[kernel] r8497 -
dists/sarge-security/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian
Dann Frazier
dannf at alioth.debian.org
Mon Apr 23 23:36:02 UTC 2007
Author: dannf
Date: Mon Apr 23 23:35:59 2007
New Revision: 8497
Modified:
dists/sarge-security/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/changelog
dists/sarge-security/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/control
Log:
* Rebuild against kernel-tree-2.6.8-16sarge7 which requires
an ABI increment:
* [ERRATA] smbfs-honor-mount-opts-2.dpatch
Fix some regressions with respect to file types (e.g., symlinks)
introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
* mincore_hang.dpatch
[SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
Holtmann for the patch.
See CVE-2006-4814
* mincore-fixes.dpatch
This patch includes a few fixes, necessary for mincore_hang.dpatch to
apply cleanly.
* dev_queue_xmit-error-path.dpatch
[SECURITY] Correct an error path in dev_queue_xmit() to rebalance
local_bh_enable() calls. Patch from Vasily Averin.
See CVE-2006-6535
* dvb-core-handle-0-length-ule-sndu.dpatch
[SECURITY] Avoid sending invalid ULE packets which may not properly
handled by the receiving side triggering a crash. This is a backport
of the patch that went into 2.6.17.y. It would be better to fix the
receiving end, but no patch for the era kernel has been developed yet.
See CVE-2006-4623
* bluetooth-capi-size-checks.dpatch
[SECURITY] Add additional length checks to avoid potential remote
DoS attacks in the handling of CAPI messages in the bluetooth driver
See CVE-2006-6106
* __find_get_block_slow-race.dpatch
[SECURITY] Fix infinite loop in __find_get_block_slow that can
be triggered by mounting and accessing a malicious iso9660 or NTFS
filesystem
See CVE-2006-5757, CVE-2006-6060
* listxattr-mem-corruption.dpatch
[SECURITY] Fix userspace corruption vulnerability caused by
incorrectly promoted return values in bad_inode_ops
This patches changes the kernel ABI.
See CVE-2006-5753
* aio-fix-nr_pages-init.dpatch
[SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
avoid a race that can lead to a system crash
See CVE-2006-5754
* unmap_hugepage_area-check-null-pte.dpatch
[SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
No kernel-image builds appear to compile this code, so this fix is only
for users that compile their own kernels with the Debian source and
enable/use huge pages.
See CVE-2005-4811
* ext3-fsfuzz.dpatch
[SECURITY] Fix a DoS vulnerability that can be triggered by a local
user with the ability to mount a corrupted ext3 filesystem
See CVE-2006-6053
* hfs-no-root-inode.dpatch
[SECURITY] Fix bug in HFS where hfs_fill_super returns success even
if no root inode is found. On an SELinux-enabled system, this can
be used to trigger a local DoS. Debian does not enable SELinux by
default.
See CVE-2006-6056
* ipv6_fl_socklist-no-share.dpatch
[SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
ipv6_fl_socklist between the listening socket and the socket created
for connection.
See CVE-2007-1592
* core-dump-unreadable-PT_INTERP.dpatch
[SECURITY] Fix a vulnerability that allows local users to read
otherwise unreadable (but executable) files by triggering a core dump.
See CVE-2007-0958
* appletalk-length-mismatch.dpatch
[SECURITY] Fix a remote DoS (crash) in appletalk
Depends upon appletalk-endianness-annotations.dpatch
See CVE-2007-1357
Modified: dists/sarge-security/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/changelog Mon Apr 23 23:35:59 2007
@@ -1,3 +1,77 @@
+kernel-image-2.6.8-s390 (2.6.8-5sarge7) oldstable-security; urgency=high
+
+ * Rebuild against kernel-tree-2.6.8-16sarge7 which requires
+ an ABI increment:
+ * [ERRATA] smbfs-honor-mount-opts-2.dpatch
+ Fix some regressions with respect to file types (e.g., symlinks)
+ introduced by the fix for CVE-2006-5871 in 2.6.8-16sarge6
+ * mincore_hang.dpatch
+ [SECURITY] Fix a potential deadlock in mincore, thanks to Marcel
+ Holtmann for the patch.
+ See CVE-2006-4814
+ * mincore-fixes.dpatch
+ This patch includes a few fixes, necessary for mincore_hang.dpatch to
+ apply cleanly.
+ * dev_queue_xmit-error-path.dpatch
+ [SECURITY] Correct an error path in dev_queue_xmit() to rebalance
+ local_bh_enable() calls. Patch from Vasily Averin.
+ See CVE-2006-6535
+ * dvb-core-handle-0-length-ule-sndu.dpatch
+ [SECURITY] Avoid sending invalid ULE packets which may not properly
+ handled by the receiving side triggering a crash. This is a backport
+ of the patch that went into 2.6.17.y. It would be better to fix the
+ receiving end, but no patch for the era kernel has been developed yet.
