[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted kernel-source-2.6.8 2.6.8-16sarge2 (source all)

Hash: SHA1

Format: 1.7
Date: Tue, 31 Jan 2006 22:45:22 -0700
Source: kernel-source-2.6.8
Binary: kernel-source-2.6.8 kernel-doc-2.6.8 kernel-tree-2.6.8 kernel-patch-debian-2.6.8
Architecture: source all
Version: 2.6.8-16sarge2
Distribution: stable-security
Urgency: high
Maintainer: Debian kernel team <debian-kernel@lists.debian.org>
Changed-By: dann frazier <dannf@debian.org>
 kernel-doc-2.6.8 - Linux kernel specific documentation for version 2.6.8
 kernel-patch-debian-2.6.8 - Debian patches to Linux 2.6.8
 kernel-source-2.6.8 - Linux kernel source for version 2.6.8 with Debian patches
 kernel-tree-2.6.8 - Linux kernel source tree for building Debian kernel images
 kernel-source-2.6.8 (2.6.8-16sarge2) stable-security; urgency=high
   [ Simon Horman ]
   * net-sockglue-cap.dpatch
     [SECURITY] Restrict socket policy loading to CAP_NET_ADMIN.
     See CAN-2005-2555.
   * zisofs.diff
     [SECURITY] Check input buffer size in zisofs
     Omitted from the previous release, as I wasn't sure that it
     was a security bug. But now it has a CAN number, so its in.
     See CAN-2005-2457
   * zlib-revert-broken-change.dpatch
     [SECURITY] Revert huft_build() function fix
     See CAN-2005-2459
   * fs_ext2_ext3_xattr-sharing.dpatch
     Included in 2.6.8-16sarge1 is CAN-2005-2801
   * net-ipv4-netfilter-ip_recent-last_pkts.dpatch
     Included in 2.6.8-16sarge1 is CAN-2005-2872
   * net-bridge-forwarding-poison-1.dpatch,
     The previous changelog incorretly lists
     net-bridge-forwarding-poison-2.dpatch twice for the same fix,
     this should be net-bridge-forwarding-poison-1.dpatch and
   * fix-dst-leak-in-icmp_push_reply.dpatch
     [SECURITY] Fix DST leak in icmp_push_reply(). Remote DoS.
     See CVE-2005-3848
   * nptl-signal-delivery-deadlock-fix.dpatch
     [SECURITY] NPTL signal delivery deadlock fix. See CVE-2005-3847
     Backported From
   * fix-memory-leak-in-sg.c-seq_file.dpatch
     [SECURITY] fix a memory leak in devices seq_file implementation;
     local DoS. From
     See CAN-2005-2800
   * ipv6-skb-leak.dpatch
     [SECURITY] Fix SKB leak in ip6_input_finish(); local DoS.
     See CVE-2005-3858
   * sendmsg-stackoverflow.dpatch
     [SECUURITY] 32bit sendmsg() flaw. See CAN-2005-2490
   * lost-fput-in-32bit-ioctl-on-x86-64.dpatch
     [SECURITY] lost fput in 32bit ioctl on x86-6; local DoS
     See CAN-2005-3044
   * lost-sockfd_put-in-32bit-compat-routing_ioctl.dpatch
     [SECURITY] lost sockfd_put() in routing_ioctl(); local DoS
   * net-bridge-netfilter-etables-smp-race.dpatch
     in 2.6.8-16sarge1 is CAN-2005-3110
   * fs-hfs-oops-and-leak.dpatch
     in 2.6.8-16sarge1 is CAN-2005-3109
   * arch-x86_64-mm-ioremap-page-lookup.dpatch
     in 2.6.8-16sarge1 is CAN-2005-3108
   * fs-exec-ptrace-core-exec-race.dpatch
     in 2.6.8-16sarge1 is CAN-2005-3106
   * fs-exec-ptrace-deadlock.dpatch
     in 2.6.8-16sarge1 is CAN-2005-3107
   * mckinley_icache.dpatch
     in 2.6.8-16sarge1 is CAN-2005-3105
   * orinoco-info-leak.dpatch
     [SECURITY] orinoco: Information leakage due to incorrect padding
     See CAN-2005-3180
   * plug-names_cache-memleak.dpatch
     [SECURITY] Avoid 'names_cache' memory leak with CONFIG_AUDITSYSCALL
     See CVE-2005-3181
   * fs-lock-lease-log-spam.dpatch
     [SECURITY] VFS: local denial-of-service with file leases. See CVE-2005-3857
     Will be in 2.6.15
   * mempolicy-undefined-nodes.dpatch
     [SECURITY] Make sure interleave masks have at least one node set;
     Local Dos
     See CVE-2005-3358
     From 2.6.15
   * proc-legacy-loff-underflow.dpatch
     [SECURITY] Fix underflow in legacy proc interface; Local information leak
     See CVE-2005-4605
