[kernel] r10626 - in dists/sarge-security: kernel-2.4/alpha/kernel-image-2.4.27-alpha-2.4.27/debian kernel-2.4/alpha/kernel-latest-2.4-alpha/debian kernel-2.4/arm/kernel-image-2.4.27-arm-2.4.27/debian kernel-2.4/i386/kernel-image-2.4.27-i386-2.4.27/debian kernel-2.4/i386/kernel-image-speakup-i386-2.4.27/debian kernel-2.4/i386/kernel-latest-2.4-i386/debian kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian kernel-2.4/mips/kernel-patch-2.4.27-mips/debian kernel-2.4/powerpc/kernel-patch-powerpc-2.4.27-2.4.27/debian kernel-2.4/s390/kernel-image-2.4.27-s390/debian kernel-2.4/s390/kernel-latest-2.4-s390/debian kernel-2.4/sparc/kernel-image-2.4.27-sparc-2.4.27/debian kernel-2.4/sparc/kernel-latest-2.4-sparc/debian kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian kernel/m68k/kernel-image-2.6.8-m68k-2.6.8/debian kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian kernel/s390/kernel-image-2.6.8-s390-2.6.8 kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian kernel/source/kernel-source-2.6.8-2.6.8/debian kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian
Dann Frazier
dannf at alioth.debian.org
Fri Feb 22 22:18:13 UTC 2008
Author: dannf
Date: Fri Feb 22 22:18:12 2008
New Revision: 10626
Log:
updates for DSA 1503, 1504
Added:
dists/sarge-security/kernel/s390/kernel-image-2.6.8-s390-2.6.8/
- copied from r10578, /dists/sarge/kernel/s390/kernel-image-2.6.8-s390-2.6.8/
dists/sarge-security/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/changelog
- copied, changed from r10584, /dists/sarge/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/changelog
dists/sarge-security/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/control
- copied, changed from r10584, /dists/sarge/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/control
Modified:
dists/sarge-security/kernel-2.4/alpha/kernel-image-2.4.27-alpha-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/alpha/kernel-image-2.4.27-alpha-2.4.27/debian/control
dists/sarge-security/kernel-2.4/alpha/kernel-latest-2.4-alpha/debian/changelog
dists/sarge-security/kernel-2.4/alpha/kernel-latest-2.4-alpha/debian/control
dists/sarge-security/kernel-2.4/arm/kernel-image-2.4.27-arm-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/arm/kernel-image-2.4.27-arm-2.4.27/debian/control
dists/sarge-security/kernel-2.4/i386/kernel-image-2.4.27-i386-2.4.27/debian/control
dists/sarge-security/kernel-2.4/i386/kernel-image-speakup-i386-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/i386/kernel-image-speakup-i386-2.4.27/debian/control
dists/sarge-security/kernel-2.4/i386/kernel-latest-2.4-i386/debian/changelog
dists/sarge-security/kernel-2.4/i386/kernel-latest-2.4-i386/debian/control
dists/sarge-security/kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian/control
dists/sarge-security/kernel-2.4/mips/kernel-patch-2.4.27-mips/debian/changelog
dists/sarge-security/kernel-2.4/mips/kernel-patch-2.4.27-mips/debian/control
dists/sarge-security/kernel-2.4/powerpc/kernel-patch-powerpc-2.4.27-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/changelog
dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/control
dists/sarge-security/kernel-2.4/s390/kernel-latest-2.4-s390/debian/changelog
dists/sarge-security/kernel-2.4/s390/kernel-latest-2.4-s390/debian/control
dists/sarge-security/kernel-2.4/sparc/kernel-image-2.4.27-sparc-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/sparc/kernel-image-2.4.27-sparc-2.4.27/debian/control
dists/sarge-security/kernel-2.4/sparc/kernel-latest-2.4-sparc/debian/changelog
dists/sarge-security/kernel-2.4/sparc/kernel-latest-2.4-sparc/debian/control
dists/sarge-security/kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian/changelog
dists/sarge-security/kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian/control
dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/changelog
dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/control
dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/changelog
dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/control
dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/changelog
dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/control
dists/sarge-security/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/changelog
dists/sarge-security/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/control
dists/sarge-security/kernel/m68k/kernel-image-2.6.8-m68k-2.6.8/debian/changelog
dists/sarge-security/kernel/m68k/kernel-image-2.6.8-m68k-2.6.8/debian/control
dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/rules
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian/changelog
dists/sarge-security/kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian/control
Modified: dists/sarge-security/kernel-2.4/alpha/kernel-image-2.4.27-alpha-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/alpha/kernel-image-2.4.27-alpha-2.4.27/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/alpha/kernel-image-2.4.27-alpha-2.4.27/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,99 @@
+kernel-image-2.4.27-alpha (2.4.27-10sarge6) oldstable-security; urgency=high
+
+ * Build against kernel-tree-2.4.27-10sarge6:
+ * 239_mincore-hang.diff
+ [SECURITY] Fix a potential deadlock in mincore
+ See CVE-2006-4814
+ * [ERRATA] 240_smbfs-honor-mount-opts-2.diff
+ Fix some regressions with respect to file types (e.g., symlinks)
+ introduced by the fix for CVE-2006-5871 in 2.4.27-10sarge5
+ * 241_bluetooth-capi-size-checks.diff
+ [SECURITY] Add additional length checks to avoid potential remote
+ DoS attacks in the handling of CAPI messages in the bluetooth driver
+ See CVE-2006-6106
+ * 242_ext3-fsfuzz.diff
+ [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+ user with the ability to mount a corrupted ext3 filesystem
+ See CVE-2006-6053
+ * 243_ipv6_fl_socklist-no-share.diff
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
+ * 244_bluetooth-l2cap-hci-info-leaks.diff
+ 245_bluetooth-l2cap-hci-info-leaks-2.diff
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * 246_dn_fib-out-of-bounds.diff
+ 266_ipv4-fib_props-out-of-bounds.diff
+ 267_ipv4-fib_props-out-of-bounds-2.diff
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * 247_reset-pdeathsig-on-suid.diff
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ Thanks to Marcel Holtmann for the patch.
+ See CVE-2007-3848
+ * 248_random-reseed-sizeof-fix.diff
+ [SECURITY] Fix a bug in the random driver reseeding code that reduces
+ entropy by reseeding a smaller buffer size than expected
+ See CVE-2007-4311
+ * 249_openpromfs-signedness-bug.diff
+ 250_openpromfs-checks-1.diff
+ 251_openpromfs-checks-2.diff
+ 252_openpromfs-checks-3.diff
+ [SECURITY] Fix a number of data checks in openprom code
+ See CVE-2004-2731
+ * 253_coredump-only-to-same-uid.diff
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * 254_cramfs-check-block-length.diff
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * 255_pppoe-socket-release-mem-leak.diff
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * 256_i4l-isdn_ioctl-mem-overrun.diff
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * 257_isdn-net-overflow.diff
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * 258_ext2_readdir-f_pos-fix.diff,
+ 259_ext2_readdir-infinite-loop.diff,
+ 260_ext2-skip-pages-past-num-blocks.diff
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * 261_listxattr-mem-corruption.diff
+ [SECURITY] Fix userspace corruption vulnerability caused by
+ incorrectly promoted return values in bad_inode_ops
+ This patches changes the kernel ABI.
+ See CVE-2006-5753
+ * 262_aacraid-ioctl-perm-check.diff
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * 263_usb-pwc-disconnect-block.diff
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * 264_mmap-VM_DONTEXPAND.diff
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+ * 265_powerpc-chrp-null-deref.diff
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+ * ABI changing update, increment ABI number to 4. If you don't understand
+ what this means, see http://wiki.debian.org/DebianKernelABIChanges
+
+ -- dann frazier <dannf at debian.org> Sun, 17 Feb 2008 23:39:08 -0700
+
kernel-image-2.4.27-alpha (2.4.27-10sarge5) stable-security; urgency=high
* Build against kernel-tree-2.4.27-10sarge5:
Modified: dists/sarge-security/kernel-2.4/alpha/kernel-image-2.4.27-alpha-2.4.27/debian/control
==============================================================================
--- dists/sarge-security/kernel-2.4/alpha/kernel-image-2.4.27-alpha-2.4.27/debian/control (original)
+++ dists/sarge-security/kernel-2.4/alpha/kernel-image-2.4.27-alpha-2.4.27/debian/control Fri Feb 22 22:18:12 2008
@@ -4,9 +4,9 @@
Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>
Uploaders: Norbert Tretkowski <nobse at debian.org>
Standards-Version: 3.6.1.1
-Build-Depends: debhelper, kernel-package (>= 8.042), kernel-tree-2.4.27-10sarge5, modutils
+Build-Depends: debhelper, kernel-package (>= 8.042), kernel-tree-2.4.27-10sarge6, modutils
-Package: kernel-headers-2.4.27-3
+Package: kernel-headers-2.4.27-4
Architecture: alpha
Section: devel
Priority: optional
@@ -15,31 +15,31 @@
Description: Header files related to Linux kernel version 2.4.27
This package provides kernel header files for version 2.4.27, for sites
that want the latest kernel headers. Please read
- /usr/share/doc/kernel-headers-2.4.27-3/debian.README.gz for details
+ /usr/share/doc/kernel-headers-2.4.27-4/debian.README.gz for details
-Package: kernel-build-2.4.27-3
+Package: kernel-build-2.4.27-4
Architecture: alpha
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3-generic, kernel-headers-2.4.27-3-smp
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4-generic, kernel-headers-2.4.27-4-smp
Description: Headers for building modules for Linux 2.4.27
This package provides kernel header files for building modules for the
precompiled kernel images on alpha.
-Package: kernel-headers-2.4.27-3-generic
+Package: kernel-headers-2.4.27-4-generic
Architecture: alpha
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4
Provides: kernel-headers, kernel-headers-2.4
Description: Linux kernel headers 2.4.27 on Alpha
This package provides kernel header files for version 2.4.27 on
the Alpha architecture,
for sites that want the latest kernel headers.
- Please read /usr/share/doc/kernel-headers-2.4.27-3-generic/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.4.27-4-generic/debian.README.gz for
details
-Package: kernel-image-2.4.27-3-generic
+Package: kernel-image-2.4.27-4-generic
Architecture: alpha
Section: base
Priority: optional
@@ -62,21 +62,21 @@
and it is suggested that you install that package if you wish to
create a custom kernel from the sources.
-Package: kernel-headers-2.4.27-3-smp
+Package: kernel-headers-2.4.27-4-smp
Architecture: alpha
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4
Provides: kernel-headers, kernel-headers-2.4
Description: Linux kernel headers 2.4.27 on Alpha SMP
This package provides kernel header files for version 2.4.27 on
the Alpha architecture with SMP support,
for sites that want the latest kernel headers.
SMP (symmetric multi-processing) is needed if you have multiple processors.
- Please read /usr/share/doc/kernel-headers-2.4.27-3-smp/debian.README.gz for
+ Please read /usr/share/doc/kernel-headers-2.4.27-4-smp/debian.README.gz for
details
-Package: kernel-image-2.4.27-3-smp
+Package: kernel-image-2.4.27-4-smp
Architecture: alpha
Section: base
Priority: optional
Modified: dists/sarge-security/kernel-2.4/alpha/kernel-latest-2.4-alpha/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/alpha/kernel-latest-2.4-alpha/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/alpha/kernel-latest-2.4-alpha/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,9 @@
+kernel-latest-2.4-alpha (101sarge3) oldstable-security; urgency=high
+
+ * Update for -4 ABI
+
+ -- dann frazier <dannf at debian.org> Mon, 18 Feb 2008 04:24:10 -0700
+
kernel-latest-2.4-alpha (101sarge1) stable-security; urgency=high
* Update for -3 ABI
Modified: dists/sarge-security/kernel-2.4/alpha/kernel-latest-2.4-alpha/debian/control
==============================================================================
--- dists/sarge-security/kernel-2.4/alpha/kernel-latest-2.4-alpha/debian/control (original)
+++ dists/sarge-security/kernel-2.4/alpha/kernel-latest-2.4-alpha/debian/control Fri Feb 22 22:18:12 2008
@@ -10,7 +10,7 @@
Architecture: alpha
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-generic
+Depends: kernel-image-2.4.27-4-generic
Description: Linux kernel image for version 2.4 on Alpha.
