[kernel] r10571 - dists/sarge-security/kernel-2.4/ia64/kernel-image-2.4.27-ia64-2.4.27/debian
Dann Frazier
dannf at alioth.debian.org
Mon Feb 18 06:27:19 UTC 2008
Author: dannf
Date: Mon Feb 18 06:27:18 2008
New Revision: 10571
Log:
* Build against kernel-tree-2.4.27-10sarge6:
* 239_mincore-hang.diff
[SECURITY] Fix a potential deadlock in mincore
See CVE-2006-4814
* [ERRATA] 240_smbfs-honor-mount-opts-2.diff
Fix some regressions with respect to file types (e.g., symlinks)
introduced by the fix for CVE-2006-5871 in 2.4.27-10sarge5
* 241_bluetooth-capi-size-checks.diff
[SECURITY] Add additional length checks to avoid potential remote
DoS attacks in the handling of CAPI messages in the bluetooth driver
See CVE-2006-6106
* 242_ext3-fsfuzz.diff
[SECURITY] Fix a DoS vulnerability that can be triggered by a local
user with the ability to mount a corrupted ext3 filesystem
See CVE-2006-6053
* 243_ipv6_fl_socklist-no-share.diff
[SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
ipv6_fl_socklist between the listening socket and the socket created
for connection.
See CVE-2007-1592
* 244_bluetooth-l2cap-hci-info-leaks.diff
245_bluetooth-l2cap-hci-info-leaks-2.diff
[SECURITY] Fix information leaks in setsockopt() implementations
See CVE-2007-1353
* 246_dn_fib-out-of-bounds.diff
266_ipv4-fib_props-out-of-bounds.diff
267_ipv4-fib_props-out-of-bounds-2.diff
See CVE-2007-2172
* 247_reset-pdeathsig-on-suid.diff
[SECURITY] Fix potential privilege escalation caused by improper
clearing of the child process' pdeath signal.
Thanks to Marcel Holtmann for the patch.
See CVE-2007-3848
* 248_random-reseed-sizeof-fix.diff
[SECURITY] Fix a bug in the random driver reseeding code that reduces
entropy by reseeding a smaller buffer size than expected
See CVE-2007-4311
* 249_openpromfs-signedness-bug.diff
250_openpromfs-checks-1.diff
251_openpromfs-checks-2.diff
252_openpromfs-checks-3.diff
[SECURITY] Fix a number of data checks in openprom code
See CVE-2004-2731
* 253_coredump-only-to-same-uid.diff
[SECURITY] Fix an issue where core dumping over a file that
already exists retains the ownership of the original file
See CVE-2007-6206
* 254_cramfs-check-block-length.diff
[SECURITY] Add a sanity check of the block length in cramfs_readpage to
avoid a potential oops condition
See CVE-2006-5823
* 255_pppoe-socket-release-mem-leak.diff
[SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
after connect but before PPPIOCGCHAN ioctl is called upon it
See CVE-2007-2525
* 256_i4l-isdn_ioctl-mem-overrun.diff
[SECURITY] Fix potential isdn ioctl memory overrun
See CVE-2007-6151
* 257_isdn-net-overflow.diff
[SECURITY] Fix potential overflows in the ISDN subsystem
See CVE-2007-6063
* 258_ext2_readdir-f_pos-fix.diff,
259_ext2_readdir-infinite-loop.diff,
260_ext2-skip-pages-past-num-blocks.diff
[SECURITY] Add some sanity checking for a corrupted i_size in
ext2_find_entry()
See CVE-2006-6054
* 261_listxattr-mem-corruption.diff
[SECURITY] Fix userspace corruption vulnerability caused by
incorrectly promoted return values in bad_inode_ops
This patches changes the kernel ABI.
See CVE-2006-5753
* 262_aacraid-ioctl-perm-check.diff
[SECURITY] Require admin capabilities to issue ioctls to aacraid devices
See CVE-2007-4308
* 263_usb-pwc-disconnect-block.diff
[SECURITY] Fix issue with unplugging webcams that use the pwc driver.
If userspace still has the device open it can result, the driver would
wait for the device to close, blocking the USB subsystem.
