[kernel] r8490 - dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian

Dann Frazier dannf at alioth.debian.org
Tue Apr 17 00:10:06 UTC 2007 

Author: dannf
Date: Tue Apr 17 00:10:05 2007
New Revision: 8490

Modified:
   dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/abiname
   dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/rules
Log:
* Rebuild against kernel-tree-2.6.8-16sarge7 which requires
  an ABI increment:
  * [ERRATA] smbfs-honor-mount-opts-2.dpatch
    Fix some regressions with respect to file types (e.g., symlinks)
    introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
  * mincore_hang.dpatch
    [SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
    Holtmann for the patch.
    See CVE-2006-4814
  * mincore-fixes.dpatch
    This patch includes a few fixes, necessary for mincore_hang.dpatch to
    apply cleanly.
  * dev_queue_xmit-error-path.dpatch
    [SECURITY] Correct an error path in dev_queue_xmit() to rebalance
    local_bh_enable() calls. Patch from Vasily Averin.
    See CVE-2006-6535
  * dvb-core-handle-0-length-ule-sndu.dpatch
    [SECURITY] Avoid sending invalid ULE packets which may not properly
    handled by the receiving side triggering a crash. This is a backport
    of the patch that went into 2.6.17.y. It would be better to fix the
    receiving end, but no patch for the era kernel has been developed yet.
    See CVE-2006-4623
  * bluetooth-capi-size-checks.dpatch
    [SECURITY] Add additional length checks to avoid potential remote
    DoS attacks in the handling of CAPI messages in the bluetooth driver
    See CVE-2006-6106
  * __find_get_block_slow-race.dpatch
    [SECURITY] Fix infinite loop in __find_get_block_slow that can
    be triggered by mounting and accessing a malicious iso9660 or NTFS
    filesystem
    See CVE-2006-5757, CVE-2006-6060
  * listxattr-mem-corruption.dpatch
    [SECURITY] Fix userspace corruption vulnerability caused by
    incorrectly promoted return values in bad_inode_ops
    This patches changes the kernel ABI.
    See CVE-2006-5753
  * aio-fix-nr_pages-init.dpatch
    [SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
    avoid a race that can lead to a system crash
    See CVE-2006-5754
  * unmap_hugepage_area-check-null-pte.dpatch
    [SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
    No kernel-image builds appear to compile this code, so this fix is only
    for users that compile their own kernels with the Debian source and
    enable/use huge pages.
    See CVE-2005-4811
  * ext3-fsfuzz.dpatch
    [SECURITY] Fix a DoS vulnerability that can be triggered by a local
    user with the ability to mount a corrupted ext3 filesystem
    See CVE-2006-6053
  * hfs-no-root-inode.dpatch
    [SECURITY] Fix bug in HFS where hfs_fill_super returns success even
    if no root inode is found. On an SELinux-enabled system, this can
    be used to trigger a local DoS. Debian does not enable SELinux by
    default.
    See CVE-2006-6056
  * ipv6_fl_socklist-no-share.dpatch
    [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
    ipv6_fl_socklist between the listening socket and the socket created
    for connection.
    See CVE-2007-1592
  * core-dump-unreadable-PT_INTERP.dpatch
    [SECURITY] Fix a vulnerability that allows local users to read
    otherwise unreadable (but executable) files by triggering a core dump.
    See CVE-2007-0958
  * appletalk-length-mismatch.dpatch
    [SECURITY] Fix a remote DoS (crash) in appletalk
    Depends upon appletalk-endianness-annotations.dpatch
    See CVE-2007-1357

Modified: dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/abiname
==============================================================================
--- dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/abiname	(original)
+++ dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/abiname	Tue Apr 17 00:10:05 2007
@@ -1 +1 @@
-3
+4

Modified: dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/changelog	Tue Apr 17 00:10:05 2007
@@ -1,3 +1,77 @@
+kernel-patch-powerpc-2.6.8 (2.6.8-12sarge7) oldstable-security; urgency=high
+
+  * Rebuild against kernel-tree-2.6.8-16sarge7 which requires
+    an ABI increment:
+    * [ERRATA] smbfs-honor-mount-opts-2.dpatch
+      Fix some regressions with respect to file types (e.g., symlinks)
+      introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
+    * mincore_hang.dpatch
+      [SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
+      Holtmann for the patch.
+      See CVE-2006-4814
+    * mincore-fixes.dpatch
+      This patch includes a few fixes, necessary for mincore_hang.dpatch to
+      apply cleanly.
+    * dev_queue_xmit-error-path.dpatch
+      [SECURITY] Correct an error path in dev_queue_xmit() to rebalance
+      local_bh_enable() calls. Patch from Vasily Averin.
+      See CVE-2006-6535
+    * dvb-core-handle-0-length-ule-sndu.dpatch
+      [SECURITY] Avoid sending invalid ULE packets which may not properly
+      handled by the receiving side triggering a crash. This is a backport
+      of the patch that went into 2.6.17.y. It would be better to fix the
+      receiving end, but no patch for the era kernel has been developed yet.
+      See CVE-2006-4623
+    * bluetooth-capi-size-checks.dpatch
+      [SECURITY] Add additional length checks to avoid potential remote
+      DoS attacks in the handling of CAPI messages in the bluetooth driver
+      See CVE-2006-6106
+    * __find_get_block_slow-race.dpatch
+      [SECURITY] Fix infinite loop in __find_get_block_slow that can
+      be triggered by mounting and accessing a malicious iso9660 or NTFS
+      filesystem
+      See CVE-2006-5757, CVE-2006-6060
+    * listxattr-mem-corruption.dpatch
+      [SECURITY] Fix userspace corruption vulnerability caused by
+      incorrectly promoted return values in bad_inode_ops
+      This patches changes the kernel ABI.
+      See CVE-2006-5753
+    * aio-fix-nr_pages-init.dpatch
+      [SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
+      avoid a race that can lead to a system crash
+      See CVE-2006-5754
+    * unmap_hugepage_area-check-null-pte.dpatch
+      [SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
+      No kernel-image builds appear to compile this code, so this fix is only
+      for users that compile their own kernels with the Debian source and
+      enable/use huge pages.
+      See CVE-2005-4811
+    * ext3-fsfuzz.dpatch
+      [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+      user with the ability to mount a corrupted ext3 filesystem
+      See CVE-2006-6053
+    * hfs-no-root-inode.dpatch
+      [SECURITY] Fix bug in HFS where hfs_fill_super returns success even
+      if no root inode is found. On an SELinux-enabled system, this can
+      be used to trigger a local DoS. Debian does not enable SELinux by
+      default.
+      See CVE-2006-6056
+    * ipv6_fl_socklist-no-share.dpatch
+      [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+      ipv6_fl_socklist between the listening socket and the socket created
+      for connection.
+      See CVE-2007-1592
+    * core-dump-unreadable-PT_INTERP.dpatch
+      [SECURITY] Fix a vulnerability that allows local users to read
+      otherwise unreadable (but executable) files by triggering a core dump.
+      See CVE-2007-0958
+    * appletalk-length-mismatch.dpatch
+      [SECURITY] Fix a remote DoS (crash) in appletalk
+      Depends upon appletalk-endianness-annotations.dpatch
+      See CVE-2007-1357
+
+ -- dann frazier <dannf at debian.org>  Mon, 16 Apr 2007 17:08:07 -0700
+
 kernel-patch-powerpc-2.6.8 (2.6.8-12sarge6) stable-security; urgency=high
 
   * Build against kernel-tree-2.6.8-16sarge6:

Modified: dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/rules
==============================================================================
--- dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/rules	(original)
+++ dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/rules	Tue Apr 17 00:10:05 2007
@@ -11,7 +11,7 @@
 OFFICIAL_VERSION = No
 
 # This is the kernel-tree version we build against 
-ktver = 16sarge6
+ktver = 16sarge7
 
 # set the build architecture if necessary
 DEB_HOST_ARCH ?= $(shell dpkg --print-architecture)

More information about the Kernel-svn-changes mailing list