This package will always depend on the latest 2.4 kernel image available for
the Alpha architecture.
@@ -19,7 +19,7 @@
Architecture: alpha
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-smp
+Depends: kernel-image-2.4.27-4-smp
Description: Linux kernel image for version 2.4 on Alpha SMP.
This package will always depend on the latest 2.4 kernel image available for
the Alpha architecture with SMP support.
@@ -28,7 +28,7 @@
Architecture: alpha
Section: devel
Priority: optional
-Depends: kernel-headers-2.4.27-3-generic
+Depends: kernel-headers-2.4.27-4-generic
Description: Linux kernel headers 2.4 on Alpha
This package will always depend on the latest 2.4 kernel headers available
for the Alpha architecture.
@@ -37,7 +37,7 @@
Architecture: alpha
Section: devel
Priority: optional
-Depends: kernel-headers-2.4.27-3-smp
+Depends: kernel-headers-2.4.27-4-smp
Description: Linux kernel headers 2.4 on Alpha SMP
This package will always depend on the latest 2.4 kernel headers available
for the Alpha architecture with SMP support.
Modified: dists/sarge-security/kernel-2.4/arm/kernel-image-2.4.27-arm-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/arm/kernel-image-2.4.27-arm-2.4.27/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/arm/kernel-image-2.4.27-arm-2.4.27/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,97 @@
+kernel-image-2.4.27-arm (2.4.27-2sarge6) oldstable-security; urgency=high
+
+ * Build against kernel-tree-2.4.27-10sarge6:
+ * 239_mincore-hang.diff
+ [SECURITY] Fix a potential deadlock in mincore
+ See CVE-2006-4814
+ * [ERRATA] 240_smbfs-honor-mount-opts-2.diff
+ Fix some regressions with respect to file types (e.g., symlinks)
+ introduced by the fix for CVE-2006-5871 in 2.4.27-10sarge5
+ * 241_bluetooth-capi-size-checks.diff
+ [SECURITY] Add additional length checks to avoid potential remote
+ DoS attacks in the handling of CAPI messages in the bluetooth driver
+ See CVE-2006-6106
+ * 242_ext3-fsfuzz.diff
+ [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+ user with the ability to mount a corrupted ext3 filesystem
+ See CVE-2006-6053
+ * 243_ipv6_fl_socklist-no-share.diff
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
+ * 244_bluetooth-l2cap-hci-info-leaks.diff
+ 245_bluetooth-l2cap-hci-info-leaks-2.diff
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * 246_dn_fib-out-of-bounds.diff
+ 266_ipv4-fib_props-out-of-bounds.diff
+ 267_ipv4-fib_props-out-of-bounds-2.diff
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * 247_reset-pdeathsig-on-suid.diff
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ Thanks to Marcel Holtmann for the patch.
+ See CVE-2007-3848
+ * 248_random-reseed-sizeof-fix.diff
+ [SECURITY] Fix a bug in the random driver reseeding code that reduces
+ entropy by reseeding a smaller buffer size than expected
+ See CVE-2007-4311
+ * 249_openpromfs-signedness-bug.diff
+ 250_openpromfs-checks-1.diff
+ 251_openpromfs-checks-2.diff
+ 252_openpromfs-checks-3.diff
+ [SECURITY] Fix a number of data checks in openprom code
+ See CVE-2004-2731
+ * 253_coredump-only-to-same-uid.diff
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * 254_cramfs-check-block-length.diff
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * 255_pppoe-socket-release-mem-leak.diff
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * 256_i4l-isdn_ioctl-mem-overrun.diff
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * 257_isdn-net-overflow.diff
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * 258_ext2_readdir-f_pos-fix.diff,
+ 259_ext2_readdir-infinite-loop.diff,
+ 260_ext2-skip-pages-past-num-blocks.diff
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * 261_listxattr-mem-corruption.diff
+ [SECURITY] Fix userspace corruption vulnerability caused by
+ incorrectly promoted return values in bad_inode_ops
+ This patches changes the kernel ABI.
+ See CVE-2006-5753
+ * 262_aacraid-ioctl-perm-check.diff
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * 263_usb-pwc-disconnect-block.diff
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * 264_mmap-VM_DONTEXPAND.diff
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+ * 265_powerpc-chrp-null-deref.diff
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+
+ -- dann frazier <dannf at debian.org> Mon, 18 Feb 2008 04:25:26 -0700
+
kernel-image-2.4.27-arm (2.4.27-2sarge5) stable-security; urgency=high
* Build against kernel-tree-2.4.27-10sarge5:
Modified: dists/sarge-security/kernel-2.4/arm/kernel-image-2.4.27-arm-2.4.27/debian/control
==============================================================================
--- dists/sarge-security/kernel-2.4/arm/kernel-image-2.4.27-arm-2.4.27/debian/control (original)
+++ dists/sarge-security/kernel-2.4/arm/kernel-image-2.4.27-arm-2.4.27/debian/control Fri Feb 22 22:18:12 2008
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Vincent Sanders <vince at debian.org>
Standards-Version: 3.6.2
-Build-Depends: debhelper (>= 3), gcc-2.95, kernel-package, kernel-patch-2.4.27-arm (>= 2.4.27-1sarge1), modutils, kernel-source-2.4.27 (>=2.4.27-10sarge5)
+Build-Depends: debhelper (>= 3), gcc-2.95, kernel-package, kernel-patch-2.4.27-arm (>= 2.4.27-1sarge1), modutils, kernel-source-2.4.27 (>=2.4.27-10sarge6)
Package: kernel-headers-2.4.27
Architecture: arm
Modified: dists/sarge-security/kernel-2.4/i386/kernel-image-2.4.27-i386-2.4.27/debian/control
==============================================================================
--- dists/sarge-security/kernel-2.4/i386/kernel-image-2.4.27-i386-2.4.27/debian/control (original)
+++ dists/sarge-security/kernel-2.4/i386/kernel-image-2.4.27-i386-2.4.27/debian/control Fri Feb 22 22:18:12 2008
@@ -31,7 +31,7 @@
Architecture: i386
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4
Provides: kernel-headers, kernel-headers-2.4
Description: Linux 2.4.27 kernel headers for 386
This package provides common kernel header files for version 2.4.27 on 386,
@@ -83,7 +83,7 @@
Architecture: i386
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4
Provides: kernel-headers, kernel-headers-2.4
Description: Linux 2.4.27 kernel headers for Pentium-Classic
This package provides common kernel header files for version 2.4.27 for
@@ -136,7 +136,7 @@
Architecture: i386
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4
Provides: kernel-headers, kernel-headers-2.4
Description: Linux 2.4.27 kernel headers for PPro/Celeron/PII/PIII/P4
This package provides common kernel header files for version 2.4.27 for
@@ -189,7 +189,7 @@
Architecture: i386
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4
Provides: kernel-headers, kernel-headers-2.4
Description: Linux 2.4.27 kernel headers for PPro/Celeron/PII/PIII/P4 SMP
This package provides common kernel header files for version 2.4.27 for
@@ -246,7 +246,7 @@
Architecture: i386
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4
Provides: kernel-headers, kernel-headers-2.4
Description: Linux 2.4.27 kernel headers for AMD K6/K6-II/K6-III
This package provides common kernel header files for version 2.4.27 for
@@ -299,7 +299,7 @@
Architecture: i386
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4
Provides: kernel-headers, kernel-headers-2.4
Description: Linux 2.4.27 kernel headers for AMD K7
This package provides common kernel header files for version 2.4.27 for
@@ -352,7 +352,7 @@
Architecture: i386
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4
Provides: kernel-headers, kernel-headers-2.4
Description: Linux 2.4.27 kernel headers for AMD K7 SMP
This package provides common kernel header files for version 2.4.27 for
Modified: dists/sarge-security/kernel-2.4/i386/kernel-image-speakup-i386-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/i386/kernel-image-speakup-i386-2.4.27/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/i386/kernel-image-speakup-i386-2.4.27/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,97 @@
+kernel-image-speakup-i386 (2.4.27-1.1sarge5) oldstable-security; urgency=high
+
+ * Build against kernel-tree-2.4.27-10sarge6:
+ * 239_mincore-hang.diff
+ [SECURITY] Fix a potential deadlock in mincore
+ See CVE-2006-4814
+ * [ERRATA] 240_smbfs-honor-mount-opts-2.diff
+ Fix some regressions with respect to file types (e.g., symlinks)
+ introduced by the fix for CVE-2006-5871 in 2.4.27-10sarge5
+ * 241_bluetooth-capi-size-checks.diff
+ [SECURITY] Add additional length checks to avoid potential remote
+ DoS attacks in the handling of CAPI messages in the bluetooth driver
+ See CVE-2006-6106
+ * 242_ext3-fsfuzz.diff
+ [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+ user with the ability to mount a corrupted ext3 filesystem
+ See CVE-2006-6053
+ * 243_ipv6_fl_socklist-no-share.diff
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
+ * 244_bluetooth-l2cap-hci-info-leaks.diff
+ 245_bluetooth-l2cap-hci-info-leaks-2.diff
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * 246_dn_fib-out-of-bounds.diff
+ 266_ipv4-fib_props-out-of-bounds.diff
+ 267_ipv4-fib_props-out-of-bounds-2.diff
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * 247_reset-pdeathsig-on-suid.diff
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ Thanks to Marcel Holtmann for the patch.
+ See CVE-2007-3848
+ * 248_random-reseed-sizeof-fix.diff
+ [SECURITY] Fix a bug in the random driver reseeding code that reduces
+ entropy by reseeding a smaller buffer size than expected
+ See CVE-2007-4311
+ * 249_openpromfs-signedness-bug.diff
+ 250_openpromfs-checks-1.diff
+ 251_openpromfs-checks-2.diff
+ 252_openpromfs-checks-3.diff
+ [SECURITY] Fix a number of data checks in openprom code
+ See CVE-2004-2731
+ * 253_coredump-only-to-same-uid.diff
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * 254_cramfs-check-block-length.diff
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * 255_pppoe-socket-release-mem-leak.diff
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * 256_i4l-isdn_ioctl-mem-overrun.diff
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * 257_isdn-net-overflow.diff
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * 258_ext2_readdir-f_pos-fix.diff,
+ 259_ext2_readdir-infinite-loop.diff,
+ 260_ext2-skip-pages-past-num-blocks.diff
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * 261_listxattr-mem-corruption.diff
+ [SECURITY] Fix userspace corruption vulnerability caused by
+ incorrectly promoted return values in bad_inode_ops
+ This patches changes the kernel ABI.
+ See CVE-2006-5753
+ * 262_aacraid-ioctl-perm-check.diff
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * 263_usb-pwc-disconnect-block.diff
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * 264_mmap-VM_DONTEXPAND.diff
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+ * 265_powerpc-chrp-null-deref.diff
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+
+ -- dann frazier <dannf at debian.org> Mon, 18 Feb 2008 04:17:43 -0700
+
kernel-image-speakup-i386 (2.4.27-1.1sarge4) stable-security; urgency=high
* Build against kernel-tree-2.4.27-10sarge5:
Modified: dists/sarge-security/kernel-2.4/i386/kernel-image-speakup-i386-2.4.27/debian/control
==============================================================================
--- dists/sarge-security/kernel-2.4/i386/kernel-image-speakup-i386-2.4.27/debian/control (original)
+++ dists/sarge-security/kernel-2.4/i386/kernel-image-speakup-i386-2.4.27/debian/control Fri Feb 22 22:18:12 2008
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Mario Lang <mlang at debian.org>
Standards-Version: 3.6.1
-Build-Depends: debhelper (>= 2), modutils, kernel-tree-2.4.27-10sarge5, kernel-package (>= 8.042), kernel-patch-speakup (>= 20040506-1), transfig
+Build-Depends: debhelper (>= 2), modutils, kernel-tree-2.4.27-10sarge6, kernel-package (>= 8.042), kernel-patch-speakup (>= 20040506-1), transfig
Package: kernel-doc-2.4.27-speakup
Architecture: all
Modified: dists/sarge-security/kernel-2.4/i386/kernel-latest-2.4-i386/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/i386/kernel-latest-2.4-i386/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/i386/kernel-latest-2.4-i386/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,9 @@
+kernel-latest-2.4-i386 (101sarge2) oldstable-security; urgency=high
+
+ * Update for the -4 ABI
+
+ -- dann frazier <dannf at debian.org> Mon, 18 Feb 2008 04:25:51 -0700
+
kernel-latest-2.4-i386 (101sarge1) stable-security; urgency=high
* Update for the -3 ABI
Modified: dists/sarge-security/kernel-2.4/i386/kernel-latest-2.4-i386/debian/control
==============================================================================
--- dists/sarge-security/kernel-2.4/i386/kernel-latest-2.4-i386/debian/control (original)
+++ dists/sarge-security/kernel-2.4/i386/kernel-latest-2.4-i386/debian/control Fri Feb 22 22:18:12 2008
@@ -10,7 +10,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-386
+Depends: kernel-image-2.4.27-4-386
Description: Linux kernel image for version 2.4 on 386
This package will always depend on the latest 2.4 kernel image available for
386.
@@ -19,7 +19,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-pcmcia-modules-2.4.27-3-386
+Depends: kernel-pcmcia-modules-2.4.27-4-386
Description: Mainstream PCMCIA modules for version 2.4 on 386
This package will always depend on the latest 2.4 mainstream PCMCIA modules
available for
@@ -29,7 +29,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-headers-2.4.27-3-386
+Depends: kernel-headers-2.4.27-4-386
Description: Linux kernel headers for version 2.4 on 386
This package will always depend on the latest 2.4 kernel headers available for
386, used to build out-of-tree kernel modules and the like.
@@ -38,7 +38,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-586tsc
+Depends: kernel-image-2.4.27-4-586tsc
Description: Linux kernel image for version 2.4 on Pentium-Classic
This package will always depend on the latest 2.4 kernel image available for
Pentium-Classic.
@@ -47,7 +47,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-pcmcia-modules-2.4.27-3-586tsc
+Depends: kernel-pcmcia-modules-2.4.27-4-586tsc
Description: Mainstream PCMCIA modules for version 2.4 on Pentium-Classic
This package will always depend on the latest 2.4 mainstream PCMCIA modules
available for
@@ -57,7 +57,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-headers-2.4.27-3-586tsc
+Depends: kernel-headers-2.4.27-4-586tsc
Description: Linux kernel headers for version 2.4 on Pentium-Classic
This package will always depend on the latest 2.4 kernel headers available for
Pentium-Classic, used to build out-of-tree kernel modules and the like.
@@ -66,7 +66,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-686
+Depends: kernel-image-2.4.27-4-686
Description: Linux kernel image for version 2.4 on PPro/Celeron/PII/PIII/P4
This package will always depend on the latest 2.4 kernel image available for
Pentium Pro/Celeron/Pentium II/Pentium III/Pentium 4.
@@ -75,7 +75,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-pcmcia-modules-2.4.27-3-686
+Depends: kernel-pcmcia-modules-2.4.27-4-686
Description: Mainstream PCMCIA modules for version 2.4 on PPro/Celeron/PII/PIII/P4
This package will always depend on the latest 2.4 mainstream PCMCIA modules
available for
@@ -85,7 +85,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-headers-2.4.27-3-686
+Depends: kernel-headers-2.4.27-4-686
Description: Linux kernel headers for version 2.4 on PPro/Celeron/PII/PIII/P4
This package will always depend on the latest 2.4 kernel headers available for
Pentium Pro/Celeron/Pentium II/Pentium III/Pentium 4, used to build
@@ -95,7 +95,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-686-smp
+Depends: kernel-image-2.4.27-4-686-smp
Description: Linux kernel image for version 2.4 on PPro/Celeron/PII/PIII/P4 SMP
This package will always depend on the latest 2.4 kernel image available for
Pentium Pro/Celeron/Pentium II/Pentium III/Pentium 4 with SMP support.
@@ -105,7 +105,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-pcmcia-modules-2.4.27-3-686-smp
+Depends: kernel-pcmcia-modules-2.4.27-4-686-smp
Description: Mainstream PCMCIA modules for version 2.4 on PPro/Celeron/PII/PIII/P4 SMP
This package will always depend on the latest 2.4 mainstream PCMCIA modules
available for
@@ -116,7 +116,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-headers-2.4.27-3-686-smp
+Depends: kernel-headers-2.4.27-4-686-smp
Description: Linux kernel headers for version 2.4 on PPro/Celeron/PII/PIII/P4 SMP
This package will always depend on the latest 2.4 kernel headers available for
Pentium Pro/Celeron/Pentium II/Pentium III/Pentium 4 with SMP support, used
@@ -127,7 +127,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-k6
+Depends: kernel-image-2.4.27-4-k6
Description: Linux kernel image for version 2.4 on AMD K6/K6-II/K6-III
This package will always depend on the latest 2.4 kernel image available for
AMD K6/K6-II/K6-III.
@@ -136,7 +136,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-pcmcia-modules-2.4.27-3-k6
+Depends: kernel-pcmcia-modules-2.4.27-4-k6
Description: Mainstream PCMCIA modules for version 2.4 on AMD K6/K6-II/K6-III
This package will always depend on the latest 2.4 mainstream PCMCIA modules
available for
@@ -146,7 +146,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-headers-2.4.27-3-k6
+Depends: kernel-headers-2.4.27-4-k6
Description: Linux kernel headers for version 2.4 on K6/K6-II/K6-III
This package will always depend on the latest 2.4 kernel headers available for
Pentium-Classic, used to build out-of-tree kernel modules and the like.
@@ -156,7 +156,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-k7
+Depends: kernel-image-2.4.27-4-k7
Description: Linux kernel image for version 2.4 on AMD K7
This package will always depend on the latest 2.4 kernel image available for
AMD Duron/Athlon.
@@ -165,7 +165,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-pcmcia-modules-2.4.27-3-k7
+Depends: kernel-pcmcia-modules-2.4.27-4-k7
Description: Mainstream PCMCIA modules for version 2.4 on AMD K7
This package will always depend on the latest 2.4 mainstream PCMCIA modules
available for
@@ -175,7 +175,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-headers-2.4.27-3-k7
+Depends: kernel-headers-2.4.27-4-k7
Description: Linux kernel headers for version 2.4 on AMD K7
This package will always depend on the latest 2.4 kernel headers available for
AMD Duron/Athlon, used to build out-of-tree kernel modules and the like.
@@ -184,7 +184,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-k7-smp
+Depends: kernel-image-2.4.27-4-k7-smp
Description: Linux kernel image for version 2.4 on AMD K7 SMP
This package will always depend on the latest 2.4 kernel image available for
AMD Duron/Athlon with SMP support.
@@ -194,7 +194,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-pcmcia-modules-2.4.27-3-k7-smp
+Depends: kernel-pcmcia-modules-2.4.27-4-k7-smp
Description: Mainstream PCMCIA modules for version 2.4 on AMD K7 SMP
This package will always depend on the latest 2.4 mainstream PCMCIA modules
available for
@@ -205,7 +205,7 @@
Architecture: i386
Section: base
Priority: optional
-Depends: kernel-headers-2.4.27-3-k7-smp
+Depends: kernel-headers-2.4.27-4-k7-smp
Description: Linux kernel headers for version 2.4 on AMD K7 SMP
This package will always depend on the latest 2.4 kernel headers available for
AMD Duron/Athlon, used to build out-of-tree kernel modules and the like.
Modified: dists/sarge-security/kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,97 @@
+kernel-image-2.4.27-m68k (2.4.27-3sarge6) oldstable-security; urgency=high
+
+ * Build against kernel-tree-2.4.27-10sarge6:
+ * 239_mincore-hang.diff
+ [SECURITY] Fix a potential deadlock in mincore
+ See CVE-2006-4814
+ * [ERRATA] 240_smbfs-honor-mount-opts-2.diff
+ Fix some regressions with respect to file types (e.g., symlinks)
+ introduced by the fix for CVE-2006-5871 in 2.4.27-10sarge5
+ * 241_bluetooth-capi-size-checks.diff
+ [SECURITY] Add additional length checks to avoid potential remote
+ DoS attacks in the handling of CAPI messages in the bluetooth driver
+ See CVE-2006-6106
+ * 242_ext3-fsfuzz.diff
+ [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+ user with the ability to mount a corrupted ext3 filesystem
+ See CVE-2006-6053
+ * 243_ipv6_fl_socklist-no-share.diff
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
+ * 244_bluetooth-l2cap-hci-info-leaks.diff
+ 245_bluetooth-l2cap-hci-info-leaks-2.diff
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * 246_dn_fib-out-of-bounds.diff
+ 266_ipv4-fib_props-out-of-bounds.diff
+ 267_ipv4-fib_props-out-of-bounds-2.diff
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * 247_reset-pdeathsig-on-suid.diff
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ Thanks to Marcel Holtmann for the patch.
+ See CVE-2007-3848
+ * 248_random-reseed-sizeof-fix.diff
+ [SECURITY] Fix a bug in the random driver reseeding code that reduces
+ entropy by reseeding a smaller buffer size than expected
+ See CVE-2007-4311
+ * 249_openpromfs-signedness-bug.diff
+ 250_openpromfs-checks-1.diff
+ 251_openpromfs-checks-2.diff
+ 252_openpromfs-checks-3.diff
+ [SECURITY] Fix a number of data checks in openprom code
+ See CVE-2004-2731
+ * 253_coredump-only-to-same-uid.diff
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * 254_cramfs-check-block-length.diff
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * 255_pppoe-socket-release-mem-leak.diff
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * 256_i4l-isdn_ioctl-mem-overrun.diff
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * 257_isdn-net-overflow.diff
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * 258_ext2_readdir-f_pos-fix.diff,
+ 259_ext2_readdir-infinite-loop.diff,
+ 260_ext2-skip-pages-past-num-blocks.diff
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * 261_listxattr-mem-corruption.diff
+ [SECURITY] Fix userspace corruption vulnerability caused by
+ incorrectly promoted return values in bad_inode_ops
+ This patches changes the kernel ABI.
+ See CVE-2006-5753
+ * 262_aacraid-ioctl-perm-check.diff
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * 263_usb-pwc-disconnect-block.diff
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * 264_mmap-VM_DONTEXPAND.diff
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+ * 265_powerpc-chrp-null-deref.diff
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+
+ -- dann frazier <dannf at debian.org> Mon, 18 Feb 2008 04:27:46 -0700
+
kernel-image-2.4.27-m68k (2.4.27-3sarge5) stable-security; urgency=high
* Build against kernel-tree-2.4.27-10sarge5:
Modified: dists/sarge-security/kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian/control
==============================================================================
--- dists/sarge-security/kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian/control (original)
+++ dists/sarge-security/kernel-2.4/m68k/kernel-image-2.4.27-m68k-2.4.27/debian/control Fri Feb 22 22:18:12 2008
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Christian T. Steigies <cts at debian.org>
Standards-Version: 3.6.1
-Build-Depends: kernel-tree-2.4.27-10sarge5, kernel-patch-2.4.27-m68k, kernel-package, debhelper, bzip2, console-tools, gcc-2.95
+Build-Depends: kernel-tree-2.4.27-10sarge6, kernel-patch-2.4.27-m68k, kernel-package, debhelper, bzip2, console-tools, gcc-2.95
Package: kernel-image-2.4.27-amiga
Section: base
Modified: dists/sarge-security/kernel-2.4/mips/kernel-patch-2.4.27-mips/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/mips/kernel-patch-2.4.27-mips/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/mips/kernel-patch-2.4.27-mips/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,97 @@
+kernel-patch-2.4.27-mips (2.4.27-10.sarge4.040815-3) oldstable-security; urgency=high
+
+ * Build against kernel-tree-2.4.27-10sarge6:
+ * 239_mincore-hang.diff
+ [SECURITY] Fix a potential deadlock in mincore
+ See CVE-2006-4814
+ * [ERRATA] 240_smbfs-honor-mount-opts-2.diff
+ Fix some regressions with respect to file types (e.g., symlinks)
+ introduced by the fix for CVE-2006-5871 in 2.4.27-10sarge5
+ * 241_bluetooth-capi-size-checks.diff
+ [SECURITY] Add additional length checks to avoid potential remote
+ DoS attacks in the handling of CAPI messages in the bluetooth driver
+ See CVE-2006-6106
+ * 242_ext3-fsfuzz.diff
+ [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+ user with the ability to mount a corrupted ext3 filesystem
+ See CVE-2006-6053
+ * 243_ipv6_fl_socklist-no-share.diff
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
+ * 244_bluetooth-l2cap-hci-info-leaks.diff
+ 245_bluetooth-l2cap-hci-info-leaks-2.diff
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * 246_dn_fib-out-of-bounds.diff
+ 266_ipv4-fib_props-out-of-bounds.diff
+ 267_ipv4-fib_props-out-of-bounds-2.diff
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * 247_reset-pdeathsig-on-suid.diff
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ Thanks to Marcel Holtmann for the patch.
+ See CVE-2007-3848
+ * 248_random-reseed-sizeof-fix.diff
+ [SECURITY] Fix a bug in the random driver reseeding code that reduces
+ entropy by reseeding a smaller buffer size than expected
+ See CVE-2007-4311
+ * 249_openpromfs-signedness-bug.diff
+ 250_openpromfs-checks-1.diff
+ 251_openpromfs-checks-2.diff
+ 252_openpromfs-checks-3.diff
+ [SECURITY] Fix a number of data checks in openprom code
+ See CVE-2004-2731
+ * 253_coredump-only-to-same-uid.diff
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * 254_cramfs-check-block-length.diff
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * 255_pppoe-socket-release-mem-leak.diff
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * 256_i4l-isdn_ioctl-mem-overrun.diff
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * 257_isdn-net-overflow.diff
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * 258_ext2_readdir-f_pos-fix.diff,
+ 259_ext2_readdir-infinite-loop.diff,
+ 260_ext2-skip-pages-past-num-blocks.diff
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * 261_listxattr-mem-corruption.diff
+ [SECURITY] Fix userspace corruption vulnerability caused by
+ incorrectly promoted return values in bad_inode_ops
+ This patches changes the kernel ABI.
+ See CVE-2006-5753
+ * 262_aacraid-ioctl-perm-check.diff
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * 263_usb-pwc-disconnect-block.diff
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * 264_mmap-VM_DONTEXPAND.diff
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+ * 265_powerpc-chrp-null-deref.diff
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+
+ -- dann frazier <dannf at debian.org> Mon, 18 Feb 2008 04:29:46 -0700
+
kernel-patch-2.4.27-mips (2.4.27-10.sarge4.040815-2) stable-security; urgency=high
* Build against kernel-tree-2.4.27-10sarge5:
Modified: dists/sarge-security/kernel-2.4/mips/kernel-patch-2.4.27-mips/debian/control
==============================================================================
--- dists/sarge-security/kernel-2.4/mips/kernel-patch-2.4.27-mips/debian/control (original)
+++ dists/sarge-security/kernel-2.4/mips/kernel-patch-2.4.27-mips/debian/control Fri Feb 22 22:18:12 2008
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Debian kernel team <debian-kernel at lists.debian.org>
Uploaders: Guido Guenther <agx at debian.org>, Karsten Merker <merker at debian.org>, Thiemo Seufer <ths at debian.org>
-Build-Depends: kernel-tree-2.4.27-10sarge5, kernel-package, debhelper (>=4.1.0), modutils, console-tools, dpatch, bzip2
+Build-Depends: kernel-tree-2.4.27-10sarge6, kernel-package, debhelper (>=4.1.0), modutils, console-tools, dpatch, bzip2
Standards-Version: 3.6.1
Package: kernel-headers-2.4.27
Modified: dists/sarge-security/kernel-2.4/powerpc/kernel-patch-powerpc-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/powerpc/kernel-patch-powerpc-2.4.27-2.4.27/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/powerpc/kernel-patch-powerpc-2.4.27-2.4.27/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,97 @@
+kernel-patch-powerpc-2.4.27 (2.4.27-10sarge6) oldstable-security; urgency=high
+
+ * Build against kernel-tree-2.4.27-10sarge6:
+ * 239_mincore-hang.diff
+ [SECURITY] Fix a potential deadlock in mincore
+ See CVE-2006-4814
+ * [ERRATA] 240_smbfs-honor-mount-opts-2.diff
+ Fix some regressions with respect to file types (e.g., symlinks)
+ introduced by the fix for CVE-2006-5871 in 2.4.27-10sarge5
+ * 241_bluetooth-capi-size-checks.diff
+ [SECURITY] Add additional length checks to avoid potential remote
+ DoS attacks in the handling of CAPI messages in the bluetooth driver
+ See CVE-2006-6106
+ * 242_ext3-fsfuzz.diff
+ [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+ user with the ability to mount a corrupted ext3 filesystem
+ See CVE-2006-6053
+ * 243_ipv6_fl_socklist-no-share.diff
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
+ * 244_bluetooth-l2cap-hci-info-leaks.diff
+ 245_bluetooth-l2cap-hci-info-leaks-2.diff
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * 246_dn_fib-out-of-bounds.diff
+ 266_ipv4-fib_props-out-of-bounds.diff
+ 267_ipv4-fib_props-out-of-bounds-2.diff
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * 247_reset-pdeathsig-on-suid.diff
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ Thanks to Marcel Holtmann for the patch.
+ See CVE-2007-3848
+ * 248_random-reseed-sizeof-fix.diff
+ [SECURITY] Fix a bug in the random driver reseeding code that reduces
+ entropy by reseeding a smaller buffer size than expected
+ See CVE-2007-4311
+ * 249_openpromfs-signedness-bug.diff
+ 250_openpromfs-checks-1.diff
+ 251_openpromfs-checks-2.diff
+ 252_openpromfs-checks-3.diff
+ [SECURITY] Fix a number of data checks in openprom code
+ See CVE-2004-2731
+ * 253_coredump-only-to-same-uid.diff
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * 254_cramfs-check-block-length.diff
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * 255_pppoe-socket-release-mem-leak.diff
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * 256_i4l-isdn_ioctl-mem-overrun.diff
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * 257_isdn-net-overflow.diff
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * 258_ext2_readdir-f_pos-fix.diff,
+ 259_ext2_readdir-infinite-loop.diff,
+ 260_ext2-skip-pages-past-num-blocks.diff
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * 261_listxattr-mem-corruption.diff
+ [SECURITY] Fix userspace corruption vulnerability caused by
+ incorrectly promoted return values in bad_inode_ops
+ This patches changes the kernel ABI.
+ See CVE-2006-5753
+ * 262_aacraid-ioctl-perm-check.diff
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * 263_usb-pwc-disconnect-block.diff
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * 264_mmap-VM_DONTEXPAND.diff
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+ * 265_powerpc-chrp-null-deref.diff
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+
+ -- dann frazier <dannf at debian.org> Mon, 18 Feb 2008 04:19:06 -0700
+
kernel-patch-powerpc-2.4.27 (2.4.27-10sarge5) stable-security; urgency=high
* Build against kernel-tree-2.4.27-10sarge5:
Modified: dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,99 @@
+kernel-image-2.4.27-s390 (2.4.27-2sarge6) oldstable-security; urgency=high
+
+ * Build against kernel-tree-2.4.27-10sarge6:
+ * 239_mincore-hang.diff
+ [SECURITY] Fix a potential deadlock in mincore
+ See CVE-2006-4814
+ * [ERRATA] 240_smbfs-honor-mount-opts-2.diff
+ Fix some regressions with respect to file types (e.g., symlinks)
+ introduced by the fix for CVE-2006-5871 in 2.4.27-10sarge5
+ * 241_bluetooth-capi-size-checks.diff
+ [SECURITY] Add additional length checks to avoid potential remote
+ DoS attacks in the handling of CAPI messages in the bluetooth driver
+ See CVE-2006-6106
+ * 242_ext3-fsfuzz.diff
+ [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+ user with the ability to mount a corrupted ext3 filesystem
+ See CVE-2006-6053
+ * 243_ipv6_fl_socklist-no-share.diff
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
+ * 244_bluetooth-l2cap-hci-info-leaks.diff
+ 245_bluetooth-l2cap-hci-info-leaks-2.diff
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * 246_dn_fib-out-of-bounds.diff
+ 266_ipv4-fib_props-out-of-bounds.diff
+ 267_ipv4-fib_props-out-of-bounds-2.diff
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * 247_reset-pdeathsig-on-suid.diff
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ Thanks to Marcel Holtmann for the patch.
+ See CVE-2007-3848
+ * 248_random-reseed-sizeof-fix.diff
+ [SECURITY] Fix a bug in the random driver reseeding code that reduces
+ entropy by reseeding a smaller buffer size than expected
+ See CVE-2007-4311
+ * 249_openpromfs-signedness-bug.diff
+ 250_openpromfs-checks-1.diff
+ 251_openpromfs-checks-2.diff
+ 252_openpromfs-checks-3.diff
+ [SECURITY] Fix a number of data checks in openprom code
+ See CVE-2004-2731
+ * 253_coredump-only-to-same-uid.diff
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * 254_cramfs-check-block-length.diff
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * 255_pppoe-socket-release-mem-leak.diff
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * 256_i4l-isdn_ioctl-mem-overrun.diff
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * 257_isdn-net-overflow.diff
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * 258_ext2_readdir-f_pos-fix.diff,
+ 259_ext2_readdir-infinite-loop.diff,
+ 260_ext2-skip-pages-past-num-blocks.diff
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * 261_listxattr-mem-corruption.diff
+ [SECURITY] Fix userspace corruption vulnerability caused by
+ incorrectly promoted return values in bad_inode_ops
+ This patches changes the kernel ABI.
+ See CVE-2006-5753
+ * 262_aacraid-ioctl-perm-check.diff
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * 263_usb-pwc-disconnect-block.diff
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * 264_mmap-VM_DONTEXPAND.diff
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+ * 265_powerpc-chrp-null-deref.diff
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+ * ABI changing update, increment ABI number to 4. If you don't understand
+ what this means, see http://wiki.debian.org/DebianKernelABIChanges
+
+ -- dann frazier <dannf at debian.org> Sun, 17 Feb 2008 23:56:00 -0700
+
kernel-image-2.4.27-s390 (2.4.27-2sarge5) stable-security; urgency=high
* Build against kernel-tree-2.4.27-10sarge5:
Modified: dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/control
==============================================================================
--- dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/control (original)
+++ dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/control Fri Feb 22 22:18:12 2008
@@ -4,9 +4,9 @@
Maintainer: Debian S/390 Team <debian-s390 at lists.debian.org>
Uploaders: Bastian Blank <waldi at debian.org>
Standards-Version: 3.5.6
-Build-Depends: debhelper (>> 4.0.0), modutils (>= 2.4.21), kernel-tree-2.4.27-10sarge5, kernel-patch-2.4.27-s390 (>= 2.4.27-2sarge1), kernel-package (>= 8.084)
+Build-Depends: debhelper (>> 4.0.0), modutils (>= 2.4.21), kernel-tree-2.4.27-10sarge6, kernel-patch-2.4.27-s390 (>= 2.4.27-2sarge1), kernel-package (>= 8.084)
-Package: kernel-headers-2.4.27-3
+Package: kernel-headers-2.4.27-4
Architecture: s390
Section: devel
Priority: optional
@@ -16,7 +16,7 @@
for sites that want the latest kernel headers. Please read
/usr/share/doc/kernel-headers-2.4.27/debian.README.gz for details.
-Package: kernel-image-2.4.27-3-s390
+Package: kernel-image-2.4.27-4-s390
Architecture: s390
Section: base
Priority: optional
@@ -36,7 +36,7 @@
and it is suggested that you install that package if you wish to
create a custom kernel from the sources.
-Package: kernel-image-2.4.27-3-s390-tape
+Package: kernel-image-2.4.27-4-s390-tape
Architecture: s390
Section: base
Priority: extra
@@ -46,7 +46,7 @@
.
This kernel has support to IPL (boot) from a tape.
