicious iso9660 or NTFS
+ filesystem
+ See CVE-2006-5757, CVE-2006-6060
+ * listxattr-mem-corruption.dpatch
+ [SECURITY] Fix userspace corruption vulnerability caused by
+ incorrectly promoted return values in bad_inode_ops
+ This patches changes the kernel ABI.
+ See CVE-2006-5753
+ * aio-fix-nr_pages-init.dpatch
+ [SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
+ avoid a race that can lead to a system crash
+ See CVE-2006-5754
+ * unmap_hugepage_area-check-null-pte.dpatch
+ [SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
+ No kernel-image builds appear to compile this code, so this fix is only
+ for users that compile their own kernels with the Debian source and
+ enable/use huge pages.
+ See CVE-2005-4811
+ * ext3-fsfuzz.dpatch
+ [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+ user with the ability to mount a corrupted ext3 filesystem
+ See CVE-2006-6053
+ * hfs-no-root-inode.dpatch
+ [SECURITY] Fix bug in HFS where hfs_fill_super returns success even
+ if no root inode is found. On an SELinux-enabled system, this can
+ be used to trigger a local DoS. Debian does not enable SELinux by
+ default.
+ See CVE-2006-6056
+ * ipv6_fl_socklist-no-share.dpatch
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
+ * core-dump-unreadable-PT_INTERP.dpatch
+ [SECURITY] Fix a vulnerability that allows local users to read
+ otherwise unreadable (but executable) files by triggering a core dump.
+ See CVE-2007-0958
+ * appletalk-length-mismatch.dpatch
+ [SECURITY] Fix a remote DoS (crash) in appletalk
+ Depends upon appletalk-endianness-annotations.dpatch
+ See CVE-2007-1357
+
+ -- dann frazier <dannf at debian.org> Mon, 16 Apr 2007 17:00:54 -0700
+
kernel-image-2.6.8-amd64 (2.6.8-16sarge6) stable-security; urgency=high
* Build against kernel-tree-2.6.8-16sarge6:
Modified: dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/control
==============================================================================
--- dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/control (original)
+++ dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/control Tue Apr 17 00:01:52 2007
@@ -4,9 +4,9 @@
Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>
Uploaders: Frederik Schüler <fschueler at gmx.net>
Standards-Version: 3.6.1
-Build-Depends: debhelper (>= 4), kernel-package (>= 8.131), kernel-tree-2.6.8-16sarge6, module-init-tools, gcc-3.4 (>= 3.4.1-6), dpkg-dev (>= 1.10.23)
+Build-Depends: debhelper (>= 4), kernel-package (>= 8.131), kernel-tree-2.6.8-16sarge7, module-init-tools, gcc-3.4 (>= 3.4.1-6), dpkg-dev (>= 1.10.23)
-Package: kernel-headers-2.6.8-12
+Package: kernel-headers-2.6.8-13
Architecture: amd64 i386
Section: devel
Priority: optional
@@ -15,21 +15,21 @@
Description: Header files related to Linux kernel version 2.6.8
This package provides kernel header files for version 2.6.8, for sites
that want the latest kernel headers. Please read
- /usr/share/doc/kernel-headers-2.6.8-12/debian.README.gz for details.
+ /usr/share/doc/kernel-headers-2.6.8-13/debian.README.gz for details.
-Package: kernel-headers-2.6.8-12-amd64-k8
+Package: kernel-headers-2.6.8-13-amd64-k8
Architecture: amd64 i386
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-12
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-13
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers for version 2.6.8 on AMD64 systems
This package provides kernel header files for version 2.6.8 on
AMD Athlon64, Athlon FX and Opteron, for sites that want the latest
kernel headers. Please read
- /usr/share/doc/kernel-headers-2.6.8-12-amd64-k8/debian.README.gz for details.
+ /usr/share/doc/kernel-headers-2.6.8-13-amd64-k8/debian.README.gz for details.
-Package: kernel-image-2.6.8-12-amd64-k8
+Package: kernel-image-2.6.8-13-amd64-k8
Architecture: amd64 i386
Section: base
Priority: optional
@@ -55,19 +55,19 @@
and it is suggested that you install that package if you wish to
create a custom kernel from the sources.
-Package: kernel-headers-2.6.8-12-amd64-k8-smp
+Package: kernel-headers-2.6.8-13-amd64-k8-smp
Architecture: amd64 i386
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-12
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-13
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers for version 2.6.8 on AMD64 SMP systems
This package provides kernel header files for version 2.6.8 on AMD Opteron
with SMP support, for sites that want the latest kernel headers. Please read
- /usr/share/doc/kernel-headers-2.6.8-12-amd64-k8-smp/debian.README.gz i
+ /usr/share/doc/kernel-headers-2.6.8-13-amd64-k8-smp/debian.README.gz i
for details.
-Package: kernel-image-2.6.8-12-amd64-k8-smp
+Package: kernel-image-2.6.8-13-amd64-k8-smp
Architecture: amd64 i386
Section: base
Priority: optional
@@ -94,19 +94,19 @@
and it is suggested that you install that package if you wish to
create a custom kernel from the sources.
-Package: kernel-headers-2.6.8-12-amd64-generic
+Package: kernel-headers-2.6.8-13-amd64-generic
Architecture: amd64 i386
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-12
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-13
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers 2.6.8 for generic x86_64 systems
This package provides kernel header files for version 2.6.8 on all x86_64
systems, for sites that want the latest kernel headers. Please read
- /usr/share/doc/kernel-headers-2.6.8-12-amd64-generic/debian.README.gz for
+ /usr/share/doc/kernel-headers-2.6.8-13-amd64-generic/debian.README.gz for
details.
-Package: kernel-image-2.6.8-12-amd64-generic
+Package: kernel-image-2.6.8-13-amd64-generic
Architecture: amd64 i386
Section: base
Priority: optional
@@ -133,19 +133,19 @@
and it is suggested that you install that package if you wish to
create a custom kernel from the sources.
-Package: kernel-headers-2.6.8-12-em64t-p4
+Package: kernel-headers-2.6.8-13-em64t-p4
Architecture: amd64 i386
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-12
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-13
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers for version 2.6.8 on Intel EM64T systems
This package provides kernel header files for version 2.6.8 on all Intel
Pentium 4 and Xeon systems with EM64T extension, for sites that want the
latest kernel headers. Please read
- /usr/share/doc/kernel-headers-2.6.8-12-em64t-p4/debian.README.gz for details.
+ /usr/share/doc/kernel-headers-2.6.8-13-em64t-p4/debian.README.gz for details.
-Package: kernel-image-2.6.8-12-em64t-p4
+Package: kernel-image-2.6.8-13-em64t-p4
Architecture: amd64 i386
Section: base
Priority: optional
@@ -174,19 +174,19 @@
.
This kernel version has no P4 Hyper-Threading support.
-Package: kernel-headers-2.6.8-12-em64t-p4-smp
+Package: kernel-headers-2.6.8-13-em64t-p4-smp
Architecture: amd64 i386
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-12
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-13
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers for version 2.6.8 on Intel EM64T SMP systems
This package provides kernel header files for version 2.6.8 on all Intel
P4 and Xeon systems with EM64T extension, for sites that want the
latest kernel headers. Please read
- /usr/share/doc/kernel-headers-2.6.8-12-em64t-p4/debian.README.gz for details.
+ /usr/share/doc/kernel-headers-2.6.8-13-em64t-p4/debian.README.gz for details.
-Package: kernel-image-2.6.8-12-em64t-p4-smp
+Package: kernel-image-2.6.8-13-em64t-p4-smp
Architecture: amd64 i386
Section: base
Priority: optional
More information about the Kernel-svn-changes
mailing list