[Secure-testing-team] 2.6.12.6
Horms
horms at debian.org
Wed Aug 31 09:24:33 UTC 2005
Hi,
I have put 2.6.12.6 into the 2.6.12 tree in SVN (currently
dists/sid/kernel/linux-2.6) and manually merged the changes into the
2.6.8 sarge tree in SVN (currently
dists/sarge/kernel/source/kernel-source-2.6.8) I will look into which
parts are applicable to 2.4.27, but this will probably not be today.
Below is a summary of the changes. The ones that I think are security
bugs are labeld Maybe both in this list and in the changlog in SVN.
Feedback on if we think these are security bugs, and CAN numbers,
please.
--
Horms
SOURCE: 2.6.12.6
PATCH: ipsec-socket-policy-use-cap.patch
SECURITY: Yes - CAN-2005-2555
2.6.8-sarge: Applied as net-sockglue-cap.dpatch
2.6.12-sid: Applied
URL: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=929a1a4ec9623c7e48ce6c3f2f85e39c0f41a700;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/ipsec-socket-policy-use-cap.patch
SOURCE: 2.6.12.6
PATCH: nptl-signal-delivery-deadlock-fix.patch
SECURITY: Maybe - seems like a local DoS
2.6.8-sarge: Applied
2.6.12-sid: Applied
URL: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=f6cc7e101c49f356e4c4df5cca1ff352a0f01dd5;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/nptl-signal-delivery-deadlock-fix.patch
SOURCE: 2.6.12.6
PATCH: zlib-revert-broken-change.patch
SECURITY: Yes - Part of CAN-2005-2458 (revert)
2.6.8-sarge: Applied
2.6.12-sid: Applied
URL: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=5c7eb14921a1111a50938a98f17dd22fbca13a40;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/zlib-revert-broken-change.patch
SOURCE: 2.6.12.6
PATCH: fix-dst-leak-in-icmp_push_reply.patch
SECURITY: Maybe - Can remote traffic trigger this
2.6.8-sarge: Applied
2.6.12-sid: Applied
URL: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=1cf41a8a8db3080c9a9243e77c5c447c8e694f87;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/fix-dst-leak-in-icmp_push_reply.patch
SOURCE: 2.6.12.6
PATCH: genelink-usbnet-skb-typo.patch
SECURITY: No - Doesn't seem to be externally trigerable
2.6.8-sarge: Applied
2.6.12-sid: Applied
URL: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=c774c9a6168b33cef4ee56db15f69127997f0f0e;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/genelink-usbnet-skb-typo.patch
SOURCE: 2.6.12.6
PATCH: fix-memory-leak-in-sg.c-seq_file.patch
SECURITY: Maybe - Seems like a local DoS
2.6.8-sarge: Applied
2.6.12-sid: Applied
URL: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=74cbe696af3e2d95a7b1e848898a8d9abb0bb2ea;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/fix-memory-leak-in-sg.c-seq_file.patch
SOURCE: 2.6.12.6
PATCH: ipv6-skb-leak.patch
SECURITY: Maybe - Seems like a local DoS
2.6.8-sarge: Applied
2.6.12-sid: Applied
URL: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/stable-queue.git;a=blob;h=01e3aa130e88a3715b915b6e9f20abc3f6024eb0;hb=9c5fcb99af7c157be45e9d53aeb857ded5211fcd;f=2.6.12.6/ipv6-skb-leak.patch
More information about the Secure-testing-team
mailing list