Accepted user-mode-linux 2.6.26-1um-2+26lenny1 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 27 Nov 2010 10:02:00 -0700
Source: user-mode-linux
Binary: user-mode-linux
Architecture: source i386
Version: 2.6.26-1um-2+26lenny1
Distribution: stable-security
Urgency: high
Maintainer: User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>
Changed-By: dann frazier <dannf@debian.org>
Description:
user-mode-linux - User-mode Linux (kernel)
Changes:
user-mode-linux (2.6.26-1um-2+26lenny1) stable-security; urgency=high
.
* Rebuild against linux-source-2.6.26 (2.6.26-26lenny1):
* net sched: fix kernel leak in act_police (CVE-2010-3477)
* aio: check for multiplication overflow in do_io_submit (CVE-2010-3067)
* cxgb3: prevent reading uninitialized stack memory (CVE-2010-3296)
* eql: prevent reading uninitialized stack memory (CVE-2010-3297)
* rose: Fix signedness issues wrt. digi count (CVE-2010-3310)
* sctp: Do not reset the packet during sctp_packet_config() (CVE-2010-3432)
* Fix pktcdvd ioctl dev_minor range check (CVE-2010-3437)
* ALSA: prevent heap corruption in snd_ctl_new() (CVE-2010-3442)
* thinkpad-acpi: lock down video output state access (CVE-2010-3448)
* sctp: Fix out-of-bounds reading in sctp_asoc_get_hmac() (CVE-2010-3705)
* setup_arg_pages: diagnose excessive argument size (CVE-2010-3858)
* X.25: memory corruption in X.25 facilities parsing (CVE-2010-3873)
* sys_semctl: fix kernel stack leakage (CVE-2010-4083)
* ALSA: rme9652: prevent reading uninitialized stack memory
(CVE-2010-4080, CVE-2010-4081)
* V4L/DVB: ivtvfb: prevent reading uninitialized stack memory
(CVE-2010-4079)
* video/sis: prevent reading uninitialized stack memory (CVE-2010-4078)
* X.25: Prevent crashing when parsing bad X.25 facilities (CVE-2010-4164)
* v4l1: fix 32-bit compat microcode loading translation (CVE-2010-2963)
* net: Mitigate overflow issues
- Truncate recvfrom and sendto length to INT_MAX.
- Limit socket I/O iovec total length to INT_MAX.
- Resolves kernel heap overflow in the TIPC protcol (CVE-2010-3859)
* net: ax25: fix information leak to userland (CVE-2010-3875)
* can-bcm: fix minor heap overflow (CVE-2010-3874)
* net: packet: fix information leak to userland (CVE-2010-3876)
* net: tipc: fix information leak to userland (CVE-2010-3877)
* inet_diag: Make sure we actually run the same bytecode we audited
(CVE-2010-3880)
* ipc: shm: fix information leak to userland (CVE-2010-4072)
* ipc: initialize structure memory to zero for compat functions
(CVE-2010-4073)
* USB: serial/mos*: prevent reading uninitialized stack memory
(CVE-2010-4074)
* [SCSI] gdth: integer overflow in ioctl (CVE-2010-4157)
* econet: Avoid stack overflow w/ large msgiovlen (CVE-2010-3848)
* econet: disallow NULL remote addr for sendmsg() (CVE-2010-3849)
* econet: Add mising CAP_NET_ADMIN check in SIOCSIFADDR (CVE-2010-3850)
Checksums-Sha1:
cfd5ce1a676467ebedfa95ef2ee7295bf44f18d2 1921 user-mode-linux_2.6.26-1um-2+26lenny1.dsc
4c027175aa221935a2012a252812ffa70ddd1841 20365 user-mode-linux_2.6.26-1um-2+26lenny1.diff.gz
95c42098fb96e9e1dc5f1c40849b8ca4fa1fcc07 5399852 user-mode-linux_2.6.26-1um-2+26lenny1_i386.deb
Checksums-Sha256:
d59146eaf020e25f0638622225e4c30fea7bfc27b1337f30ffe2b76819cfb10c 1921 user-mode-linux_2.6.26-1um-2+26lenny1.dsc
3f36e034573fb5ffd3ad72ea9dd656fa6a38b7f578da4db85c1b18177df579f2 20365 user-mode-linux_2.6.26-1um-2+26lenny1.diff.gz
267fd01989db73d595d17958612eea0786a2df110c013d11b94cd5ab4e471706 5399852 user-mode-linux_2.6.26-1um-2+26lenny1_i386.deb
Files:
34a2a357ee22c98ed81e965b71b21fd2 1921 misc extra user-mode-linux_2.6.26-1um-2+26lenny1.dsc
726bbb024df640dc6624e1bb1ca2b408 20365 misc extra user-mode-linux_2.6.26-1um-2+26lenny1.diff.gz
f717310ad2dbb22c392350de7ce5d797 5399852 misc extra user-mode-linux_2.6.26-1um-2+26lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJM8VAmAAoJEBv4PF5U/IZAaEgQAITD2v6Mln3hzVjLyIKOEb8v
dJgpBcD9DxkRipoRtn0ta+5b9l0ggY0AcDrDOTRTYY3DavmC5i/lfemgpVCTOdiy
Mg+Lte6nK2YDTYb235o+M2qPaQWHlXKBS/mZRn/rUspf6D+r/QOyeWtO80rZiXpd
pOkIekywt1wC2uFHJASvTSPyy06BQBiIRL+rP1Z3FEh8gVhd2+S2cEQnrDlOVJy5
xvI4Woafz6sTRvX2EtltmOy0fISrQDgX1O5uja5rbAyyR8FSnLwFvDqko/bEKvL8
7r+5y5b+DZmkiPHvOyqZbWIZgol9ygsrHDl1YgspitHL2gubs9vMcsTgr0Le1mid
1wPAyz6FkothKelg1e2H9xGqxhxlSUOphhH4EQCRgY9YJWjDLf0nMoke5rMHV1CA
2nLyOIWhwOaBoQEFt8zo/jiZ8R4DdVyctpzFGeMxhVAnos9LdvZcnB0SE5B9oSQ+
a0BTOm9r68uJ5hTpSeS28MYLb1AsauHcsUvH6luZdGm/rOn+0FX8s5neX5twNp7f
YXedvpbQiJIizl1vA5Cm25dQiO6rvKVyXETBuuF4/TeyDBdVDF2hkUFsFFSAznNM
ojnRfZ4qNlzvu1r31XLqtHgwVGo5vqWbFtlUPLYQ0GIbzpeJ6WhLfKlhBo7w5Yhh
cYDKb73ebVa+lcUut3df
=am57
-----END PGP SIGNATURE-----
Accepted:
user-mode-linux_2.6.26-1um-2+26lenny1.diff.gz
to main/u/user-mode-linux/user-mode-linux_2.6.26-1um-2+26lenny1.diff.gz
user-mode-linux_2.6.26-1um-2+26lenny1.dsc
to main/u/user-mode-linux/user-mode-linux_2.6.26-1um-2+26lenny1.dsc
user-mode-linux_2.6.26-1um-2+26lenny1_i386.deb
to main/u/user-mode-linux/user-mode-linux_2.6.26-1um-2+26lenny1_i386.deb
Reply to: