I have finally finished wading through the bug reports and
put togther kernel-source-2.4.27 2.4.27-9 and
This update does _NOT_ contain ABI breakage,
although one symbol has been added to the ABI.
That is, the fix for CAN-2005-0449 has been omitted.
I am currently doing the final builds and intend to tag and upload these
later today, or tomorrow at the latest. If you have feedback, now would
be an excellent time to make it known.
If anyone wants to test these packages, or kick off some builds,
I have made the kernel-source packages available at the URL below.
I will add the i386 kernel-image packages as soon as they finish
building (which takes an hour or so).
The changelogs are below.
kernel-image-2.4.27-i386 (2.4.27-9) unstable; urgency=low
* Remove one more file in clean target. (Josh Kwan)
* Build against 2.4.27-kernel-tree-2.4.27-9. (Simon Horman)
* Fix up AMD descriptions to include CPU name.
Thanks to J. Grant. (Simon Horman)
-- Simon Horman <email@example.com> Fri, 25 Mar 2005 11:19:31 +0900
kernel-source-2.4.27 (2.4.27-9) unstable; urgency=low
* There was a stray file in 2.4.27-8. Don't include it this time.
(Simon Horman) (closes: Bug#291536)
* Updated kernel-tree description from Martin F Krafft
* Updated apply script so it can handle point versions
* 134_skb_reset_ip_summed.diff: [CAN-2005-0209] resolve checksumming
exploit in fragmented packet forwarding (Joshua Kwan)
* 135_fix_ip_options_leak.diff: [CAN-2004-1335] fix leak of IP options
data. (Joshua Kwan)
* 136_vc_resizing_overflow.diff: [CAN-2004-1333] make sure VC resizing
fits in 16 bits. (Joshua Kwan)
* 137_io_edgeport_overflow.diff: [CAN-2004-1017] fix buffer overflow
(underflow, really) that opens multiple attack vectors. (Joshua Kwan)
* 138_amd64_syscall_vuln.diff: [CAN-2004-1144] fix the "int 0x80 hole"
that allowed overflow of the system call table. (Joshua Kwan)
* 139_sparc_context_switch.diff: fix FPU context switching dirtiness on
sparc32 SMP. (Joshua Kwan)
* 140_VM_IO.diff: [CAN-2004-1057] fix possible DoS from accessing freed
kernel pages by flagging VM_IO where necessary.
[ACPI] Enhanced PCI probe, CONFIG_HPET_TIMER build warning fix
* 142_acpi_skip_timer_override-1.diff, 142_acpi_skip_timer_override-2.diff,
[ACPI] skip_timer_override including early PCI bridge detection.
(closes: #296639) (Simon Horman)
* 121_drm-locking-checks-3.diff: LOCK_TEST_WITH_RETURN build cleanup
[SECURITY]: AMD64, allows local users to write to privileged
IO ports via OUTS instruction (CAN-2005-0204) (Simon Horman)
* 144_sparc64-sb1500-clock-2.4.diff by David Miller: enable recognition
of the clock chip on SunBlade 1500, it won't boot otherwise.
[SECURITY] make insert_vm_struct return an error rather than BUG().
See CAN-2005-0003. (dann frazier)
* 146_ip6_copy_metadata_leak.diff 147_ip_copy_metadata_leak.diff:
[SECURITY] Do not leak dst entries in ip_copy_metadata()
See CAN-2005-0210. (Simon Horman)
Fix theoretical loop on SMP in ip_evictor().
(Simon Horman, Andres Salomon)
Flush fragment queue on conntrack unload. (Simon Horman, Andres Salomon)
* *** ABI Change! Notify D-I team or delay for future release
*** Omitted from release
*** 150_private_fragment_queues-1.diff, 150_private_fragment_queues-2.diff:
*** Keep fragment queues private to each user. See CAN-2005-0449 and
*** (Simon Horman, Andres Salomon)
[SECURITY] Fix ATM copy-to-user usage. See: CAN-2005-0531.
(closes: #296905) (Simon Horman)
[SECURITY] remote Linux DoS on ppp servers. See: CAN-2005-0384
* 111-smb-client-overflow-fix-2.diff, 111-smb-client-overflow-fix-1.diff:
[SECURITY] The above patches, included in 2.4.27-6 resolve:
local information leak caused by race in SMP systems with
more than 4GB of memory. remote information leak cansed by
handling of TRANS2 packets handling in smbfs. See CAN-2004-1191.
(see: #300163) (Simon Horman)
Fix CMSG32_OK macros. (Dann Frazier, Simon Horman)
-- Simon Horman <firstname.lastname@example.org> Fri, 25 Mar 2005 10:42:50 +0900