[kernel] r8496 -
dists/sarge-security/kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian
Dann Frazier
dannf at alioth.debian.org
Mon Apr 23 22:39:05 UTC 2007
Author: dannf
Date: Mon Apr 23 22:39:05 2007
New Revision: 8496
Modified:
dists/sarge-security/kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian/changelog
dists/sarge-security/kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian/control
Log:
* Rebuild against kernel-tree-2.6.8-16sarge7 which requires
an ABI increment:
* [ERRATA] smbfs-honor-mount-opts-2.dpatch
Fix some regressions with respect to file types (e.g., symlinks)
introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
* mincore_hang.dpatch
[SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
Holtmann for the patch.
See CVE-2006-4814
* mincore-fixes.dpatch
This patch includes a few fixes, necessary for mincore_hang.dpatch to
apply cleanly.
* dev_queue_xmit-error-path.dpatch
[SECURITY] Correct an error path in dev_queue_xmit() to rebalance
local_bh_enable() calls. Patch from Vasily Averin.
See CVE-2006-6535
* dvb-core-handle-0-length-ule-sndu.dpatch
[SECURITY] Avoid sending invalid ULE packets which may not properly
handled by the receiving side triggering a crash. This is a backport
of the patch that went into 2.6.17.y. It would be better to fix the
receiving end, but no patch for the era kernel has been developed yet.
See CVE-2006-4623
* bluetooth-capi-size-checks.dpatch
[SECURITY] Add additional length checks to avoid potential remote
DoS attacks in the handling of CAPI messages in the bluetooth driver
See CVE-2006-6106
* __find_get_block_slow-race.dpatch
[SECURITY] Fix infinite loop in __find_get_block_slow that can
be triggered by mounting and accessing a malicious iso9660 or NTFS
filesystem
See CVE-2006-5757, CVE-2006-6060
* listxattr-mem-corruption.dpatch
[SECURITY] Fix userspace corruption vulnerability caused by
incorrectly promoted return values in bad_inode_ops
This patches changes the kernel ABI.
See CVE-2006-5753
* aio-fix-nr_pages-init.dpatch
[SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
avoid a race that can lead to a system crash
See CVE-2006-5754
* unmap_hugepage_area-check-null-pte.dpatch
[SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
No kernel-image builds appear to compile this code, so this fix is only
for users that compile their own kernels with the Debian source and
enable/use huge pages.
See CVE-2005-4811
* ext3-fsfuzz.dpatch
[SECURITY] Fix a DoS vulnerability that can be triggered by a local
user with the ability to mount a corrupted ext3 filesystem
See CVE-2006-6053
* hfs-no-root-inode.dpatch
[SECURITY] Fix bug in HFS where hfs_fill_super returns success even
if no root inode is found. On an SELinux-enabled system, this can
be used to trigger a local DoS. Debian does not enable SELinux by
default.
See CVE-2006-6056
* ipv6_fl_socklist-no-share.dpatch
[SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
ipv6_fl_socklist between the listening socket and the socket created
for connection.
See CVE-2007-1592
* core-dump-unreadable-PT_INTERP.dpatch
[SECURITY] Fix a vulnerability that allows local users to read
otherwise unreadable (but executable) files by triggering a core dump.
See CVE-2007-0958
* appletalk-length-mismatch.dpatch
[SECURITY] Fix a remote DoS (crash) in appletalk
Depends upon appletalk-endianness-annotations.dpatch
See CVE-2007-1357
Modified: dists/sarge-security/kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian/changelog Mon Apr 23 22:39:05 2007
@@ -1,3 +1,77 @@
+kernel-image-2.6.8-sparc (2.6.8-15sarge7) oldstable-security; urgency=high
+
+ * Rebuild against kernel-tree-2.6.8-16sarge7 which requires
+ an ABI increment:
+ * [ERRATA] smbfs-honor-mount-opts-2.dpatch
+ Fix some regressions with respect to file types (e.g., symlinks)
+ introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
+ * mincore_hang.dpatch
+ [SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
+ Holtmann for the patch.
