Package : linux-2.6 Version : 2.6.32-48squeeze10 CVE ID : CVE-2014-3185 CVE-2014-3687 CVE-2014-3688 CVE-2014-6410 CVE-2014-7841 CVE-2014-8709 CVE-2014-8884 Non-maintainer upload by the Squeeze LTS and Kernel Teams. New upstream stable release 188.8.131.52, see http://lkml.org/lkml/2014/12/13/81 for more information. The stable release 184.108.40.206 includes the following new commits compared to the previous 2.6.32-48squeeze9 package: - USB: whiteheat: Added bounds checking for bulk command response (CVE-2014-3185) - net: sctp: fix panic on duplicate ASCONF chunks (CVE-2014-3687) - net: sctp: fix remote memory pressure from excessive queueing (CVE-2014-3688) - udf: Avoid infinite loop when processing indirect ICBs (CVE-2014-6410) - net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (CVE-2014-7841) - mac80211: fix fragmentation code, particularly for encryption (CVE-2014-8709) - ttusb-dec: buffer overflow in ioctl (CVE-2014-8884) We recommend that you upgrade your linux-2.6 packages. We apologize for a minor cosmetic glitch: The following commits were already included in 2.6.32-48squeeze9 despite claims in debian/changelog they were only fixed in 2.6.32-48squeez10: - vlan: Don't propagate flag changes on down interfaces. - sctp: Fix double-free introduced by bad backport in 220.127.116.11 - md/raid6: Fix misapplied backport in 18.104.22.168 - block: add missing blk_queue_dead() checks - block: Fix blk_execute_rq_nowait() dead queue handling - proc connector: Delete spurious memset in proc_exit_connector()
Description: This is a digitally signed message part.