[kernel] r8495 -
dists/sarge-security/kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian
Dann Frazier
dannf at alioth.debian.org
Mon Apr 23 22:29:24 UTC 2007
Author: dannf
Date: Mon Apr 23 22:29:23 2007
New Revision: 8495
Modified:
dists/sarge-security/kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian/changelog
dists/sarge-security/kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian/control
Log:
* Rebuild against kernel-tree-2.6.8-16sarge7 which requires
an ABI increment:
* [ERRATA] smbfs-honor-mount-opts-2.dpatch
Fix some regressions with respect to file types (e.g., symlinks)
introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
* mincore_hang.dpatch
[SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
Holtmann for the patch.
See CVE-2006-4814
* mincore-fixes.dpatch
This patch includes a few fixes, necessary for mincore_hang.dpatch to
apply cleanly.
* dev_queue_xmit-error-path.dpatch
[SECURITY] Correct an error path in dev_queue_xmit() to rebalance
local_bh_enable() calls. Patch from Vasily Averin.
See CVE-2006-6535
* dvb-core-handle-0-length-ule-sndu.dpatch
[SECURITY] Avoid sending invalid ULE packets which may not properly
handled by the receiving side triggering a crash. This is a backport
of the patch that went into 2.6.17.y. It would be better to fix the
receiving end, but no patch for the era kernel has been developed yet.
See CVE-2006-4623
* bluetooth-capi-size-checks.dpatch
[SECURITY] Add additional length checks to avoid potential remote
DoS attacks in the handling of CAPI messages in the bluetooth driver
See CVE-2006-6106
* __find_get_block_slow-race.dpatch
[SECURITY] Fix infinite loop in __find_get_block_slow that can
be triggered by mounting and accessing a malicious iso9660 or NTFS
filesystem
See CVE-2006-5757, CVE-2006-6060
* listxattr-mem-corruption.dpatch
[SECURITY] Fix userspace corruption vulnerability caused by
incorrectly promoted return values in bad_inode_ops
This patches changes the kernel ABI.
See CVE-2006-5753
* aio-fix-nr_pages-init.dpatch
[SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
avoid a race that can lead to a system crash
See CVE-2006-5754
* unmap_hugepage_area-check-null-pte.dpatch
[SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
No kernel-image builds appear to compile this code, so this fix is only
for users that compile their own kernels with the Debian source and
enable/use huge pages.
See CVE-2005-4811
* ext3-fsfuzz.dpatch
[SECURITY] Fix a DoS vulnerability that can be triggered by a local
user with the ability to mount a corrupted ext3 filesystem
See CVE-2006-6053
* hfs-no-root-inode.dpatch
[SECURITY] Fix bug in HFS where hfs_fill_super returns success even
if no root inode is found. On an SELinux-enabled system, this can
be used to trigger a local DoS. Debian does not enable SELinux by
default.
See CVE-2006-6056
* ipv6_fl_socklist-no-share.dpatch
[SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
ipv6_fl_socklist between the listening socket and the socket created
for connection.
See CVE-2007-1592
* core-dump-unreadable-PT_INTERP.dpatch
[SECURITY] Fix a vulnerability that allows local users to read
otherwise unreadable (but executable) files by triggering a core dump.
See CVE-2007-0958
* appletalk-length-mismatch.dpatch
[SECURITY] Fix a remote DoS (crash) in appletalk
Depends upon appletalk-endianness-annotations.dpatch
See CVE-2007-1357
Modified: dists/sarge-security/kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian/changelog Mon Apr 23 22:29:23 2007
@@ -1,3 +1,77 @@
+kernel-image-2.6.8-alpha (2.6.8-16sarge7) oldstable-security; urgency=high
+
+ * Rebuild against kernel-tree-2.6.8-16sarge7 which requires
+ an ABI increment:
+ * [ERRATA] smbfs-honor-mount-opts-2.dpatch
+ Fix some regressions with respect to file types (e.g., symlinks)
+ introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
+ * mincore_hang.dpatch
+ [SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
+ Holtmann for the patch.
+ See CVE-2006-4814
+ * mincore-fixes.dpatch
+ This patch includes a few fixes, necessary for mincore_hang.dpatch to
+ apply cleanly.
+ * dev_queue_xmit-error-path.dpatch
+ [SECURITY] Correct an error path in dev_queue_xmit() to rebalance
+ local_bh_enable() calls. Patch from Vasily Averin.
+ See CVE-2006-6535
+ * dvb-core-handle-0-length-ule-sndu.dpatch
+ [SECURITY] Avoid sending invalid ULE packets which may not properly
+ handled by the receiving side triggering a crash. This is a backport
+ of the patch that went into 2.6.17.y. It would be better to fix the
+ receiving end, but no patch for the era kernel has been developed yet.
+ See CVE-2006-4623
+ * bluetooth-capi-size-checks.dpatch
+ [SECURITY] Add additional length checks to avoid potential remote
+ DoS attacks in the handling of CAPI messages in the bluetooth driver
+ See CVE-2006-6106
+ * __find_get_block_slow-race.dpatch
+ [SECURITY] Fix infinite loop in __find_get_block_slow that can
+ be triggered by mounting and accessing a malicious iso9660 or NTFS
+ filesystem
+ See CVE-2006-5757, CVE-2006-6060
+ * listxattr-mem-corruption.dpatch
+ [SECURITY] Fix userspace corruption vulnerability caused by
+ incorrectly promoted return values in bad_inode_ops
+ This patches changes the kernel ABI.
+ See CVE-2006-5753
+ * aio-fix-nr_pages-init.dpatch
+ [SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
+ avoid a race that can lead to a system crash
+ See CVE-2006-5754
+ * unmap_hugepage_area-check-null-pte.dpatch
+ [SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
+ No kernel-image builds appear to compile this code, so this fix is only
+ for users that compile their own kernels with the Debian source and
+ enable/use huge pages.
+ See CVE-2005-4811
+ * ext3-fsfuzz.dpatch
+ [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+ user with the ability to mount a corrupted ext3 filesystem
+ See CVE-2006-6053
+ * hfs-no-root-inode.dpatch
+ [SECURITY] Fix bug in HFS where hfs_fill_super returns success even
+ if no root inode is found. On an SELinux-enabled system, this can
+ be used to trigger a local DoS. Debian does not enable SELinux by
+ default.
+ See CVE-2006-6056
+ * ipv6_fl_socklist-no-share.dpatch
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
+ * core-dump-unreadable-PT_INTERP.dpatch
+ [SECURITY] Fix a vulnerability that allows local users to read
+ otherwise unreadable (but executable) files by triggering a core dump.
+ See CVE-2007-0958
+ * appletalk-length-mismatch.dpatch
+ [SECURITY] Fix a remote DoS (crash) in appletalk
+ Depends upon appletalk-endianness-annotations.dpatch
+ See CVE-2007-1357
+
+ -- dann frazier <dannf at debian.org> Mon, 23 Apr 2007 16:29:10 -0600
+
kernel-image-2.6.8-alpha (2.6.8-16sarge6) stable-security; urgency=high
* Build against kernel-tree-2.6.8-16sarge6:
Modified: dists/sarge-security/kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian/control
==============================================================================
--- dists/sarge-security/kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian/control (original)
+++ dists/sarge-security/kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian/control Mon Apr 23 22:29:23 2007
@@ -4,9 +4,9 @@
Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>
Uploaders: Norbert Tretkowski <nobse at debian.org>
Standards-Version: 3.6.1
-Build-Depends: debhelper (>= 2), kernel-package (>= 8.054), kernel-tree-2.6.8-16sarge6, module-init-tools
+Build-Depends: debhelper (>= 2), kernel-package (>= 8.054), kernel-tree-2.6.8-16sarge7, module-init-tools
-Package: kernel-headers-2.6.8-3
+Package: kernel-headers-2.6.8-4
Architecture: alpha
Section: devel
Priority: optional
@@ -15,22 +15,22 @@
Description: Header files related to Linux kernel version 2.6.8
This package provides kernel header files for version 2.6.8, for sites
that want the latest kernel headers. Please read
- /usr/share/doc/kernel-headers-2.6.8-3/debian.README.gz for details
+ /usr/share/doc/kernel-headers-2.6.8-4/debian.README.gz for details
-Package: kernel-headers-2.6.8-3-generic
+Package: kernel-headers-2.6.8-4-generic
Architecture: alpha
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers 2.6.8 on Alpha
This package provides kernel header files for version 2.6.8 on
the Alpha architecture,
for sites that want the latest kernel headers.
- Please read /usr/share/doc/kernel-headers-2.6.8-3-generic/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.6.8-4-generic/debian.README.gz for
details
-Package: kernel-image-2.6.8-3-generic
+Package: kernel-image-2.6.8-4-generic
Architecture: alpha
Section: base
Priority: optional
@@ -54,21 +54,21 @@
and it is suggested that you install that package if you wish to
create a custom kernel from the sources.
-Package: kernel-headers-2.6.8-3-smp
+Package: kernel-headers-2.6.8-4-smp
Architecture: alpha
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Linux kernel headers 2.6.8 on Alpha SMP
This package provides kernel header files for version 2.6.8 on
the Alpha architecture with SMP support,
for sites that want the latest kernel headers.
SMP (symmetric multi-processing) is needed if you have multiple processors.
- Please read /usr/share/doc/kernel-headers-2.6.8-3-smp/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.6.8-4-smp/debian.README.gz for
details
-Package: kernel-image-2.6.8-3-smp
+Package: kernel-image-2.6.8-4-smp
Architecture: alpha
Section: base
Priority: optional
More information about the Kernel-svn-changes
mailing list