+ See CVE-2006-4814
+ * mincore-fixes.dpatch
+ This patch includes a few fixes, necessary for mincore_hang.dpatch to
+ apply cleanly.
+ * dev_queue_xmit-error-path.dpatch
+ [SECURITY] Correct an error path in dev_queue_xmit() to rebalance
+ local_bh_enable() calls. Patch from Vasily Averin.
+ See CVE-2006-6535
+ * dvb-core-handle-0-length-ule-sndu.dpatch
+ [SECURITY] Avoid sending invalid ULE packets which may not properly
+ handled by the receiving side triggering a crash. This is a backport
+ of the patch that went into 2.6.17.y. It would be better to fix the
+ receiving end, but no patch for the era kernel has been developed yet.
+ See CVE-2006-4623
+ * bluetooth-capi-size-checks.dpatch
+ [SECURITY] Add additional length checks to avoid potential remote
+ DoS attacks in the handling of CAPI messages in the bluetooth driver
+ See CVE-2006-6106
+ * __find_get_block_slow-race.dpatch
+ [SECURITY] Fix infinite loop in __find_get_block_slow that can
+ be triggered by mounting and accessing a malicious iso9660 or NTFS
+ filesystem
+ See CVE-2006-5757, CVE-2006-6060
+ * listxattr-mem-corruption.dpatch
+ [SECURITY] Fix userspace corruption vulnerability caused by
+ incorrectly promoted return values in bad_inode_ops
+ This patches changes the kernel ABI.
+ See CVE-2006-5753
+ * aio-fix-nr_pages-init.dpatch
+ [SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
+ avoid a race that can lead to a system crash
+ See CVE-2006-5754
+ * unmap_hugepage_area-check-null-pte.dpatch
+ [SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
+ No kernel-image builds appear to compile this code, so this fix is only
+ for users that compile their own kernels with the Debian source and
+ enable/use huge pages.
+ See CVE-2005-4811
+ * ext3-fsfuzz.dpatch
+ [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+ user with the ability to mount a corrupted ext3 filesystem
+ See CVE-2006-6053
+ * hfs-no-root-inode.dpatch
+ [SECURITY] Fix bug in HFS where hfs_fill_super returns success even
+ if no root inode is found. On an SELinux-enabled system, this can
+ be used to trigger a local DoS. Debian does not enable SELinux by
+ default.
+ See CVE-2006-6056
+ * ipv6_fl_socklist-no-share.dpatch
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
+ * core-dump-unreadable-PT_INTERP.dpatch
+ [SECURITY] Fix a vulnerability that allows local users to read
+ otherwise unreadable (but executable) files by triggering a core dump.
+ See CVE-2007-0958
+ * appletalk-length-mismatch.dpatch
+ [SECURITY] Fix a remote DoS (crash) in appletalk
+ Depends upon appletalk-endianness-annotations.dpatch
+ See CVE-2007-1357
+
+ -- dann frazier <dannf at debian.org> Mon, 23 Apr 2007 16:38:51 -0600
+
kernel-image-2.6.8-sparc (2.6.8-15sarge6) stable-security; urgency=high
* Build against kernel-tree-2.6.8-16sarge6:
Modified: dists/sarge-security/kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian/control
==============================================================================
--- dists/sarge-security/kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian/control (original)
+++ dists/sarge-security/kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian/control Mon Apr 23 22:39:05 2007
@@ -4,19 +4,19 @@
Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>
Uploaders: Joshua Kwan <joshk at triplehelix.org>, Ben Collins <bcollins at debian.org>, Andres Salomon <dilinger at debian.org>, dann frazier <dannf at debian.org>
Standards-Version: 3.6.1.0
-Build-Depends: gcc (>= 4:3.3), kernel-tree-2.6.8-16sarge6, debhelper (>= 4), kernel-package, sparc-utils, module-init-tools
+Build-Depends: gcc (>= 4:3.3), kernel-tree-2.6.8-16sarge7, debhelper (>= 4), kernel-package, sparc-utils, module-init-tools
-Package: kernel-build-2.6.8-3
+Package: kernel-build-2.6.8-4
Architecture: sparc
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3-sparc64, kernel-headers-2.6.8-3-sparc64-smp
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4-sparc64, kernel-headers-2.6.8-4-sparc64-smp
Description: Headers for building modules for Linux 2.6.8
This package provides kernel header files for building modules for the
precompiled kernel images on the 64-bit SPARC architecture (uniprocessor and
multiprocessor.)