-Package: kernel-image-2.4.27-3-s390x
+Package: kernel-image-2.4.27-4-s390x
Architecture: s390
Section: base
Priority: optional
Modified: dists/sarge-security/kernel-2.4/s390/kernel-latest-2.4-s390/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/s390/kernel-latest-2.4-s390/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/s390/kernel-latest-2.4-s390/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,9 @@
+kernel-latest-2.4-s390 (2.4.27-1sarge2) oldstable-security; urgency=high
+
+ * Update for the -3 ABI
+
+ -- dann frazier <dannf at debian.org> Mon, 18 Feb 2008 04:35:58 -0700
+
kernel-latest-2.4-s390 (2.4.27-1sarge1) stable-security; urgency=high
* Update for the -3 ABI
Modified: dists/sarge-security/kernel-2.4/s390/kernel-latest-2.4-s390/debian/control
==============================================================================
--- dists/sarge-security/kernel-2.4/s390/kernel-latest-2.4-s390/debian/control (original)
+++ dists/sarge-security/kernel-2.4/s390/kernel-latest-2.4-s390/debian/control Fri Feb 22 22:18:12 2008
@@ -10,7 +10,7 @@
Architecture: s390
Section: devel
Priority: optional
-Depends: kernel-headers-2.4.27-3
+Depends: kernel-headers-2.4.27-4
Description: Header files related to latest Linux kernel version 2.4 on IBM S/390
This package will always depend on the latest 2.4 kernel headers available
for IBM S/390.
@@ -19,7 +19,7 @@
Architecture: s390
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-s390
+Depends: kernel-image-2.4.27-4-s390
Description: Linux kernel image for kernel version 2.4 on IBM S/390
This package will always depend on the latest 2.4 kernel image available
for IBM S/390.
@@ -28,7 +28,7 @@
Architecture: s390
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-s390x
+Depends: kernel-image-2.4.27-4-s390x
Description: Linux kernel image for kernel version 2.4 on IBM zSeries
This package will always depend on the latest 2.4 kernel image available
for IBM zSeries.
Modified: dists/sarge-security/kernel-2.4/sparc/kernel-image-2.4.27-sparc-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/sparc/kernel-image-2.4.27-sparc-2.4.27/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/sparc/kernel-image-2.4.27-sparc-2.4.27/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,99 @@
+kernel-image-2.4.27-sparc (2.4.27-9sarge6) oldstable-security; urgency=high
+
+ * Build against kernel-tree-2.4.27-10sarge6:
+ * 239_mincore-hang.diff
+ [SECURITY] Fix a potential deadlock in mincore
+ See CVE-2006-4814
+ * [ERRATA] 240_smbfs-honor-mount-opts-2.diff
+ Fix some regressions with respect to file types (e.g., symlinks)
+ introduced by the fix for CVE-2006-5871 in 2.4.27-10sarge5
+ * 241_bluetooth-capi-size-checks.diff
+ [SECURITY] Add additional length checks to avoid potential remote
+ DoS attacks in the handling of CAPI messages in the bluetooth driver
+ See CVE-2006-6106
+ * 242_ext3-fsfuzz.diff
+ [SECURITY] Fix a DoS vulnerability that can be triggered by a local
+ user with the ability to mount a corrupted ext3 filesystem
+ See CVE-2006-6053
+ * 243_ipv6_fl_socklist-no-share.diff
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
+ * 244_bluetooth-l2cap-hci-info-leaks.diff
+ 245_bluetooth-l2cap-hci-info-leaks-2.diff
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * 246_dn_fib-out-of-bounds.diff
+ 266_ipv4-fib_props-out-of-bounds.diff
+ 267_ipv4-fib_props-out-of-bounds-2.diff
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * 247_reset-pdeathsig-on-suid.diff
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ Thanks to Marcel Holtmann for the patch.
+ See CVE-2007-3848
+ * 248_random-reseed-sizeof-fix.diff
+ [SECURITY] Fix a bug in the random driver reseeding code that reduces
+ entropy by reseeding a smaller buffer size than expected
+ See CVE-2007-4311
+ * 249_openpromfs-signedness-bug.diff
+ 250_openpromfs-checks-1.diff
+ 251_openpromfs-checks-2.diff
+ 252_openpromfs-checks-3.diff
+ [SECURITY] Fix a number of data checks in openprom code
+ See CVE-2004-2731
+ * 253_coredump-only-to-same-uid.diff
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * 254_cramfs-check-block-length.diff
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * 255_pppoe-socket-release-mem-leak.diff
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * 256_i4l-isdn_ioctl-mem-overrun.diff
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * 257_isdn-net-overflow.diff
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * 258_ext2_readdir-f_pos-fix.diff,
+ 259_ext2_readdir-infinite-loop.diff,
+ 260_ext2-skip-pages-past-num-blocks.diff
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * 261_listxattr-mem-corruption.diff
+ [SECURITY] Fix userspace corruption vulnerability caused by
+ incorrectly promoted return values in bad_inode_ops
+ This patches changes the kernel ABI.
+ See CVE-2006-5753
+ * 262_aacraid-ioctl-perm-check.diff
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * 263_usb-pwc-disconnect-block.diff
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * 264_mmap-VM_DONTEXPAND.diff
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+ * 265_powerpc-chrp-null-deref.diff
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+ * ABI changing update, increment ABI number to 4. If you don't understand
+ what this means, see http://wiki.debian.org/DebianKernelABIChanges
+
+ -- dann frazier <dannf at debian.org> Sun, 17 Feb 2008 23:49:12 -0700
+
kernel-image-2.4.27-sparc (2.4.27-9sarge5) stable-security; urgency=high
* Build against kernel-tree-2.4.27-10sarge5:
Modified: dists/sarge-security/kernel-2.4/sparc/kernel-image-2.4.27-sparc-2.4.27/debian/control
==============================================================================
--- dists/sarge-security/kernel-2.4/sparc/kernel-image-2.4.27-sparc-2.4.27/debian/control (original)
+++ dists/sarge-security/kernel-2.4/sparc/kernel-image-2.4.27-sparc-2.4.27/debian/control Fri Feb 22 22:18:12 2008
@@ -4,19 +4,19 @@
Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>
Uploaders: Rob Radez <rob at osinvestor.com>, Joshua Kwan <joshk at triplehelix.org>, Andres Salomon <dilinger at debian.org>
Standards-Version: 3.6.1.0
-Build-Depends: gcc (>= 4:3.3), kernel-tree-2.4.27-10sarge5, debhelper (>= 4), kernel-package, sparc-utils, modutils
+Build-Depends: gcc (>= 4:3.3), kernel-tree-2.4.27-10sarge6, debhelper (>= 4), kernel-package, sparc-utils, modutils
-Package: kernel-build-2.4.27-3
+Package: kernel-build-2.4.27-4
Architecture: sparc
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3-sparc64, kernel-headers-2.4.27-3-sparc64-smp, kernel-headers-2.4.27-3-sparc32, kernel-headers-2.4.27-3-sparc32-smp
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4-sparc64, kernel-headers-2.4.27-4-sparc64-smp, kernel-headers-2.4.27-4-sparc32, kernel-headers-2.4.27-4-sparc32-smp
Description: Headers for building modules for Linux 2.4.27
This package provides kernel header files for building modules for the
precompiled kernel images on SPARC (both 32 and 64 bit, uniprocessor and
multiprocessor.)
-Package: kernel-headers-2.4.27-3
+Package: kernel-headers-2.4.27-4
Architecture: sparc
Section: devel
Priority: optional
@@ -30,29 +30,29 @@
This package consists mostly of the common files between the three header
packages you should really be using for building modules:
.
- - kernel-headers-2.4.27-3-sparc32
- - kernel-headers-2.4.27-3-sparc32-smp
- - kernel-headers-2.4.27-3-sparc64
- - kernel-headers-2.4.27-3-sparc64-smp
+ - kernel-headers-2.4.27-4-sparc32
+ - kernel-headers-2.4.27-4-sparc32-smp
+ - kernel-headers-2.4.27-4-sparc64
+ - kernel-headers-2.4.27-4-sparc64-smp
.
For more information you can also read:
- /usr/share/doc/kernel-headers-2.4.27-3/debian.README.gz.
+ /usr/share/doc/kernel-headers-2.4.27-4/debian.README.gz.
-Package: kernel-headers-2.4.27-3-sparc32
+Package: kernel-headers-2.4.27-4-sparc32
Architecture: sparc
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4
Provides: kernel-headers, kernel-headers-2.4
Description: Header files for Linux kernel 2.4.27 on uniprocessor 32-bit SPARC
This package provides kernel header files for version 2.4.27 on the 32-bit
SPARC architecture, used to build out-of-tree kernel modules.
.
- You need this package to build modules if "uname -r" returns 2.4.27-3-sparc32.
+ You need this package to build modules if "uname -r" returns 2.4.27-4-sparc32.
Please see the "module-assistant" package for more information on building
external kernel modules.
-Package: kernel-image-2.4.27-3-sparc32
+Package: kernel-image-2.4.27-4-sparc32
Section: base
Architecture: sparc
Priority: optional
@@ -77,21 +77,21 @@
NOTE: sparc32 includes virtually all non-UltraSPARC systems. If you do not
have an UltraSPARC, this is most likely the kernel you want.
-Package: kernel-headers-2.4.27-3-sparc32-smp
+Package: kernel-headers-2.4.27-4-sparc32-smp
Architecture: sparc
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4
Provides: kernel-headers, kernel-headers-2.4
Description: Header files for Linux kernel 2.4.27 on multiprocessor 32-bit SPARC
This package provides kernel header files for version 2.4.27 on the 32-bit
SPARC architecture, used to build out-of-tree kernel modules.
.
You need this package to build modules if "uname -r" returns
- 2.4.27-3-sparc32-smp. Please see the "module-assistant" package for more
+ 2.4.27-4-sparc32-smp. Please see the "module-assistant" package for more
information on building external kernel modules.
-Package: kernel-image-2.4.27-3-sparc32-smp
+Package: kernel-image-2.4.27-4-sparc32-smp
Section: base
Architecture: sparc
Priority: optional
@@ -118,21 +118,21 @@
kernel is specifically for SMP (multiple processors) systems. If you do not
have more than one CPU, then choose the non-SMP kernel image.
-Package: kernel-headers-2.4.27-3-sparc64
+Package: kernel-headers-2.4.27-4-sparc64
Architecture: sparc
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4
Provides: kernel-headers, kernel-headers-2.4
Description: Header files for Linux kernel 2.4.27 on uniprocessor 64-bit SPARC
This package provides kernel header files for version 2.4.27 on the 64-bit
SPARC architecture, used to build out-of-tree kernel modules.
.
- You need this package to build modules if "uname -r" returns 2.4.27-3-sparc64.
+ You need this package to build modules if "uname -r" returns 2.4.27-4-sparc64.
Please see the "module-assistant" package for more information on building
external kernel modules.
-Package: kernel-image-2.4.27-3-sparc64
+Package: kernel-image-2.4.27-4-sparc64
Section: base
Architecture: sparc
Priority: optional
@@ -157,21 +157,21 @@
NOTE: This kernel is strictly for UltraSPARC (sparc64) class systems. If you
do not have an UltraSPARC, then most likely you want the sparc32 image.
-Package: kernel-headers-2.4.27-3-sparc64-smp
+Package: kernel-headers-2.4.27-4-sparc64-smp
Architecture: sparc
Section: devel
Priority: optional
-Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-3
+Depends: coreutils | fileutils (>= 4.0), kernel-headers-2.4.27-4
Provides: kernel-headers, kernel-headers-2.4
Description: Header files for Linux kernel 2.4.27 on multiprocessor 64-bit SPARC
This package provides kernel header files for version 2.4.27 on the 32-bit
SPARC architecture, used to build out-of-tree kernel modules.
.
You need this package to build modules if "uname -r" returns
- 2.4.27-3-sparc64-smp. Please see the "module-assistant" package for more
+ 2.4.27-4-sparc64-smp. Please see the "module-assistant" package for more
information on building external kernel modules.
-Package: kernel-image-2.4.27-3-sparc64-smp
+Package: kernel-image-2.4.27-4-sparc64-smp
Section: base
Architecture: sparc
Priority: optional
Modified: dists/sarge-security/kernel-2.4/sparc/kernel-latest-2.4-sparc/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/sparc/kernel-latest-2.4-sparc/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/sparc/kernel-latest-2.4-sparc/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,9 @@
+kernel-latest-2.4-sparc (42sarge3) oldstable-security; urgency=high
+
+ * Update for -4 ABI
+
+ -- dann frazier <dannf at debian.org> Mon, 18 Feb 2008 04:36:49 -0700
+
kernel-latest-2.4-sparc (42sarge2) stable-security; urgency=high
* Really update for -3 ABI
Modified: dists/sarge-security/kernel-2.4/sparc/kernel-latest-2.4-sparc/debian/control
==============================================================================
--- dists/sarge-security/kernel-2.4/sparc/kernel-latest-2.4-sparc/debian/control (original)
+++ dists/sarge-security/kernel-2.4/sparc/kernel-latest-2.4-sparc/debian/control Fri Feb 22 22:18:12 2008
@@ -9,7 +9,7 @@
Package: kernel-image-2.4-sparc32
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-sparc32
+Depends: kernel-image-2.4.27-4-sparc32
Architecture: sparc
Description: Linux 2.4 kernel binary image for sparc32 systems
This package will always depend on the latest 2.4 kernel for uniprocessor
@@ -18,7 +18,7 @@
Package: kernel-headers-2.4-sparc32
Section: devel
Priority: optional
-Depends: kernel-headers-2.4.27-3-sparc32
+Depends: kernel-headers-2.4.27-4-sparc32
Architecture: sparc
Description: Linux 2.4 kernel headers for sparc32 systems
This package will always depend on the latest 2.4 kernel headers for
@@ -28,7 +28,7 @@
Package: kernel-image-2.4-sparc32-smp
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-sparc32-smp
+Depends: kernel-image-2.4.27-4-sparc32-smp
Architecture: sparc
Description: Linux 2.4 kernel binary image for SMP sparc32 systems
This package will always depend on the latest 2.4 kernel image for
@@ -38,7 +38,7 @@
Package: kernel-headers-2.4-sparc32-smp
Section: devel
Priority: optional
-Depends: kernel-headers-2.4.27-3-sparc32-smp
+Depends: kernel-headers-2.4.27-4-sparc32-smp
Architecture: sparc
Description: Linux 2.4 kernel headers for SMP sparc32 systems
This package will always depend on the latest 2.4 kernel headers for
@@ -48,7 +48,7 @@
Package: kernel-image-2.4-sparc64
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-sparc64
+Depends: kernel-image-2.4.27-4-sparc64
Architecture: sparc
Description: Linux 2.4 kernel binary image for UltraSPARC (sparc64) systems
This package will always depend on the latest 2.4 kernel for uniprocessor
@@ -57,7 +57,7 @@
Package: kernel-headers-2.4-sparc64
Section: devel
Priority: optional
-Depends: kernel-headers-2.4.27-3-sparc64
+Depends: kernel-headers-2.4.27-4-sparc64
Architecture: sparc
Description: Linux 2.4 kernel headers for UltraSPARC (sparc64) systems
This package will always depend on the latest 2.4 kernel headers for
@@ -67,7 +67,7 @@
Package: kernel-image-2.4-sparc64-smp
Section: base
Priority: optional
-Depends: kernel-image-2.4.27-3-sparc64-smp
+Depends: kernel-image-2.4.27-4-sparc64-smp
Architecture: sparc
Description: Linux 2.4 kernel binary image for SMP UltraSPARC (sparc64) systems
This package will always depend on the latest 2.4 kernel for multiprocessor
@@ -76,7 +76,7 @@
Package: kernel-headers-2.4-sparc64-smp
Section: devel
Priority: optional
-Depends: kernel-headers-2.4.27-3-sparc64-smp
+Depends: kernel-headers-2.4.27-4-sparc64-smp
Architecture: sparc
Description: Linux 2.4 kernel headers for SMP UltraSPARC (sparc64) systems
This package will always depend on the latest 2.4 kernel headers for
Modified: dists/sarge-security/kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,82 @@
+kernel-image-2.6.8-alpha (2.6.8-17sarge1) oldstable-security; urgency=high
+
+ * Rebuild against kernel-tree-2.6.8-17sarge1
+ * compat_sys_mount-NULL-data_page.dpatch
+ [SECURITY] Fix oops in compat_sys_mount triggered by NULL data_page
+ See CVE-2006-7203
+ * pppoe-socket-release-mem-leak.dpatch
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * dn_fib-out-of-bounds.dpatch, ipv4-fib_props-out-of-bounds.dpatch
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * aacraid-ioctl-perm-check.dpatch
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * reset-pdeathsig-on-suid.dpatch
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ See CVE-2007-3848
+ * bluetooth-l2cap-hci-info-leaks.dpatch
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * coredump-only-to-same-uid.dpatch
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * i4l-isdn_ioctl-mem-overrun.dpatch
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * cramfs-check-block-length.dpatch
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * ext2-skip-pages-past-num-blocks.dpatch
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * minixfs-printk-hang.dpatch
+ [SECURITY] Rate-limit printks caused by accessing a corrupted minixfs
+ filesystem that would otherwise cause a system to hang (printk storm)
+ See CVE-2006-6058
+ * isdn-net-overflow.dpatch
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * prevent-stack-growth-into-hugetlb-region.dpatch
+ [SECURITY] Prevent OOPS during stack expansion when the VMA crosses
+ into address space reserved for hugetlb pages.
+ See CVE-2007-3739
+ * cifs-honor-umask.dpatch
+ [SECURITY] Make CIFS honor a process' umask
+ See CVE-2007-3740
+ * hugetlb-prio_tree-unit-fix.dpatch
+ [SECURITY] Fix misconversion of hugetlb_vmtruncate_list to prio_tree
+ which could be used to trigger a BUG_ON() call in exit_mmap.
+ See CVE-2007-4133
+ * amd64-zero-extend-32bit-ptrace.dpatch
+ [SECURITY] Zero extend all registers after ptrace in 32-bit entry path.
+ See CVE-2007-4573
+ * usb-pwc-disconnect-block.dpatch
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * powerpc-chrp-null-deref.dpatch
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+ * random-bound-check-ordering.dpatch
+ [SECURITY] Fix stack-based buffer overflow in the random number
+ generator
+ See CVE-2007-3105
+ * mmap-VM_DONTEXPAND.dpatch
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+
+ -- dann frazier <dannf at debian.org> Tue, 19 Feb 2008 20:46:31 -0700
+
kernel-image-2.6.8-alpha (2.6.8-17) oldstable; urgency=high
* Rebuild against kernel-tree-2.6.8-17
Modified: dists/sarge-security/kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian/control
==============================================================================
--- dists/sarge-security/kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian/control (original)
+++ dists/sarge-security/kernel/alpha/kernel-image-2.6.8-alpha-2.6.8/debian/control Fri Feb 22 22:18:12 2008
@@ -4,7 +4,7 @@
Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>
Uploaders: Norbert Tretkowski <nobse at debian.org>
Standards-Version: 3.6.1
-Build-Depends: debhelper (>= 2), kernel-package (>= 8.054), kernel-tree-2.6.8-17, module-init-tools
+Build-Depends: debhelper (>= 2), kernel-package (>= 8.054), kernel-tree-2.6.8-17sarge1, module-init-tools
Package: kernel-headers-2.6.8-4
Architecture: alpha
Modified: dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,82 @@
+kernel-image-2.6.8-amd64 (2.6.8-17sarge1) oldstable-security; urgency=high
+
+ * Rebuild against kernel-tree-2.6.8-17sarge1
+ * compat_sys_mount-NULL-data_page.dpatch
+ [SECURITY] Fix oops in compat_sys_mount triggered by NULL data_page
+ See CVE-2006-7203
+ * pppoe-socket-release-mem-leak.dpatch
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * dn_fib-out-of-bounds.dpatch, ipv4-fib_props-out-of-bounds.dpatch
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * aacraid-ioctl-perm-check.dpatch
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * reset-pdeathsig-on-suid.dpatch
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ See CVE-2007-3848
+ * bluetooth-l2cap-hci-info-leaks.dpatch
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * coredump-only-to-same-uid.dpatch
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * i4l-isdn_ioctl-mem-overrun.dpatch
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * cramfs-check-block-length.dpatch
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * ext2-skip-pages-past-num-blocks.dpatch
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * minixfs-printk-hang.dpatch
+ [SECURITY] Rate-limit printks caused by accessing a corrupted minixfs
+ filesystem that would otherwise cause a system to hang (printk storm)
+ See CVE-2006-6058
+ * isdn-net-overflow.dpatch
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * prevent-stack-growth-into-hugetlb-region.dpatch
+ [SECURITY] Prevent OOPS during stack expansion when the VMA crosses
+ into address space reserved for hugetlb pages.
+ See CVE-2007-3739
+ * cifs-honor-umask.dpatch
+ [SECURITY] Make CIFS honor a process' umask
+ See CVE-2007-3740
+ * hugetlb-prio_tree-unit-fix.dpatch
+ [SECURITY] Fix misconversion of hugetlb_vmtruncate_list to prio_tree
+ which could be used to trigger a BUG_ON() call in exit_mmap.
+ See CVE-2007-4133
+ * amd64-zero-extend-32bit-ptrace.dpatch
+ [SECURITY] Zero extend all registers after ptrace in 32-bit entry path.
+ See CVE-2007-4573
+ * usb-pwc-disconnect-block.dpatch
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * powerpc-chrp-null-deref.dpatch
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+ * random-bound-check-ordering.dpatch
+ [SECURITY] Fix stack-based buffer overflow in the random number
+ generator
+ See CVE-2007-3105
+ * mmap-VM_DONTEXPAND.dpatch
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+
+ -- dann frazier <dannf at debian.org> Tue, 19 Feb 2008 20:47:49 -0700
+
kernel-image-2.6.8-amd64 (2.6.8-17) oldstable; urgency=high
* Rebuild against kernel-tree-2.6.8-17
Modified: dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/control
==============================================================================
--- dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/control (original)
+++ dists/sarge-security/kernel/amd64/kernel-image-2.6.8-amd64-2.6.8/debian/control Fri Feb 22 22:18:12 2008
@@ -4,7 +4,7 @@
Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>
Uploaders: Frederik Schüler <fschueler at gmx.net>
Standards-Version: 3.6.1
-Build-Depends: debhelper (>= 4), kernel-package (>= 8.131), kernel-tree-2.6.8-17, module-init-tools, gcc-3.4 (>= 3.4.1-6), dpkg-dev (>= 1.10.23)
+Build-Depends: debhelper (>= 4), kernel-package (>= 8.131), kernel-tree-2.6.8-17sarge1, module-init-tools, gcc-3.4 (>= 3.4.1-6), dpkg-dev (>= 1.10.23)
Package: kernel-headers-2.6.8-13
Architecture: amd64 i386
Modified: dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,82 @@
+kernel-image-2.6.8-hppa (2.6.8-7sarge1) oldstable-security; urgency=high
+
+ * Rebuild against kernel-tree-2.6.8-17sarge1
+ * compat_sys_mount-NULL-data_page.dpatch
+ [SECURITY] Fix oops in compat_sys_mount triggered by NULL data_page
+ See CVE-2006-7203
+ * pppoe-socket-release-mem-leak.dpatch
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * dn_fib-out-of-bounds.dpatch, ipv4-fib_props-out-of-bounds.dpatch
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * aacraid-ioctl-perm-check.dpatch
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * reset-pdeathsig-on-suid.dpatch
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ See CVE-2007-3848
+ * bluetooth-l2cap-hci-info-leaks.dpatch
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * coredump-only-to-same-uid.dpatch
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * i4l-isdn_ioctl-mem-overrun.dpatch
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * cramfs-check-block-length.dpatch
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * ext2-skip-pages-past-num-blocks.dpatch
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * minixfs-printk-hang.dpatch
+ [SECURITY] Rate-limit printks caused by accessing a corrupted minixfs
+ filesystem that would otherwise cause a system to hang (printk storm)
+ See CVE-2006-6058
+ * isdn-net-overflow.dpatch
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * prevent-stack-growth-into-hugetlb-region.dpatch
+ [SECURITY] Prevent OOPS during stack expansion when the VMA crosses
+ into address space reserved for hugetlb pages.
+ See CVE-2007-3739
+ * cifs-honor-umask.dpatch
+ [SECURITY] Make CIFS honor a process' umask
+ See CVE-2007-3740
+ * hugetlb-prio_tree-unit-fix.dpatch
+ [SECURITY] Fix misconversion of hugetlb_vmtruncate_list to prio_tree
+ which could be used to trigger a BUG_ON() call in exit_mmap.