+ See CVE-2006-4623
+ * bluetooth-capi-size-checks.dpatch
+ [SECURITY] Add additional length checks to avoid potential remote
+ DoS attacks in the handling of CAPI messages in the bluetooth driver
+ See CVE-2006-6106
+ * __find_get_block_slow-race.dpatch
+ [SECURITY] Fix infinite loop in __find_get_block_slow that can
+ be triggered by mounting and accessing a malicious iso9660 or NTFS
+ filesystem
+ See CVE-2006-5757, CVE-2006-6060
+ * listxattr-mem-corruption.dpatch
+ [SECURITY] Fix userspace corruption vulnerability caused by
+ incorrectly promoted return values in bad_inode_ops
+ This patches changes the kernel ABI.
+ See CVE-2006-5753
+ * aio-fix-nr_pages-init.dpatch
+ [SECURITY] Fix initialization of info->nr_pages in aio_setup_ring() to
+ avoid a race that can lead to a system crash
+ See CVE-2006-5754
+ * unmap_hugepage_area-check-null-pte.dpatch
+ [SECURITY] Fix a potential DoS (crash) in unmap_hugepage_area().
+ No kernel-image builds appear to compile this code, so this fix is only
+ for users that compile their own kernels with the Debian source and
+ enable/use huge pages.
+ See CVE-2005-4811
+ * ext3-fsfuzz.dpatch
+ [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+ user with the ability to mount a corrupted ext3 filesystem
+ See CVE-2006-6053
+ * hfs-no-root-inode.dpatch
+ [SECURITY] Fix bug in HFS where hfs_fill_super returns success even
+ if no root inode is found. On an SELinux-enabled system, this can
+ be used to trigger a local DoS. Debian does not enable SELinux by
+ default.
+ See CVE-2006-6056
+ * ipv6_fl_socklist-no-share.dpatch
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
+ * core-dump-unreadable-PT_INTERP.dpatch
+ [SECURITY] Fix a vulnerability that allows local users to read
+ otherwise unreadable (but executable) files by triggering a core dump.
+ See CVE-2007-0958
+ * appletalk-length-mismatch.dpatch
+ [SECURITY] Fix a remote DoS (crash) in appletalk
+ Depends upon appletalk-endianness-annotations.dpatch
+ See CVE-2007-1357
+
+ -- dann frazier <dannf at debian.org> Mon, 23 Apr 2007 17:35:44 -0600
+
kernel-image-2.6.8-s390 (2.6.8-5sarge6) stable-security; urgency=high
* Build against kernel-tree-2.6.8-16sarge6:
Modified: dists/sarge-security/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/control
==============================================================================
--- dists/sarge-security/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/control (original)
+++ dists/sarge-security/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/control Mon Apr 23 23:35:59 2007
@@ -4,7 +4,7 @@
Maintainer: Debian kernel team <debian-kernel at lists.debian.org>
Uploaders: Bastian Blank <waldi at debian.org>, Jochen Röhrig <jr at debian.org>
Standards-Version: 3.5.6
-Build-Depends: debhelper (>> 4.0.0), module-init-tools, kernel-tree-2.6.8-16sarge6, kernel-package (>= 8.084), dh-kpatches
+Build-Depends: debhelper (>> 4.0.0), module-init-tools, kernel-tree-2.6.8-16sarge7, kernel-package (>= 8.084), dh-kpatches
Package: kernel-patch-2.6.8-s390
Architecture: all
@@ -14,7 +14,7 @@
Patches for the Linux kernel for the S/390 and zSeries architecture.
This package includes the patch for the Linux kernel version 2.6.8.
-Package: kernel-headers-2.6.8-3
+Package: kernel-headers-2.6.8-4
Architecture: s390
Section: devel
Priority: optional
@@ -24,7 +24,7 @@
for sites that want the latest kernel headers. Please read
/usr/share/doc/kernel-headers-2.6.8/debian.README.gz for details.
-Package: kernel-image-2.6.8-3-s390
+Package: kernel-image-2.6.8-4-s390
Architecture: s390
Section: base
Priority: optional
@@ -44,18 +44,18 @@
and it is suggested that you install that package if you wish to
create a custom kernel from the sources.
-Package: kernel-image-2.6.8-3-s390-tape
+Package: kernel-image-2.6.8-4-s390-tape
Architecture: s390
Section: base
Priority: extra
-Depends: kernel-image-2.6.8-3-s390 (= ${Source-Version})
+Depends: kernel-image-2.6.8-4-s390 (= ${Source-Version})
Description: Linux kernel image for kernel version 2.6.8 on IBM S/390
This package contains the Linux kernel image for kernel version 2.6.8
on IBM S/390 and zSeries.
.
This kernel has support to IPL (boot) from a tape.
-Package: kernel-image-2.6.8-3-s390x
+Package: kernel-image-2.6.8-4-s390x
Architecture: s390
Section: base
Priority: optional
More information about the Kernel-svn-changes
mailing list