Accepted kernel-source-2.4.27 2.4.27-10sarge2 (source all)

To: debian-changes@lists.debian.org
Subject: Accepted kernel-source-2.4.27 2.4.27-10sarge2 (source all)
From: Simon Horman <horms@debian.org>
Date: Thu, 23 Mar 2006 16:04:01 -0800
Message-id: <[🔎] E1FMZmb-0005aa-LA@spohr.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed,  8 Feb 2006 18:50:20 +0900
Source: kernel-source-2.4.27
Binary: kernel-tree-2.4.27 kernel-source-2.4.27 kernel-patch-debian-2.4.27 kernel-doc-2.4.27
Architecture: source all
Version: 2.4.27-10sarge2
Distribution: stable-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Simon Horman <horms@debian.org>
Description: 
 kernel-doc-2.4.27 - Linux kernel specific documentation for version 2.4.27
 kernel-patch-debian-2.4.27 - Debian patches to Linux 2.4.27
 kernel-source-2.4.27 - Linux kernel source for version 2.4.27 with Debian patches
 kernel-tree-2.4.27 - Linux kernel source tree for building Debian kernel images
Changes: 
 kernel-source-2.4.27 (2.4.27-10sarge2) stable-security; urgency=high
 .
   *** Note this release introduces an ABI Change for CVE-2005-2709 ***
   *** and CAN-2005-0449                                            ***
 .
   [ Simon Horman ]
 .
   * Errata for 2.4.27-10sarge1
     - [SECURITY] Xattr sharing bug. See CAN-2005-2801
       178_fs_ext2_ext3_xattr-sharing.diff, included in 2.4.27-10sarge1
     - [SECURITY] Fixes remote DoS when using ipt_recent on a 64 bit machine.
       See CAN-2005-2872 (See: #322237)
       179_net-ipv4-netfilter-ip_recent-last_pkts.diff, included in
       2.4.27-10sarge1
     - [SECURITY] x86_64: 32 bit ltrace oops when tracing 64 bit executable
       http://lkml.org/lkml/2005/1/5/245
       http://linux.bkbits.net:8080/linux-2.4/cset@41dd3455GwQPufrGvBJjcUOXQa3WXA
       184_arch-x86_64-ia32-ptrace32-oops.diff, included in 2.4.27-10sarge1
 .
   * Errata for 2.4.27-8
     [SECURITY] SDLA firmware upgrade should require CAP_SYS_RAWIO;
     Local privelage escalation. See CVE-2006-0096
     This was incorrectly annotated in 2.4.27-8 as an overflow
     discovered using coverty, which is actually CVE-2004-2607
     129_net_sdla_coverty.diff, included in 2.4.27-8
 .
   * Errata for 2.4.27-6
     [SECURITY] 111-smb-client-overflow-fix-[1,2].diff also fixes an information
     leak.  See CVE-2004-0949.
 .
   * [Security] Restrict socket policy loading to CAP_NET_ADMIN.
     See CAN-2005-2555.
     185_net-sockglue-cap.diff
 .
   * [Security] Check input buffer size in zisofs
     From 2.6.12.5
     Omitted from the previous release, as I wasn't sure that it was a
     security bug. But now it has a CAN number, so its in.
     See CAN-2005-2457
     187_zisofs-2.diff
 .
   * [Security] Revert huft_build() function fix
     From 2.6.12.6
     See CAN-2005-2459
     186_zlib-revert-broken-change.diff
 .
   * [SECURITY] IPV4: Fix DST leak in icmp_push_reply(). Remote DoS.
     See CVE-2005-3848.
     188_fix-dst-leak-in-icmp_push_reply.diff
 .
   * [SECURITY] IPV6: Fix SKB leak in ip6_input_finish.  Remote DoS.
     See CVE-2005-3858.
     189_ipv6-skb-leak.diff
 .
   * [SECURITY] orinoco: Information leakage due to incorrect padding
     See CAN-2005-3180
     From 2.6.13.4
     192_orinoco-info-leak.diff, 192_orinoco-info-leak-2.diff
 .
   * [SECURITY] VFS: local denial-of-service with file leases. See CVE-2005-3857
     198_fs-lock-lease-log-spam.diff
 .
   * [SECURITY] Fix refcnt of struct ip6_flowlabel; Local DoS
     From 2.6.14
     See CVE-2005-3806
     net-ipv6-flowlabel-refcnt.dpatch
 .
   * [SECURITY] Information leak in sdla
     From 2.6.6
     See CVE-2004-2607
     200_net_sdla_xfer_leak.diff
 .
   [ dann frazier ]
   * [SECURITY] Fix infinite loop in udp_v6_get_port().  See CVE-2005-2973
     195_net-ipv6-udp_v6_get_port-loop.diff
 .
   * [SECURITY] Fix a potential local root exploit in the
     /proc/sys/net/ipv4/conf interface.  See CVE-2005-2709
     196_sysctl-unregistration-oops.diff
     ****CHANGES ABI****
 .
   * [SECURITY] Require root privilege to write the current
     function key string entry of other user's terminals.
     See CVE-2005-3257
     setkeys-needs-root-1.diff, setkeys-needs-root-2.
 .
   * [SECURITY] Keep fragment queues private to each user.
     See CAN-2005-0449 and
     http://oss.sgi.com/archives/netdev/2005-01/msg01048.html
     150_private_fragment_queues-1.diff, 150_private_fragment_queues-2.diff
     ****CHANGES ABI****
 .
   * [SECURITY] Use the thread group ID to check if it a self-attach.  Fixes
     a local DoS (crash).  See CVE-2005-3783
     201_ptrace-fix_self-attach_rule.diff
 .
   * [SECURITY] Fix a potential overflow in sysctl buffer termination code.
     202_sysctl-buffer-overflow.diff
 .
   * [SECURITY] Fix a race condition that allows local users to view the
     environment variables of another process.
     203_proc_pid_cmdline_race.diff
 .
   * Fix unchecked user-memory accesses in ptrage_getregs() and ptrace_setregs.
     This is a dependency for the CAN-2005-1761 fix.
     204_arch-ia64-ptrace-getregs-putregs.diff
 .
   * [SECURITY] Fix to prevent users from using ptrace to set the pl field
     of the ar.rsc reginster to any value, leading to the ability to overwrite
     kernel memory.  See CAN-2005-1761.
     205_arch-ia64-ptrace-restore_sigcontext.diff
 .
   * [SECURITY] s390: Fix for local root exploit: Force user process back to
     home space mode in space switch event exception handler. See CAN-2004-0887.
     206_s390-sacf-fix.diff
Files: 
 efe323453f0dc718c6d9490ca3ca691e 900 devel optional kernel-source-2.4.27_2.4.27-10sarge2.dsc
 04938bd9582171f13459f40245fdb402 713256 devel optional kernel-source-2.4.27_2.4.27-10sarge2.diff.gz
 656244ac0eeb0edfd0eec5cf80526303 671384 devel optional kernel-patch-debian-2.4.27_2.4.27-10sarge2_all.deb
 5b413310b3826dec3f0113e1215ca51f 3578772 doc optional kernel-doc-2.4.27_2.4.27-10sarge2_all.deb
 b556d3b35835290ef34e01c23b0dfb7b 31030888 devel optional kernel-source-2.4.27_2.4.27-10sarge2_all.deb
 12d938fd6fe17432924452f0f8ae039f 25710 devel optional kernel-tree-2.4.27_2.4.27-10sarge2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD6dPIA8ACPgVBDpcRAplgAJ0RFTG7rDz8XTXEptyjBeU+20hTFACguSZM
wqvcfZBMc11gmsT/VSqFSP8=
=n2Ty
-----END PGP SIGNATURE-----


Accepted:
kernel-doc-2.4.27_2.4.27-10sarge2_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-10sarge2_all.deb
kernel-patch-debian-2.4.27_2.4.27-10sarge2_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-10sarge2_all.deb
kernel-source-2.4.27_2.4.27-10sarge2.diff.gz
  to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge2.diff.gz
kernel-source-2.4.27_2.4.27-10sarge2.dsc
  to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge2.dsc
kernel-source-2.4.27_2.4.27-10sarge2_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge2_all.deb
kernel-tree-2.4.27_2.4.27-10sarge2_all.deb
  to pool/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-10sarge2_all.deb
Reply to:
Prev by Date: Accepted kernel-patch-powerpc-2.4.27 2.4.27-10sarge2 (source powerpc)
Next by Date: Accepted mindi-kernel 2.4.27-2sarge1 (source i386)
Previous by thread: Accepted kernel-patch-powerpc-2.4.27 2.4.27-10sarge2 (source powerpc)
Next by thread: Accepted mindi-kernel 2.4.27-2sarge1 (source i386)
Index(es):
- Date
- Thread