[linux] branch jessie-security updated (08a4215 -> 54fe5e5)
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Tue Mar 14 14:16:58 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a change to branch jessie-security
in repository linux.
from 08a4215 Prepare to release linux (3.16.39-1+deb8u2).
new a59d773 timer: Restrict timer_stats to initial PID namespace (CVE-2017-5967)
new 57753e8 mbcache: Reschedule before restarting iteration in mb_cache_entry_alloc()
new 0a86879 mnt: Add a per mount namespace limit on the number of mounts (CVE-2016-6213)
new ccfdfd2 vfs: Commit to never having executables on proc and sysfs
new 51c19d7 aio: mark AIO pseudo-fs noexec (CVE-2016-10044)
new 71b7929 l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (CVE-2016-10200)
new 54fe5e5 ext4: validate s_first_meta_bg at mount time (CVE-2016-10208)
The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Summary of changes:
debian/changelog | 13 +
.../bugfix/all/aio-mark-aio-pseudo-fs-noexec.patch | 58 +++++
...t4-validate-s_first_meta_bg-at-mount-time.patch | 65 +++++
...cy-sock_zapped-flag-check-in-l2tp_ip-6-_b.patch | 161 +++++++++++++
...tarting-iteration-in-mb_cache_entry_alloc.patch | 22 ++
...er-mount-namespace-limit-on-the-number-of.patch | 268 +++++++++++++++++++++
...rict-timer_stats-to-initial-pid-namespace.patch | 37 +++
...to-never-having-exectuables-on-proc-and-s.patch | 183 ++++++++++++++
.../vfs-fix-abi-change-for-cve-2016-6213-fix.patch | 23 ++
debian/patches/series | 8 +
10 files changed, 838 insertions(+)
create mode 100644 debian/patches/bugfix/all/aio-mark-aio-pseudo-fs-noexec.patch
create mode 100644 debian/patches/bugfix/all/ext4-validate-s_first_meta_bg-at-mount-time.patch
create mode 100644 debian/patches/bugfix/all/l2tp-fix-racy-sock_zapped-flag-check-in-l2tp_ip-6-_b.patch
create mode 100644 debian/patches/bugfix/all/mbcache-reschedule-before-restarting-iteration-in-mb_cache_entry_alloc.patch
create mode 100644 debian/patches/bugfix/all/mnt-add-a-per-mount-namespace-limit-on-the-number-of.patch
create mode 100644 debian/patches/bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch
create mode 100644 debian/patches/bugfix/all/vfs-commit-to-never-having-exectuables-on-proc-and-s.patch
create mode 100644 debian/patches/debian/vfs-fix-abi-change-for-cve-2016-6213-fix.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list