See CVE-2007-5093
* 264_mmap-VM_DONTEXPAND.diff
[SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
a fault handler but do not bounds check the offset argument
See CVE-2008-0007
* 265_powerpc-chrp-null-deref.diff
[SECURITY][powerpc] Fix NULL pointer dereference if get_property
fails on the subarchitecture
See CVE-2007-6694
* ABI changing update, increment ABI number to 4. If you don't understand
what this means, see http://wiki.debian.org/DebianKernelABIChanges
Modified:
dists/sarge-security/kernel-2.4/ia64/kernel-image-2.4.27-ia64-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/ia64/kernel-image-2.4.27-ia64-2.4.27/debian/control
Modified: dists/sarge-security/kernel-2.4/ia64/kernel-image-2.4.27-ia64-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/ia64/kernel-image-2.4.27-ia64-2.4.27/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/ia64/kernel-image-2.4.27-ia64-2.4.27/debian/changelog Mon Feb 18 06:27:18 2008
@@ -1,3 +1,99 @@
+kernel-image-2.4.27-ia64 (2.4.27-10sarge6) oldstable-security; urgency=high
+
+ * Build against kernel-tree-2.4.27-10sarge6:
+ * 239_mincore-hang.diff
+ [SECURITY] Fix a potential deadlock in mincore
+ See CVE-2006-4814
+ * [ERRATA] 240_smbfs-honor-mount-opts-2.diff
+ Fix some regressions with respect to file types (e.g., symlinks)
+ introduced by the fix for CVE-2006-5871 in 2.4.27-10sarge5
+ * 241_bluetooth-capi-size-checks.diff
+ [SECURITY] Add additional length checks to avoid potential remote
+ DoS attacks in the handling of CAPI messages in the bluetooth driver
+ See CVE-2006-6106
+ * 242_ext3-fsfuzz.diff
+ [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+ user with the ability to mount a corrupted ext3 filesystem
+ See CVE-2006-6053
+ * 243_ipv6_fl_socklist-no-share.diff
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
+ * 244_bluetooth-l2cap-hci-info-leaks.diff
+ 245_bluetooth-l2cap-hci-info-leaks-2.diff
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * 246_dn_fib-out-of-bounds.diff
+ 266_ipv4-fib_props-out-of-bounds.diff
+ 267_ipv4-fib_props-out-of-bounds-2.diff
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * 247_reset-pdeathsig-on-suid.diff
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ Thanks to Marcel Holtmann for the patch.
+ See CVE-2007-3848
+ * 248_random-reseed-sizeof-fix.diff
+ [SECURITY] Fix a bug in the random driver reseeding code that reduces
+ entropy by reseeding a smaller buffer size than expected
+ See CVE-2007-4311
+ * 249_openpromfs-signedness-bug.diff
+ 250_openpromfs-checks-1.diff
+ 251_openpromfs-checks-2.diff
+ 252_openpromfs-checks-3.diff
+ [SECURITY] Fix a number of data checks in openprom code
+ See CVE-2004-2731
+ * 253_coredump-only-to-same-uid.diff
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * 254_cramfs-check-block-length.diff
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * 255_pppoe-socket-release-mem-leak.diff
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * 256_i4l-isdn_ioctl-mem-overrun.diff
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * 257_isdn-net-overflow.diff
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * 258_ext2_readdir-f_pos-fix.diff,
+ 259_ext2_readdir-infinite-loop.diff,
+ 260_ext2-skip-pages-past-num-blocks.diff
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * 261_listxattr-mem-corruption.diff
+ [SECURITY] Fix userspace corruption vulnerability caused by
+ incorrectly promoted return values in bad_inode_ops
+ This patches changes the kernel ABI.
+ See CVE-2006-5753
+ * 262_aacraid-ioctl-perm-check.diff
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * 263_usb-pwc-disconnect-block.diff
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * 264_mmap-VM_DONTEXPAND.diff
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+ * 265_powerpc-chrp-null-deref.diff
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+ * ABI changing update, increment ABI number to 4. If you don't understand
+ what this means, see http://wiki.debian.org/DebianKernelABIChanges
+
+ -- dann frazier <dannf at debian.org> Sun, 17 Feb 2008 23:25:35 -0700
+
kernel-image-2.4.27-ia64 (2.4.27-10sarge5) stable-security; urgency=high
* Build against kernel-tree-2.4.27-10sarge5:
Modified: dists/sarge-security/kernel-2.4/ia64/kernel-image-2.4.27-ia64-2.4.27/debian/control
==============================================================================
--- dists/sarge-security/kernel-2.4/ia64/kernel-image-2.4.27-ia64-2.4.27/debian/control (original)
+++ dists/sarge-security/kernel-2.4/ia64/kernel-image-2.4.27-ia64-2.4.27/debian/control Mon Feb 18 06:27:18 2008
@@ -4,9 +4,9 @@
Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>
Uploaders: dann frazier <dannf at debian.org>
Standards-Version: 3.6.1
-Build-Depends: debhelper (>= 2), modutils, kernel-patch-2.4.27-ia64 (= 2.4.27-4), kernel-tree-2.4.27-10sarge5, kernel-package (>= 8.042), bzip2
+Build-Depends: debhelper (>= 2), modutils, kernel-patch-2.4.27-ia64 (= 2.4.27-4), kernel-tree-2.4.27-10sarge6, kernel-package (>= 8.042), bzip2
-Package: kernel-headers-2.4.27-3
+Package: kernel-headers-2.4.27-4
Architecture: ia64
Section: devel
Priority: optional
@@ -15,31 +15,31 @@
Description: Header files related to Linux kernel version 2.4.27
This package provides kernel header files for version 2.4.27, for sites
that want the latest kernel headers. Please read
- /usr/share/doc/kernel-headers-2.4.27-3/debian.README.gz for details.
+ /usr/share/doc/kernel-headers-2.4.27-4/debian.README.gz for details.
-Package: kernel-build-2.4.27-3
+Package: kernel-build-2.4.27-4
Architecture: ia64
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3-itanium, kernel-headers-2.4.27-3-itanium-smp, kernel-headers-2.4.27-3-mckinley, kernel-headers-2.4.27-3-mckinley-smp
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4-itanium, kernel-headers-2.4.27-4-itanium-smp, kernel-headers-2.4.27-4-mckinley, kernel-headers-2.4.27-4-mckinley-smp
Description: Headers for building modules for Linux 2.4.27
This package provides kernel header files for building modules for the
precompiled kernel images on ia64.
-Package: kernel-headers-2.4.27-3-itanium
+Package: kernel-headers-2.4.27-4-itanium
Architecture: ia64
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4
Provides: kernel-headers, kernel-headers-2.4
Description: Linux kernel headers 2.4.27 on ia64
This package provides kernel header files for version 2.4.27 on
ia64,
for sites that want the latest kernel headers.
- Please read /usr/share/doc/kernel-headers-2.4.27-3-itanium/debian.README.gz
+ Please read /usr/share/doc/kernel-headers-2.4.27-4-itanium/debian.README.gz
for details.
-Package: kernel-image-2.4.27-3-itanium
+Package: kernel-image-2.4.27-4-itanium
Architecture: ia64
Section: base
Priority: optional
@@ -61,26 +61,26 @@
Architecture: ia64
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-itanium
+Depends: kernel-image-2.4.27-4-itanium
Description: Linux kernel image for version 2.4 on Itanium
This package will always depend on the latest 2.4 kernel image available for
itanium.
-Package: kernel-headers-2.4.27-3-itanium-smp
+Package: kernel-headers-2.4.27-4-itanium-smp
Architecture: ia64
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4
Provides: kernel-headers, kernel-headers-2.4
Description: Linux kernel headers 2.4.27 on Itanium SMP
This package provides kernel header files for version 2.4.27 on
Itanium with SMP support,
for sites that want the latest kernel headers.
Please read
- /usr/share/doc/kernel-headers-2.4.27-3-itanium-smp/debian.README.gz for
+ /usr/share/doc/kernel-headers-2.4.27-4-itanium-smp/debian.README.gz for
details.
-Package: kernel-image-2.4.27-3-itanium-smp
+Package: kernel-image-2.4.27-4-itanium-smp
Architecture: ia64
Section: base
Priority: optional
@@ -102,25 +102,25 @@
Architecture: ia64
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-itanium-smp
+Depends: kernel-image-2.4.27-4-itanium-smp
Description: Linux kernel image for version 2.4 on Itanium SMP
This package will always depend on the latest 2.4 kernel image available for
Itanium SMP.
-Package: kernel-headers-2.4.27-3-mckinley
+Package: kernel-headers-2.4.27-4-mckinley
Architecture: ia64
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4
Provides: kernel-headers, kernel-headers-2.4
Description: Linux kernel headers 2.4.27 on ia64
This package provides kernel header files for version 2.4.27 on
ia64,
for sites that want the latest kernel headers.
- Please read /usr/share/doc/kernel-headers-2.4.27-3-mckinley/debian.README.gz
+ Please read /usr/share/doc/kernel-headers-2.4.27-4-mckinley/debian.README.gz
for details.
-Package: kernel-image-2.4.27-3-mckinley
+Package: kernel-image-2.4.27-4-mckinley
Architecture: ia64
Section: base
Priority: optional
@@ -142,26 +142,26 @@
Architecture: ia64
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-mckinley
+Depends: kernel-image-2.4.27-4-mckinley
Description: Linux kernel image for version 2.4 on Itanium II
This package will always depend on the latest 2.4 kernel image available for
Itanium II (also known as mckinley).
-Package: kernel-headers-2.4.27-3-mckinley-smp
+Package: kernel-headers-2.4.27-4-mckinley-smp
Architecture: ia64
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4
Provides: kernel-headers, kernel-headers-2.4
Description: Linux kernel headers 2.4.27 on Itanium II SMP
This package provides kernel header files for version 2.4.27 on
Itanium II (also known as mckinley) with SMP support,
for sites that want the latest kernel headers.
Please read
- /usr/share/doc/kernel-headers-2.4.27-3-mckinley-smp/debian.README.gz for
+ /usr/share/doc/kernel-headers-2.4.27-4-mckinley-smp/debian.README.gz for
details.
-Package: kernel-image-2.4.27-3-mckinley-smp
+Package: kernel-image-2.4.27-4-mckinley-smp
Architecture: ia64
Section: base
Priority: optional
@@ -183,7 +183,7 @@
Architecture: ia64
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-mckinley-smp
+Depends: kernel-image-2.4.27-4-mckinley-smp
Description: Linux kernel image for version 2.4 on Itanium II SMP
This package will always depend on the latest 2.4 kernel image available for
Itanium II (also known as mckinley) SMP.
More information about the Kernel-svn-changes
mailing list