[kernel] r8491 -
dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian
Dann Frazier
dannf at alioth.debian.org
Tue Apr 17 00:41:33 UTC 2007
Author: dannf
Date: Tue Apr 17 00:41:33 2007
New Revision: 8491
Modified:
dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/changelog
dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/control
Log:
* Rebuild against kernel-tree-2.6.8-16sarge7 which requires
an ABI increment:
* [ERRATA] smbfs-honor-mount-opts-2.dpatch
Fix some regressions with respect to file types (e.g., symlinks)
introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
* mincore_hang.dpatch
[SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
Holtmann for the patch.
See CVE-2006-4814
* mincore-fixes.dpatch
This patch includes a few fixes, necessary for mincore_hang.dpatch to
apply cleanly.
* dev_queue_xmit-error-path.dpatch
[SECURITY] Correct an error path in dev_queue_xmit() to rebalance
local_bh_enable() calls. Patch from Vasily Averin.
See CVE-2006-6535
* dvb-core-handle-0-length-ule-sndu.dpatch
[SECURITY] Avoid sending invalid ULE packets which may not properly
handled by the receiving side triggering a crash. This is a backport
of the patch that went into 2.6.17.y. It would be better to fix the
receiving end, but no patch for the era kernel has been developed yet.
See CVE-2006-4623
* bluetooth-capi-size-checks.dpatch
[SECURITY] Add additional length checks to avoid potential remote
DoS attacks in the handling of CAPI messages in the bluetooth driver
See CVE-2006-6106
* __find_get_block_slow-race.dpatch
[SECURITY] Fix infinite loop in __find_get_block_slow that can
be triggered by mounting and accessing a malicious iso9660 or NTFS
filesystem
See CVE-2006-5757, CVE-2006-6060
* listxattr-mem-corruption.dpatch
[SECURITY] Fix userspace corruption vulnerability caused by
incorrectly promoted return values in bad_inode_ops
This patches changes the kernel ABI.
See CVE-2006-5753
* aio-fix-nr_pages-init.dpatch
[SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
avoid a race that can lead to a system crash
See CVE-2006-5754
* unmap_hugepage_area-check-null-pte.dpatch
[SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
No kernel-image builds appear to compile this code, so this fix is only
for users that compile their own kernels with the Debian source and
enable/use huge pages.
See CVE-2005-4811
* ext3-fsfuzz.dpatch
[SECURITY] Fix a DoS vulnerability that can be triggered by a local
user with the ability to mount a corrupted ext3 filesystem
See CVE-2006-6053
* hfs-no-root-inode.dpatch
[SECURITY] Fix bug in HFS where hfs_fill_super returns success even
if no root inode is found. On an SELinux-enabled system, this can
be used to trigger a local DoS. Debian does not enable SELinux by
default.
See CVE-2006-6056
* ipv6_fl_socklist-no-share.dpatch
[SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
ipv6_fl_socklist between the listening socket and the socket created
for connection.
See CVE-2007-1592
* core-dump-unreadable-PT_INTERP.dpatch
[SECURITY] Fix a vulnerability that allows local users to read
otherwise unreadable (but executable) files by triggering a core dump.
See CVE-2007-0958
* appletalk-length-mismatch.dpatch
[SECURITY] Fix a remote DoS (crash) in appletalk
Depends upon appletalk-endianness-annotations.dpatch
See CVE-2007-1357
Modified: dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/changelog Tue Apr 17 00:41:33 2007
@@ -1,3 +1,77 @@
+kernel-image-2.6.8-hppa (2.6.8-6sarge7) oldstable-security; urgency=high
+
+ * Rebuild against kernel-tree-2.6.8-16sarge7 which requires
+ an ABI increment:
+ * [ERRATA] smbfs-honor-mount-opts-2.dpatch
+ Fix some regressions with respect to file types (e.g., symlinks)
+ introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
+ * mincore_hang.dpatch
+ [SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
+ Holtmann for the patch.
+ See CVE-2006-4814
+ * mincore-fixes.dpatch
+ This patch includes a few fixes, necessary for mincore_hang.dpatch to
+ apply cleanly.
+ * dev_queue_xmit-error-path.dpatch
+ [SECURITY] Correct an error path in dev_queue_xmit() to rebalance
+ local_bh_enable() calls. Patch from Vasily Averin.
+ See CVE-2006-6535
+ * dvb-core-handle-0-length-ule-sndu.dpatch
+ [SECURITY] Avoid sending invalid ULE packets which may not properly
+ handled by the receiving side triggering a crash. This is a backport
+ of the patch that went into 2.6.17.y. It would be better to fix the
+ receiving end, but no patch for the era kernel has been developed yet.
+ See CVE-2006-4623
+ * bluetooth-capi-size-checks.dpatch
+ [SECURITY] Add additional length checks to avoid potential remote
+ DoS attacks in the handling of CAPI messages in the bluetooth driver
+ See CVE-2006-6106
+ * __find_get_block_slow-race.dpatch
+ [SECURITY] Fix infinite loop in __find_get_block_slow that can
+ be triggered by mounting and accessing a malicious iso9660 or NTFS
+ filesystem
+ See CVE-2006-5757, CVE-2006-6060
+ * listxattr-mem-corruption.dpatch
+ [SECURITY] Fix userspace corruption vulnerability caused by
+ incorrectly promoted return values in bad_inode_ops
+ This patches changes the kernel ABI.
+ See CVE-2006-5753
+ * aio-fix-nr_pages-init.dpatch
+ [SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
+ avoid a race that can lead to a system crash
+ See CVE-2006-5754
+ * unmap_hugepage_area-check-null-pte.dpatch
+ [SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
+ No kernel-image builds appear to compile this code, so this fix is only
+ for users that compile their own kernels with the Debian source and
+ enable/use huge pages.
