Bug#323173: CAN-2005-245[89]: Two vulnerabilities in the kernel's zlib

[Horms <horms@debian.org>]

On Mon, Aug 15, 2005 at 07:53:03PM +0900, Horms wrote:
> On Mon, Aug 15, 2005 at 10:24:51AM +0200, Moritz Muehlenhoff wrote:
> > Package: linux-2.6
> > Severity: important
> > Tags: security patch
> > 
> > There are another two vulnerabilities fixed in 2.6.12.5, that might require
> > backporting to 2.6.8 and 2.4.27. Please see 
> > http://kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=885605316d76c3fdce23dffe9c59e20539287c6b
> > for descriptions, links and patches.
> 
> I have added this to linux-2.6 (except the bit that updates the kernel version).
> 
> For the record:
> 
> sys_set_mempolicy-mode-check.patch
> 2.6.8: Does not appear to have this problem
2.4.27: Does not appear to have this problem

> x86_64-srat-dual-core-amd.patch
> 2.6.8: Does not appear to have this problem
2.4.27: Does not appear to have this problem

> x86_64-fix-smpboot-timing-problem.patch
> 2.6.8: Does not appear to have this problem
2.4.27: Does not appear to have this problem

> linux-zlib-fixes.patch (CAN-2005-2458, CAN-2005-2459)
> 2.6.8: Added as linux-zlib-fixes.dpatch
2.4.27: Added as 182_linux-zlib-fixes.diff

> zisofs.patch
> 2.6.8: Added as zisofs.dpatch
Added as 183_zisofs.diff
This smells like something that averts an overrun to me

> key-session-join.patch: CAN-2005-2098
> 2.6.8: Does not appear to have this problem
2.4.27: Does not appear to have this problem

> failed-keyring-oops.patch: CAN-2005-2099
> 2.6.8: Does not appear to have this problem
2.4.27: Does not appear to have this problem

> module-per-cpu-alignment-fix.patch
> 2.6.8: added as module-per-cpu-alignment-fix.dpatch
2.4.27: Does not appear to have this problem

> I will try to get to 2.4.27 tomorrow.

Done :)

-- 
Horms