-Package: kernel-headers-2.6.8-3
+Package: kernel-headers-2.6.8-4
Architecture: sparc
Section: devel
Priority: optional
@@ -30,26 +30,26 @@
This package consists mostly of the common files between the three header
packages you should really be using for building modules:
.
- - kernel-headers-2.6.8-3-sparc32
- - kernel-headers-2.6.8-3-sparc64
- - kernel-headers-2.6.8-3-sparc64-smp
+ - kernel-headers-2.6.8-4-sparc32
+ - kernel-headers-2.6.8-4-sparc64
+ - kernel-headers-2.6.8-4-sparc64-smp
.
For more information you can also read:
- /usr/share/doc/kernel-headers-2.6.8-3/debian.README.gz.
+ /usr/share/doc/kernel-headers-2.6.8-4/debian.README.gz.
-Package: kernel-headers-2.6.8-3-sparc32
+Package: kernel-headers-2.6.8-4-sparc32
Architecture: sparc
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Header files for Linux kernel 2.6.8 on uniprocessor 32-bit SPARC
This package provides kernel header files for version 2.6.8 on the 32-bit
SPARC architecture, used to build out-of-tree kernel modules. If you have
- more than one processor, you want the kernel-headers-2.6.8-3-sparc64-smp
+ more than one processor, you want the kernel-headers-2.6.8-4-sparc64-smp
package.
-Package: kernel-image-2.6.8-3-sparc32
+Package: kernel-image-2.6.8-4-sparc32
Section: base
Architecture: sparc
Priority: optional
@@ -75,19 +75,19 @@
systems. If you do not have a SuperSPARC or HyperSPARC CPU, then most likely
you want the sparc64 image. See kernel-image-2.6-sparc64.
-Package: kernel-headers-2.6.8-3-sparc64
+Package: kernel-headers-2.6.8-4-sparc64
Architecture: sparc
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Header files for Linux kernel 2.6.8 on uniprocessor 64-bit SPARC
This package provides kernel header files for version 2.6.8 on the 64-bit
SPARC architecture, used to build out-of-tree kernel modules. If you have
- more than one processor, you want the kernel-headers-2.6.8-3-sparc64-smp
+ more than one processor, you want the kernel-headers-2.6.8-4-sparc64-smp
package.
-Package: kernel-image-2.6.8-3-sparc64
+Package: kernel-image-2.6.8-4-sparc64
Section: base
Architecture: sparc
Priority: optional
@@ -113,19 +113,19 @@
do not have an UltraSPARC, then most likely you want the sparc32 image. See
kernel-image-2.6-sparc32.
-Package: kernel-headers-2.6.8-3-sparc64-smp
+Package: kernel-headers-2.6.8-4-sparc64-smp
Architecture: sparc
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.6.8-4
Provides: kernel-headers, kernel-headers-2.6
Description: Header files for Linux kernel 2.6.8 on multiprocessor 64-bit SPARC
This package provides kernel header files for version 2.6.8 on the 64-bit
SPARC architecture, used to build out-of-tree kernel modules. If you only
- have one processor, you want the kernel-headers-2.6.8-3-sparc64 package
+ have one processor, you want the kernel-headers-2.6.8-4-sparc64 package
instead.
-Package: kernel-image-2.6.8-3-sparc64-smp
+Package: kernel-image-2.6.8-4-sparc64-smp
Section: base
Architecture: sparc
Priority: optional
More information about the Kernel-svn-changes
mailing list