+ See CVE-2005-4811
+ * ext3-fsfuzz.dpatch
+ [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+ user with the ability to mount a corrupted ext3 filesystem
+ See CVE-2006-6053
+ * hfs-no-root-inode.dpatch
+ [SECURITY] Fix bug in HFS where hfs_fill_super returns success even
+ if no root inode is found. On an SELinux-enabled system, this can
+ be used to trigger a local DoS. Debian does not enable SELinux by
+ default.
+ See CVE-2006-6056
+ * ipv6_fl_socklist-no-share.dpatch
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
+ * core-dump-unreadable-PT_INTERP.dpatch
+ [SECURITY] Fix a vulnerability that allows local users to read
+ otherwise unreadable (but executable) files by triggering a core dump.
+ See CVE-2007-0958
+ * appletalk-length-mismatch.dpatch
+ [SECURITY] Fix a remote DoS (crash) in appletalk
+ Depends upon appletalk-endianness-annotations.dpatch
+ See CVE-2007-1357
+
+ -- dann frazier <dannf at debian.org> Mon, 16 Apr 2007 17:40:50 -0700
+
kernel-image-2.6.8-hppa (2.6.8-6sarge6) stable-security; urgency=high
* Build against kernel-tree-2.6.8-16sarge6:
Modified: dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/control
==============================================================================
--- dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/control (original)
+++ dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/control Tue Apr 17 00:41:33 2007
@@ -3,10 +3,10 @@
Priority: optional
Maintainer: Kyle McMartin <kyle at debian.org>
Uploaders: Bdale Garbee <bdale at gag.com>, dann frazier <dannf at debian.org>
-Build-Depends: kernel-tree-2.6.8-16sarge6, kernel-patch-2.6.8-hppa (= 2.6.8-5sarge1), kernel-package, debianutils (>= 1.6), debhelper (>= 2), bzip2, module-init-tools, gcc-3.3-hppa64, binutils-hppa64
+Build-Depends: kernel-tree-2.6.8-16sarge7, kernel-patch-2.6.8-hppa (= 2.6.8-5sarge1), kernel-package, debianutils (>= 1.6), debhelper (>= 2), bzip2, module-init-tools, gcc-3.3-hppa64, binutils-hppa64
Standards-Version: 3.5.4
-Package: kernel-headers-2.6.8-3
+Package: kernel-headers-2.6.8-4
Architecture: hppa
Section: devel
Priority: optional
@@ -15,21 +15,21 @@
Description: Header files for the Linux kernel version 2.6.8
This package provides kernel header files for version 2.6.8, for sites
that want the latest kernel headers. Please read
- /usr/share/doc/kernel-headers-2.6.8-3/debian.README.gz for details.
+ /usr/share/doc/kernel-headers-2.6.8-4/debian.README.gz for details.
-Package: kernel-headers-2.6.8-3-32
+Package: kernel-headers-2.6.8-4-32
Architecture: hppa
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers 2.6.8 on HP PA-RISC 32-bit systems
This package provides kernel header files for version 2.6.8 on
HP PA-RISC 32-bit systems, for sites that want the latest kernel headers.
- Please read /usr/share/doc/kernel-headers-2.6.8-3-32/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.6.8-4-32/debian.README.gz for
details.
-Package: kernel-image-2.6.8-3-32
+Package: kernel-image-2.6.8-4-32
Architecture: hppa
Section: base
Priority: optional
@@ -46,19 +46,19 @@
and it is suggested that you install that package if you wish to create a
custom kernel from the sources.
-Package: kernel-headers-2.6.8-3-64
+Package: kernel-headers-2.6.8-4-64
Architecture: hppa
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers 2.6.8 on HP PA-RISC 64-bit systems
This package provides kernel header files for version 2.6.8 on
HP PA-RISC 64-bit systems, for sites that want the latest kernel headers.
- Please read /usr/share/doc/kernel-headers-2.6.8-3-64/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.6.8-4-64/debian.README.gz for
details.
-Package: kernel-image-2.6.8-3-64
+Package: kernel-image-2.6.8-4-64
Architecture: hppa
Section: base
Priority: optional
@@ -75,19 +75,19 @@
and it is suggested that you install that package if you wish to create a
custom kernel from the sources.
-Package: kernel-headers-2.6.8-3-32-smp
+Package: kernel-headers-2.6.8-4-32-smp
Architecture: hppa
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers 2.6.8 on HP PA-RISC 32-bit systems
This package provides kernel header files for version 2.6.8 on
HP PA-RISC 32-bit systems, for sites that want the latest kernel headers.
- Please read /usr/share/doc/kernel-headers-2.6.8-3-32/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.6.8-4-32/debian.README.gz for
details.
-Package: kernel-image-2.6.8-3-32-smp
+Package: kernel-image-2.6.8-4-32-smp
Architecture: hppa
Section: base
Priority: optional
@@ -104,19 +104,19 @@
and it is suggested that you install that package if you wish to create a
custom kernel from the sources.
-Package: kernel-headers-2.6.8-3-64-smp
+Package: kernel-headers-2.6.8-4-64-smp
Architecture: hppa
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers 2.6.8 on HP PA-RISC 64-bit systems
This package provides kernel header files for version 2.6.8 on
HP PA-RISC 64-bit systems, for sites that want the latest kernel headers.
- Please read /usr/share/doc/kernel-headers-2.6.8-3-64/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.6.8-4-64/debian.README.gz for
details.
-Package: kernel-image-2.6.8-3-64-smp
+Package: kernel-image-2.6.8-4-64-smp
Architecture: hppa
Section: base
Priority: optional
More information about the Kernel-svn-changes
mailing list