     From 2.6.15
   * dm-crypt-zero-key.dpatch
     [SECURITY] drm-crypt: zero key berofe freeing it.
     Potential local information leak
     See CVE-2006-0095
   * net-ipv6-flowlabel-refcnt.dpatch
     [SECURITY] Fix refcnt of struct ip6_flowlabel; Local DoS
     From 2.6.14
     See CVE-2005-3806
   * kernel-dont-reap-traced.dpatch
     [SECURITY] Don't auto-reap traced children; Local DoS
     See CVE-2005-3784
   * net-sdla-coverty.dpatch
     [SECURITY] SDLA firmware upgrade should require CAP_SYS_RAWIO; Local DoS
   [ dann frazier ]
   * mempolicy-check-mode.dpatch
     [SECURITY] Input validation in sys_set_mempolicy(); local DoS.
     See CAN-2005-3053
   * net-ipv6-udp_v6_get_port-loop.dpatch
     [SECURITY] Fix infinite loop in udp_v6_get_port().  See CVE-2005-2973
   * sysctl-unregistration-oops.dpatch
     [SECURITY] Fix a potential local root exploit in the
     /proc/sys/net/ipv4/conf interface.  See CVE-2005-2709
     ****CHANGES ABI****
   * setkeys-needs-root-1.dpatch, setkeys-needs-root-2.dpatch:
     [SECURITY] Require root privilege to write the current
     function key string entry of other user's terminals.
     See CVE-2005-3257
   * ipv4-fragment-queues-2.1.dpatch, ipv4-fragment-queues-3.dpatch,
     [SECURITY] Re-apply the -3 and -4 patches, which were dropped in 2.6.8-15
     to avoid an ABI change.  Unapply the -2.1 patch which is superseded by -3.
     See CVE-2005-0449
     ****CHANGES ABI****
   * ptrace-fix_self-attach_rule.dpatch:
     [SECURITY] Use the thread group ID to check if it a self-attach.  Fixes
     a local DoS (crash).
     See CVE-2005-3783
   * valid_signal.dpatch
     Adds the valid_signal() macro, needed by async-urb-delivery-oops.dpatch
   * async-urb-delivery-oops.dpatch, async-urb-delivery-oops-2.dpatch:
     [SECURITY] Fix oops that can result from a process terminating before
     an issued URB request completes.  Requires valid_signal.dpatch
     See CVE-2005-3055
   * fs_coda_coverty.dpatch:
     [SECURITY] Add bounds checking to coda fs.
     See CVE-2005-0124
   * io_edgeport_overflow.dpatch:
     [SECURITY] fix buffer overflow (underflow, really) that opens multiple
     attack vectors.
     See CVE-2004-1017
   * mqueue-double-increment.dpatch:
     [SECURITY] Fix double increment of mqueue_mnt->mnt_count in sys_mq_open.
     See CVE-2005-3356
   * sysctl-buffer-overflow.dpatch:
     [SECURITY] Fix a potential overflow in sysctl buffer termination code.
     See CVE-2005-4618
   * sparc64-clock-settime.dpatch
     [SECURITY] Remove unnecessary sign-extension in compat_sys_clock_settime,
     fixing a DoS vulnerability on sparc systems.
     See CVE-2006-0482
 f98203872db1017d6053ababb496116d 1004 devel optional kernel-source-2.6.8_2.6.8-16sarge2.dsc
 0393c05ffa4770c3c5178b74dc7a4282 43929719 devel optional kernel-source-2.6.8_2.6.8.orig.tar.gz
 0bb501098f732e6750e3413f4e9d148f 1015096 devel optional kernel-source-2.6.8_2.6.8-16sarge2.diff.gz
 4451df70d7b6df9b00ad788712959db3 1043588 devel optional kernel-patch-debian-2.6.8_2.6.8-16sarge2_all.deb
 826e6dc98eed9696f9070afd83a72559 34936164 devel optional kernel-source-2.6.8_2.6.8-16sarge2_all.deb
 28717b85541e3aa8aa872f61798d23fc 33842 devel optional kernel-tree-2.6.8_2.6.8-16sarge2_all.deb
 52e464ad87d3d29f61211c3a20232459 6181586 doc optional kernel-doc-2.6.8_2.6.8-16sarge2_all.deb

Version: GnuPG v1.4.2.2 (GNU/Linux)


  to pool/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-16sarge2_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-16sarge2_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge2.diff.gz
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge2.dsc
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge2_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-16sarge2_all.deb

Reply to: