Re: Preparing the first security update for kernel-source-2.6.8

To: dann frazier <dannf@dannf.org>
Cc: debian-kernel@lists.debian.org, team@security.debian.org, Frederik Schueler <fs@lowpingbastards.de>
Subject: Re: Preparing the first security update for kernel-source-2.6.8
From: Horms <horms@debian.org>
Date: Fri, 8 Jul 2005 11:59:25 +0900
Message-id: <[🔎] 20050708025923.GQ14688@verge.net.au>
Mail-followup-to: dann frazier <dannf@dannf.org>, debian-kernel@lists.debian.org, team@security.debian.org, Frederik Schueler <fs@lowpingbastards.de>
In-reply-to: <[🔎] 1120770842.10852.58.camel@localhost>
References: <20050628203615.GE10998@mail.lowpingbastards.de> <20050629021418.GA15291@debian.org> <20050629070900.GA3142@debian.org> <[🔎] 1120770842.10852.58.camel@localhost>

On Thu, Jul 07, 2005 at 03:14:02PM -0600, dann frazier wrote:
> On Wed, 2005-06-29 at 16:09 +0900, Horms wrote:
> > On Wed, Jun 29, 2005 at 11:14:20AM +0900, Horms wrote:
> > > On Tue, Jun 28, 2005 at 10:36:15PM +0200, Frederik Schueler wrote:
> > > > Hello,
> > > > 
> > > > I would like to start preparing a seurity update for kernel-source-2.6.8
> > > > in sarge, wich released with version 2.6.8-16. 
> > > > 
> > > > In sarge-security we have an old 2.6.15sarge1 wich never got released.
> > > > 
> > > > Does anyone object if I update those sources to the revision in sarge,
> > > > and we start building 2.6.8-16sarge1 from it?
> > > > 
> > > > I already got some patches from the ubuntu 2.6.8 kernel package addressing 
> > > > the following 5 issues:
> > > > 
> > > > CAN-2005-0756
> > > > CAN-2005-1265
> > > > CAN-2005-1762
> > > > CAN-2005-1763
> > > > CAN-2005-1765
> > > > 
> > > > and these 3 still need to be addressed:
> > > > 
> > > > CAN-2005-1764
> > > > CAN-2005-0449 #295949
> > > > CAN-2005-0356 #310804
> > > > 
> > > > 
> > > > if nobody objects, I would like to commit my changes.
> > 
> > Dann, could you comment on the need for backporting the patch below
> > form 2.6.12.1. It does not apply cleanly to 2.6.8 as there
> > seem to have been a bunch of other patches in the mean time.
> 
> hey Horms,
>   This patch appears to be relevant for 2.6.8.  It depends on two
> earlier patches; one of which fixes what looks like another security
> issue to me - kernel is accessing unchecked addresses provided by
> userspace[1].
> 
>   I've backported the fix for CAN-2005-1764 to our 2.6.8 with [1]
> applied (attached).  I'd recommend applying both of these patches to our
> tree.  Any objections?
> 
> [1] http://linux.bkbits.net:8080/linux-2.6/cset@41622201CGDoSbV0q05ufKpwRSomYQ?nav=index.html|src/|src/arch|src/arch/ia64|src/arch/ia64/kernel|related/arch/ia64/kernel/ptrace.c

On the grounds that a) it fixes a security bug and b) it doesn't appear
to change the ABI, yes, please go for it.

-- 
Horms

Reply to:

Follow-Ups:
- Re: Preparing the first security update for kernel-source-2.6.8
  - From: dann frazier <dannf@dannf.org>

References:
- Re: Preparing the first security update for kernel-source-2.6.8
  - From: dann frazier <dannf@dannf.org>

Prev by Date: Bug#232135: kernel-image-2.4.24-1-386: No console output at boot and no virtual terminals
Next by Date: Processed: Re: Processed: Re: Bug#317286: Please backport support for Promise SATAII TX2/TX4 cards (from 2.6.11)
Previous by thread: Re: Preparing the first security update for kernel-source-2.6.8
Next by thread: Re: Preparing the first security update for kernel-source-2.6.8
Index(es):
- Date
- Thread