+ See CVE-2007-4133
+ * amd64-zero-extend-32bit-ptrace.dpatch
+ [SECURITY] Zero extend all registers after ptrace in 32-bit entry path.
+ See CVE-2007-4573
+ * usb-pwc-disconnect-block.dpatch
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * powerpc-chrp-null-deref.dpatch
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+ * random-bound-check-ordering.dpatch
+ [SECURITY] Fix stack-based buffer overflow in the random number
+ generator
+ See CVE-2007-3105
+ * mmap-VM_DONTEXPAND.dpatch
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+
+ -- dann frazier <dannf at debian.org> Tue, 19 Feb 2008 20:51:43 -0700
+
kernel-image-2.6.8-hppa (2.6.8-7) oldstable; urgency=high
* Rebuild against kernel-tree-2.6.8-17
Modified: dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/control
==============================================================================
--- dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/control (original)
+++ dists/sarge-security/kernel/hppa/kernel-image-2.6.8-hppa-2.6.8/debian/control Fri Feb 22 22:18:12 2008
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Kyle McMartin <kyle at debian.org>
Uploaders: Bdale Garbee <bdale at gag.com>, dann frazier <dannf at debian.org>
-Build-Depends: kernel-tree-2.6.8-17, kernel-patch-2.6.8-hppa (= 2.6.8-5sarge1), kernel-package, debianutils (>= 1.6), debhelper (>= 2), bzip2, module-init-tools, gcc-3.3-hppa64, binutils-hppa64
+Build-Depends: kernel-tree-2.6.8-17sarge1, kernel-patch-2.6.8-hppa (= 2.6.8-5sarge1), kernel-package, debianutils (>= 1.6), debhelper (>= 2), bzip2, module-init-tools, gcc-3.3-hppa64, binutils-hppa64
Standards-Version: 3.5.4
Package: kernel-headers-2.6.8-4
Modified: dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,82 @@
+kernel-image-2.6.8-i386 (2.6.8-17sarge1) oldstable-security; urgency=high
+
+ * Rebuild against kernel-tree-2.6.8-17sarge1
+ * compat_sys_mount-NULL-data_page.dpatch
+ [SECURITY] Fix oops in compat_sys_mount triggered by NULL data_page
+ See CVE-2006-7203
+ * pppoe-socket-release-mem-leak.dpatch
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * dn_fib-out-of-bounds.dpatch, ipv4-fib_props-out-of-bounds.dpatch
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * aacraid-ioctl-perm-check.dpatch
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * reset-pdeathsig-on-suid.dpatch
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ See CVE-2007-3848
+ * bluetooth-l2cap-hci-info-leaks.dpatch
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * coredump-only-to-same-uid.dpatch
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * i4l-isdn_ioctl-mem-overrun.dpatch
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * cramfs-check-block-length.dpatch
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * ext2-skip-pages-past-num-blocks.dpatch
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * minixfs-printk-hang.dpatch
+ [SECURITY] Rate-limit printks caused by accessing a corrupted minixfs
+ filesystem that would otherwise cause a system to hang (printk storm)
+ See CVE-2006-6058
+ * isdn-net-overflow.dpatch
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * prevent-stack-growth-into-hugetlb-region.dpatch
+ [SECURITY] Prevent OOPS during stack expansion when the VMA crosses
+ into address space reserved for hugetlb pages.
+ See CVE-2007-3739
+ * cifs-honor-umask.dpatch
+ [SECURITY] Make CIFS honor a process' umask
+ See CVE-2007-3740
+ * hugetlb-prio_tree-unit-fix.dpatch
+ [SECURITY] Fix misconversion of hugetlb_vmtruncate_list to prio_tree
+ which could be used to trigger a BUG_ON() call in exit_mmap.
+ See CVE-2007-4133
+ * amd64-zero-extend-32bit-ptrace.dpatch
+ [SECURITY] Zero extend all registers after ptrace in 32-bit entry path.
+ See CVE-2007-4573
+ * usb-pwc-disconnect-block.dpatch
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * powerpc-chrp-null-deref.dpatch
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+ * random-bound-check-ordering.dpatch
+ [SECURITY] Fix stack-based buffer overflow in the random number
+ generator
+ See CVE-2007-3105
+ * mmap-VM_DONTEXPAND.dpatch
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+
+ -- dann frazier <dannf at debian.org> Tue, 19 Feb 2008 20:34:23 -0700
+
kernel-image-2.6.8-i386 (2.6.8-17) oldstable; urgency=high
* Rebuild against kernel-tree-2.6.8-17
Modified: dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/control
==============================================================================
--- dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/control (original)
+++ dists/sarge-security/kernel/i386/kernel-image-2.6.8-i386-2.6.8/debian/control Fri Feb 22 22:18:12 2008
@@ -4,7 +4,7 @@
Maintainer: Debian kernel team <debian-kernel at lists.debian.org>
Uploaders: William Lee Irwin III <wli at debian.org>, Andres Salomon <dilinger at debian.org>, Simon Horman <horms at debian.org>
Standards-Version: 3.6.1
-Build-Depends: debhelper (>= 2), kernel-package (>= 8.054), kernel-tree-2.6.8-17, module-init-tools
+Build-Depends: debhelper (>= 2), kernel-package (>= 8.054), kernel-tree-2.6.8-17sarge1, module-init-tools
Package: kernel-headers-2.6.8-4
Architecture: i386
Modified: dists/sarge-security/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,82 @@
+kernel-image-2.6.8-ia64 (2.6.8-15sarge1) oldstable-security; urgency=high
+
+ * Rebuild against kernel-tree-2.6.8-17sarge1
+ * compat_sys_mount-NULL-data_page.dpatch
+ [SECURITY] Fix oops in compat_sys_mount triggered by NULL data_page
+ See CVE-2006-7203
+ * pppoe-socket-release-mem-leak.dpatch
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * dn_fib-out-of-bounds.dpatch, ipv4-fib_props-out-of-bounds.dpatch
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * aacraid-ioctl-perm-check.dpatch
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * reset-pdeathsig-on-suid.dpatch
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ See CVE-2007-3848
+ * bluetooth-l2cap-hci-info-leaks.dpatch
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * coredump-only-to-same-uid.dpatch
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * i4l-isdn_ioctl-mem-overrun.dpatch
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * cramfs-check-block-length.dpatch
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * ext2-skip-pages-past-num-blocks.dpatch
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * minixfs-printk-hang.dpatch
+ [SECURITY] Rate-limit printks caused by accessing a corrupted minixfs
+ filesystem that would otherwise cause a system to hang (printk storm)
+ See CVE-2006-6058
+ * isdn-net-overflow.dpatch
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * prevent-stack-growth-into-hugetlb-region.dpatch
+ [SECURITY] Prevent OOPS during stack expansion when the VMA crosses
+ into address space reserved for hugetlb pages.
+ See CVE-2007-3739
+ * cifs-honor-umask.dpatch
+ [SECURITY] Make CIFS honor a process' umask
+ See CVE-2007-3740
+ * hugetlb-prio_tree-unit-fix.dpatch
+ [SECURITY] Fix misconversion of hugetlb_vmtruncate_list to prio_tree
+ which could be used to trigger a BUG_ON() call in exit_mmap.
+ See CVE-2007-4133
+ * amd64-zero-extend-32bit-ptrace.dpatch
+ [SECURITY] Zero extend all registers after ptrace in 32-bit entry path.
+ See CVE-2007-4573
+ * usb-pwc-disconnect-block.dpatch
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * powerpc-chrp-null-deref.dpatch
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+ * random-bound-check-ordering.dpatch
+ [SECURITY] Fix stack-based buffer overflow in the random number
+ generator
+ See CVE-2007-3105
+ * mmap-VM_DONTEXPAND.dpatch
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+
+ -- dann frazier <dannf at debian.org> Tue, 19 Feb 2008 01:37:42 -0700
+
kernel-image-2.6.8-ia64 (2.6.8-15) oldstable; urgency=high
* Rebuild against kernel-tree-2.6.8-17
Modified: dists/sarge-security/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/control
==============================================================================
--- dists/sarge-security/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/control (original)
+++ dists/sarge-security/kernel/ia64/kernel-image-2.6.8-ia64-2.6.8/debian/control Fri Feb 22 22:18:12 2008
@@ -4,7 +4,7 @@
Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>
Uploaders: dann frazier <dannf at debian.org>
Standards-Version: 3.6.1
-Build-Depends: debhelper (>= 2), kernel-package (>= 8.054), kernel-tree-2.6.8-17, module-init-tools
+Build-Depends: debhelper (>= 2), kernel-package (>= 8.054), kernel-tree-2.6.8-17sarge1, module-init-tools
Package: kernel-headers-2.6.8-4
Architecture: ia64
Modified: dists/sarge-security/kernel/m68k/kernel-image-2.6.8-m68k-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/m68k/kernel-image-2.6.8-m68k-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/m68k/kernel-image-2.6.8-m68k-2.6.8/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,82 @@
+kernel-image-2.6.8-m68k (2.6.8-5sarge1) oldstable-security; urgency=high
+
+ * Rebuild against kernel-tree-2.6.8-17sarge1
+ * compat_sys_mount-NULL-data_page.dpatch
+ [SECURITY] Fix oops in compat_sys_mount triggered by NULL data_page
+ See CVE-2006-7203
+ * pppoe-socket-release-mem-leak.dpatch
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * dn_fib-out-of-bounds.dpatch, ipv4-fib_props-out-of-bounds.dpatch
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * aacraid-ioctl-perm-check.dpatch
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * reset-pdeathsig-on-suid.dpatch
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ See CVE-2007-3848
+ * bluetooth-l2cap-hci-info-leaks.dpatch
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * coredump-only-to-same-uid.dpatch
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * i4l-isdn_ioctl-mem-overrun.dpatch
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * cramfs-check-block-length.dpatch
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * ext2-skip-pages-past-num-blocks.dpatch
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * minixfs-printk-hang.dpatch
+ [SECURITY] Rate-limit printks caused by accessing a corrupted minixfs
+ filesystem that would otherwise cause a system to hang (printk storm)
+ See CVE-2006-6058
+ * isdn-net-overflow.dpatch
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * prevent-stack-growth-into-hugetlb-region.dpatch
+ [SECURITY] Prevent OOPS during stack expansion when the VMA crosses
+ into address space reserved for hugetlb pages.
+ See CVE-2007-3739
+ * cifs-honor-umask.dpatch
+ [SECURITY] Make CIFS honor a process' umask
+ See CVE-2007-3740
+ * hugetlb-prio_tree-unit-fix.dpatch
+ [SECURITY] Fix misconversion of hugetlb_vmtruncate_list to prio_tree
+ which could be used to trigger a BUG_ON() call in exit_mmap.
+ See CVE-2007-4133
+ * amd64-zero-extend-32bit-ptrace.dpatch
+ [SECURITY] Zero extend all registers after ptrace in 32-bit entry path.
+ See CVE-2007-4573
+ * usb-pwc-disconnect-block.dpatch
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * powerpc-chrp-null-deref.dpatch
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+ * random-bound-check-ordering.dpatch
+ [SECURITY] Fix stack-based buffer overflow in the random number
+ generator
+ See CVE-2007-3105
+ * mmap-VM_DONTEXPAND.dpatch
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+
+ -- dann frazier <dannf at debian.org> Tue, 19 Feb 2008 19:25:06 -0700
+
kernel-image-2.6.8-m68k (2.6.8-5) oldstable; urgency=high
* Rebuild against kernel-tree-2.6.8-17
Modified: dists/sarge-security/kernel/m68k/kernel-image-2.6.8-m68k-2.6.8/debian/control
==============================================================================
--- dists/sarge-security/kernel/m68k/kernel-image-2.6.8-m68k-2.6.8/debian/control (original)
+++ dists/sarge-security/kernel/m68k/kernel-image-2.6.8-m68k-2.6.8/debian/control Fri Feb 22 22:18:12 2008
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Christian T. Steigies <cts at debian.org>
Standards-Version: 3.6.1
-Build-Depends: kernel-tree-2.6.8-17, kernel-patch-2.6.8-m68k, kernel-package, debhelper, bzip2, console-tools
+Build-Depends: kernel-tree-2.6.8-17sarge1, kernel-patch-2.6.8-m68k, kernel-package, debhelper, bzip2, console-tools
Package: kernel-image-2.6.8-amiga
Section: base
Modified: dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,82 @@
+kernel-patch-powerpc-2.6.8 (2.6.8-13sarge1) oldstable-security; urgency=high
+
+ * Rebuild against kernel-tree-2.6.8-17sarge1
+ * compat_sys_mount-NULL-data_page.dpatch
+ [SECURITY] Fix oops in compat_sys_mount triggered by NULL data_page
+ See CVE-2006-7203
+ * pppoe-socket-release-mem-leak.dpatch
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * dn_fib-out-of-bounds.dpatch, ipv4-fib_props-out-of-bounds.dpatch
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * aacraid-ioctl-perm-check.dpatch
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * reset-pdeathsig-on-suid.dpatch
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ See CVE-2007-3848
+ * bluetooth-l2cap-hci-info-leaks.dpatch
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * coredump-only-to-same-uid.dpatch
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * i4l-isdn_ioctl-mem-overrun.dpatch
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * cramfs-check-block-length.dpatch
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * ext2-skip-pages-past-num-blocks.dpatch
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * minixfs-printk-hang.dpatch
+ [SECURITY] Rate-limit printks caused by accessing a corrupted minixfs
+ filesystem that would otherwise cause a system to hang (printk storm)
+ See CVE-2006-6058
+ * isdn-net-overflow.dpatch
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * prevent-stack-growth-into-hugetlb-region.dpatch
+ [SECURITY] Prevent OOPS during stack expansion when the VMA crosses
+ into address space reserved for hugetlb pages.
+ See CVE-2007-3739
+ * cifs-honor-umask.dpatch
+ [SECURITY] Make CIFS honor a process' umask
+ See CVE-2007-3740
+ * hugetlb-prio_tree-unit-fix.dpatch
+ [SECURITY] Fix misconversion of hugetlb_vmtruncate_list to prio_tree
+ which could be used to trigger a BUG_ON() call in exit_mmap.
+ See CVE-2007-4133
+ * amd64-zero-extend-32bit-ptrace.dpatch
+ [SECURITY] Zero extend all registers after ptrace in 32-bit entry path.
+ See CVE-2007-4573
+ * usb-pwc-disconnect-block.dpatch
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * powerpc-chrp-null-deref.dpatch
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+ * random-bound-check-ordering.dpatch
+ [SECURITY] Fix stack-based buffer overflow in the random number
+ generator
+ See CVE-2007-3105
+ * mmap-VM_DONTEXPAND.dpatch
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+
+ -- dann frazier <dannf at debian.org> Tue, 19 Feb 2008 20:54:09 -0700
+
kernel-patch-powerpc-2.6.8 (2.6.8-13) oldstable; urgency=high
* Rebuild against kernel-tree-2.6.8-17
Modified: dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/rules
==============================================================================
--- dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/rules (original)
+++ dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/rules Fri Feb 22 22:18:12 2008
@@ -11,7 +11,7 @@
OFFICIAL_VERSION = No
# This is the kernel-tree version we build against
-ktver = 17
+ktver = 17sarge1
# set the build architecture if necessary
DEB_HOST_ARCH ?= $(shell dpkg --print-architecture)
Copied: dists/sarge-security/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/changelog (from r10584, /dists/sarge/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/changelog)
==============================================================================
--- /dists/sarge/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,82 @@
+kernel-image-2.6.8-s390 (2.6.8-6sarge1) oldstable-security; urgency=high
+
+ * Rebuild against kernel-tree-2.6.8-17sarge1
+ * compat_sys_mount-NULL-data_page.dpatch
+ [SECURITY] Fix oops in compat_sys_mount triggered by NULL data_page
+ See CVE-2006-7203
+ * pppoe-socket-release-mem-leak.dpatch
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * dn_fib-out-of-bounds.dpatch, ipv4-fib_props-out-of-bounds.dpatch
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * aacraid-ioctl-perm-check.dpatch
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * reset-pdeathsig-on-suid.dpatch
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ See CVE-2007-3848
+ * bluetooth-l2cap-hci-info-leaks.dpatch
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * coredump-only-to-same-uid.dpatch
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * i4l-isdn_ioctl-mem-overrun.dpatch
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * cramfs-check-block-length.dpatch
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * ext2-skip-pages-past-num-blocks.dpatch
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * minixfs-printk-hang.dpatch
+ [SECURITY] Rate-limit printks caused by accessing a corrupted minixfs
+ filesystem that would otherwise cause a system to hang (printk storm)
+ See CVE-2006-6058
+ * isdn-net-overflow.dpatch
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * prevent-stack-growth-into-hugetlb-region.dpatch
+ [SECURITY] Prevent OOPS during stack expansion when the VMA crosses
+ into address space reserved for hugetlb pages.
+ See CVE-2007-3739
+ * cifs-honor-umask.dpatch
+ [SECURITY] Make CIFS honor a process' umask
+ See CVE-2007-3740
+ * hugetlb-prio_tree-unit-fix.dpatch
+ [SECURITY] Fix misconversion of hugetlb_vmtruncate_list to prio_tree
+ which could be used to trigger a BUG_ON() call in exit_mmap.
+ See CVE-2007-4133
+ * amd64-zero-extend-32bit-ptrace.dpatch
+ [SECURITY] Zero extend all registers after ptrace in 32-bit entry path.
+ See CVE-2007-4573
+ * usb-pwc-disconnect-block.dpatch
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * powerpc-chrp-null-deref.dpatch
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+ * random-bound-check-ordering.dpatch
+ [SECURITY] Fix stack-based buffer overflow in the random number
+ generator
+ See CVE-2007-3105
+ * mmap-VM_DONTEXPAND.dpatch
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+
+ -- dann frazier <dannf at debian.org> Tue, 19 Feb 2008 02:07:15 -0700
+
kernel-image-2.6.8-s390 (2.6.8-6) oldstable; urgency=high
* Rebuild against kernel-tree-2.6.8-17
Copied: dists/sarge-security/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/control (from r10584, /dists/sarge/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/control)
==============================================================================
--- /dists/sarge/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/control (original)
+++ dists/sarge-security/kernel/s390/kernel-image-2.6.8-s390-2.6.8/debian/control Fri Feb 22 22:18:12 2008
@@ -4,7 +4,7 @@
Maintainer: Debian kernel team <debian-kernel at lists.debian.org>
Uploaders: Bastian Blank <waldi at debian.org>, Jochen Röhrig <jr at debian.org>
Standards-Version: 3.5.6
-Build-Depends: debhelper (>> 4.0.0), module-init-tools, kernel-tree-2.6.8-17, kernel-package (>= 8.084), dh-kpatches
+Build-Depends: debhelper (>> 4.0.0), module-init-tools, kernel-tree-2.6.8-17sarge1, kernel-package (>= 8.084), dh-kpatches
Package: kernel-patch-2.6.8-s390
Architecture: all
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,4 +1,4 @@
-kernel-source-2.6.8 (2.6.8-17sarge1) UNRELEASED; urgency=high
+kernel-source-2.6.8 (2.6.8-17sarge1) oldstable-security; urgency=high
* compat_sys_mount-NULL-data_page.dpatch
[SECURITY] Fix oops in compat_sys_mount triggered by NULL data_page
@@ -74,7 +74,7 @@
a fault handler but do not bounds check the offset argument
See CVE-2008-0007
- -- dann frazier <dannf at debian.org> Tue, 19 Feb 2008 00:34:37 -0700
+ -- dann frazier <dannf at debian.org> Tue, 19 Feb 2008 00:49:53 -0700
kernel-source-2.6.8 (2.6.8-17) oldstable; urgency=high
Modified: dists/sarge-security/kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian/changelog Fri Feb 22 22:18:12 2008
@@ -1,3 +1,82 @@
+kernel-image-2.6.8-sparc (2.6.8-16sarge1) oldstable-security; urgency=high
+
+ * Rebuild against kernel-tree-2.6.8-17sarge1
+ * compat_sys_mount-NULL-data_page.dpatch
+ [SECURITY] Fix oops in compat_sys_mount triggered by NULL data_page
+ See CVE-2006-7203
+ * pppoe-socket-release-mem-leak.dpatch
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ * dn_fib-out-of-bounds.dpatch, ipv4-fib_props-out-of-bounds.dpatch
+ [SECURITY] Fix out of bounds condition in dn_fib_props[]
+ See CVE-2007-2172
+ * aacraid-ioctl-perm-check.dpatch
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ * reset-pdeathsig-on-suid.dpatch
+ [SECURITY] Fix potential privilege escalation caused by improper
+ clearing of the child process' pdeath signal.
+ See CVE-2007-3848
+ * bluetooth-l2cap-hci-info-leaks.dpatch
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ * coredump-only-to-same-uid.dpatch
+ [SECURITY] Fix an issue where core dumping over a file that
+ already exists retains the ownership of the original file
+ See CVE-2007-6206
+ * i4l-isdn_ioctl-mem-overrun.dpatch
+ [SECURITY] Fix potential isdn ioctl memory overrun
+ See CVE-2007-6151
+ * cramfs-check-block-length.dpatch
+ [SECURITY] Add a sanity check of the block length in cramfs_readpage to
+ avoid a potential oops condition
+ See CVE-2006-5823
+ * ext2-skip-pages-past-num-blocks.dpatch
+ [SECURITY] Add some sanity checking for a corrupted i_size in
+ ext2_find_entry()
+ See CVE-2006-6054
+ * minixfs-printk-hang.dpatch
+ [SECURITY] Rate-limit printks caused by accessing a corrupted minixfs
+ filesystem that would otherwise cause a system to hang (printk storm)
+ See CVE-2006-6058
+ * isdn-net-overflow.dpatch
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+ * prevent-stack-growth-into-hugetlb-region.dpatch
+ [SECURITY] Prevent OOPS during stack expansion when the VMA crosses
+ into address space reserved for hugetlb pages.
+ See CVE-2007-3739
+ * cifs-honor-umask.dpatch
+ [SECURITY] Make CIFS honor a process' umask
+ See CVE-2007-3740
+ * hugetlb-prio_tree-unit-fix.dpatch
+ [SECURITY] Fix misconversion of hugetlb_vmtruncate_list to prio_tree
+ which could be used to trigger a BUG_ON() call in exit_mmap.
+ See CVE-2007-4133
+ * amd64-zero-extend-32bit-ptrace.dpatch
+ [SECURITY] Zero extend all registers after ptrace in 32-bit entry path.
+ See CVE-2007-4573
+ * usb-pwc-disconnect-block.dpatch
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ * powerpc-chrp-null-deref.dpatch
+ [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+ fails on the subarchitecture
+ See CVE-2007-6694
+ * random-bound-check-ordering.dpatch
+ [SECURITY] Fix stack-based buffer overflow in the random number
+ generator
+ See CVE-2007-3105
+ * mmap-VM_DONTEXPAND.dpatch
+ [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
+ a fault handler but do not bounds check the offset argument
+ See CVE-2008-0007
+
+ -- dann frazier <dannf at debian.org> Tue, 19 Feb 2008 20:55:52 -0700
+
kernel-image-2.6.8-sparc (2.6.8-16) oldstable; urgency=high
* Rebuild against kernel-tree-2.6.8-17:
Modified: dists/sarge-security/kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian/control
==============================================================================
--- dists/sarge-security/kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian/control (original)
+++ dists/sarge-security/kernel/sparc/kernel-image-2.6.8-sparc-2.6.8/debian/control Fri Feb 22 22:18:12 2008
@@ -4,7 +4,7 @@
Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>
Uploaders: Joshua Kwan <joshk at triplehelix.org>, Ben Collins <bcollins at debian.org>, Andres Salomon <dilinger at debian.org>, dann frazier <dannf at debian.org>
Standards-Version: 3.6.1.0
-Build-Depends: gcc (>= 4:3.3), kernel-tree-2.6.8-17, debhelper (>= 4), kernel-package, sparc-utils, module-init-tools
+Build-Depends: gcc (>= 4:3.3), kernel-tree-2.6.8-17sarge1, debhelper (>= 4), kernel-package, sparc-utils, module-init-tools
Package: kernel-build-2.6.8-4
Architecture: sparc
More information about the Kernel-svn-changes
mailing list