[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Please test linux-2.6 (2.6.32-48squeeze9)


together with Raphaël Hertzog, Moritz Mühlenhoff, Ben Hutchings and Raphael 
Geissert I've prepared updated linux-2.6 packages using the latest 
upstream release.

The upload fixes the following CVEs:

CVE-2012-4461 CVE-2012-4508 CVE-2012-6657 CVE-2013-1796 CVE-2013-1798 
CVE-2013-4587 CVE-2013-6367 CVE-2014-4508 CVE-2014-4653 CVE-2014-4654 
CVE-2014-4655 CVE-2014-4943 CVE-2014-5077 CVE-2014-5471 CVE-2014-5472

Packages are available at http://layer-acht.org/squeeze9/

Please test and report feedback!


linux-2.6 (2.6.32-48squeeze9) squeeze-lts; urgency=medium

  * Security upload by the Debian LTS team with support from the Debian Kernel
    and Security Teams.
  * New upstream stable release, see
    https://lkml.org/lkml/2014/11/23/181 for more information.

  [ Raphaël Hertzog ]
  * The following upstream releases include many security fixes which
    were already shipped in previous Debian releases.
  * Add stable release
    - Revert "pcdp: use early_ioremap/early_iounmap to access pcdp table"
    - Revert "block: improve queue_should_plug() by looking at IO depths"
    - 2.6.32.y: timekeeping: Fix nohz issue with commit
    - clockevents: Don't allow dummy broadcast timers
    - posix-cpu-timers: Fix nanosleep task_struct leak
    - timer: Don't reinitialize the cpu base lock during CPU_UP_PREPARE
    - tick: Cleanup NOHZ per cpu data on cpu down
    - kbuild: Fix gcc -x syntax
    - gen_init_cpio: avoid stack overflow when expanding
    - usermodehelper: introduce umh_complete(sub_info)
    - usermodehelper: implement UMH_KILLABLE
    - usermodehelper: ____call_usermodehelper() doesn't need do_exit()
    - kmod: introduce call_modprobe() helper
    - kmod: make __request_module() killable
    - exec: do not leave bprm->interp on stack
    - exec: use -ELOOP for max recursion depth
    - signal: always clear sa_restorer on execve
    - ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread
    - ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up()
    - ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL
    - ptrace: Fix ptrace when task is in task_is_stopped() state
    - kernel/signal.c: stop info leak via the tkill and the tgkill syscalls
    - signal: Define __ARCH_HAS_SA_RESTORER so we know whether to clear
    - kernel/signal.c: use __ARCH_HAS_SA_RESTORER instead of SA_RESTORER
    - wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED
    - coredump: prevent double-free on an error path in core dumper
    - kernel/sys.c: call disable_nonboot_cpus() in kernel_restart()
    - ring-buffer: Fix race between integrity check and readers
    - genalloc: stop crashing the system when destroying a pool
    - kernel/resource.c: fix stack overflow in __reserve_region_with_split()
    - Driver core: treat unregistered bus_types as having no devices
    - cgroup: remove incorrect dget/dput() pair in cgroup_create_dir()
    - Fix a dead loop in async_synchronize_full()
    - tracing: Don't call page_to_pfn() if page is NULL
    - tracing: Fix double free when function profile init failed
    - hugetlb: fix resv_map leak in error path
    - mm: fix vma_resv_map() NULL pointer
    - mm: Fix PageHead when !CONFIG_PAGEFLAGS_EXTENDED
    - mm: bugfix: set current->reclaim_state to NULL while returning from
    - mm: fix invalidate_complete_page2() lock ordering
    - mempolicy: fix a race in shared_policy_replace()
    - ALSA: hda - More ALC663 fixes and support of compatible chips
    - ALSA: hda - Add a pin-fix for FSC Amilo Pi1505
    - ALSA: seq: Fix missing error handling in snd_seq_timer_open()
    - ALSA: ac97 - Fix missing NULL check in snd_ac97_cvol_new()
    - x86, ioapic: initialize nr_ioapic_registers early in 
    - x86: Don't use the EFI reboot method by default
    - x86, random: make ARCH_RANDOM prompt if EMBEDDED, not EXPERT
    - x86/xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS.
    - x86/msr: Add capabilities check
    - x86/mm: Check if PUD is large when validating a kernel address
    - x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates
    - xen/bootup: allow read_tscp call for Xen PV guests.
    - xen/bootup: allow {read|write}_cr8 pvops call.
    - KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME
    - KVM: x86: relax MSR_KVM_SYSTEM_TIME alignment check
    - KVM: Fix bounds checking in ioapic indirect register reads 
    - KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set
    - MCE: Fix vm86 handling for 32bit mce handler
    - ACPI / cpuidle: Fix NULL pointer issues when cpuidle is disabled
    - alpha: Add irongate_io to PCI bus resources
    - PARISC: fix user-triggerable panic on parisc
    - serial: 8250, increase PASS_LIMIT
    - drivers/char/ipmi: memcpy, need additional 2 bytes to avoid memory
    - w1: fix oops when w1_search is called from netlink connector
    - staging: comedi: ni_labpc: correct differential channel sequence for AI
    - staging: comedi: ni_labpc: set up command4 register *after* command3
    - staging: comedi: comedi_test: fix race when cancelling command
    - staging: comedi: fix memory leak for saved channel list
    - staging: comedi: s626: don't dereference insn->data
    - staging: comedi: jr3_pci: fix iomem dereference
    - staging: comedi: don't dereference user memory for INSN_INTTRIG
    - staging: comedi: check s->async for poll(), read() and write()
    - staging: comedi: das08: Correct AO output for das08jr-16-ao
    - staging: vt6656: [BUG] out of bound array reference in RFbSetPower.
    - libata: fix Null pointer dereference on disk error
    - scsi: Silence unnecessary warnings about ioctl to partition
    - scsi: use __uX types for headers exported to user space
    - fix crash in scsi_dispatch_cmd()
    - SCSI: bnx2i: Fixed NULL ptr deference for 1G bnx2 Linux iSCSI offload
    - keys: fix race with concurrent install_user_keyrings()
    - crypto: cryptd - disable softirqs in cryptd_queue_worker to prevent data
    - xfrm_user: fix info leak in copy_to_user_state()
    - xfrm_user: fix info leak in copy_to_user_policy()
    - xfrm_user: fix info leak in copy_to_user_tmpl()
    - xfrm_user: return error pointer instead of NULL
    - xfrm_user: return error pointer instead of NULL #2
    - r8169: correct settings of rtl8102e.
    - r8169: remove the obsolete and incorrect AMD workaround
    - r8169: Add support for D-Link 530T rev C1 (Kernel Bug 38862)
    - r8169: incorrect identifier for a 8168dp
    - b43legacy: Fix crash on unload when firmware not available
    - tg3: Avoid null pointer dereference in tg3_interrupt in netconsole mode
    - IPoIB: Fix use-after-free of multicast object
    - telephony: ijx: buffer overflow in ixj_write_cid()
    - Bluetooth: Fix incorrect strncpy() in hidp_setup_hid()
    - Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER)
    - Bluetooth: RFCOMM - Fix info leak via getsockname()
    - Bluetooth: RFCOMM - Fix missing msg_namelen update in
    - Bluetooth: L2CAP - Fix info leak via getsockname()
    - Bluetooth: fix possible info leak in bt_sock_recvmsg()
    - xhci: Make handover code more robust
    - USB: EHCI: go back to using the system clock for QH unlinks
    - USB: whiteheat: fix memory leak in error path
    - USB: serial: Fix memory leak in sierra_release()
    - USB: mos7840: fix urb leak at release
    - USB: mos7840: fix port-device leak in error path
    - USB: garmin_gps: fix memory leak on disconnect
    - USB: io_ti: Fix NULL dereference in chase_port()
    - USB: cdc-wdm: fix buffer overflow
    - USB: serial: ftdi_sio: Handle the old_termios == 0 case e.g.
    - USB: ftdi_sio: Quiet sparse noise about using plain integer was NULL
    - epoll: prevent missed events on EPOLL_CTL_MOD
    - fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check
    - fs/fscache/stats.c: fix memory leak
    - sysfs: sysfs_pathname/sysfs_add_one: Use strlcat() instead of strcat()
    - tmpfs: fix use-after-free of mempolicy object
    - jbd: Delay discarding buffers in journal_unmap_buffer
    - jbd: Fix assertion failure in commit code due to lacking transaction
    - jbd: Fix lock ordering bug in journal_unmap_buffer()
    - ext4: Fix fs corruption when make_indexed_dir() fails
    - ext4: don't dereference null pointer when make_indexed_dir() fails
    - ext4: Fix max file size and logical block counting of extent format file
    - ext4: fix memory leak in ext4_xattr_set_acl()'s error path
    - ext4: online defrag is not supported for journaled files
    - ext4: always set i_op in ext4_mknod()
    - ext4: fix fdatasync() for files with only i_size changes
    - ext4: lock i_mutex when truncating orphan inodes
    - ext4: fix race in ext4_mb_add_n_trim()
    - ext4: limit group search loop for non-extent files
    - CVE-2012-4508 kernel: ext4: AIO vs fallocate stale data exposure
    - ext4: make orphan functions be no-op in no-journal mode
    - ext4: avoid hang when mounting non-journal filesystems with orphan list
    - udf: fix memory leak while allocating blocks during write
    - udf: avoid info leak on export
    - udf: Fix bitmap overflow on large filesystems with small block size
    - fs/cifs/cifs_dfs_ref.c: fix potential memory leakage
    - isofs: avoid info leak on export
    - fat: Fix stat->f_namelen
    - NLS: improve UTF8 -> UTF16 string conversion routine
    - hfsplus: fix potential overflow in hfsplus_file_truncate()
    - btrfs: use rcu_barrier() to wait for bdev puts at unmount
    - kernel panic when mount NFSv4
    - nfsd4: fix oops on unusual readlike compound
    - net/core: Fix potential memory leak in dev_set_alias()
    - net: reduce net_rx_action() latency to 2 HZ
    - softirq: reduce latencies
    - af_packet: remove BUG statement in tpacket_destruct_skb
    - bridge: set priority of STP packets
    - bonding: Fix slave selection bug.
    - ipv4: check rt_genid in dst_check
    - net_sched: gact: Fix potential panic in tcf_gact().
    - net: sched: integer overflow fix
    - net: prevent setting ttl=0 via IP_TTL
    - net: fix divide by zero in tcp algorithm illinois
    - net: guard tcp_set_keepalive() to tcp sockets
      Fixes CVE-2012-6657
    - net: fix info leak in compat dev_ifconf()
    - inet: add RCU protection to inet->opt
    - tcp: allow splice() to build full TSO packets
    - tcp: fix MSG_SENDPAGE_NOTLAST logic
    - tcp: preserve ACK clocking in TSO
    - unix: fix a race condition in unix_release()
    - dcbnl: fix various netlink info leaks
    - sctp: fix memory leak in sctp_datamsg_from_user() when copy from user
      space fails
    - net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree
    - net: sctp: sctp_endpoint_free: zero out secret key data
    - net: sctp: sctp_auth_key_put: use kzfree instead of kfree
    - ipv6: discard overlapping fragment
    - ipv6: make fragment identifications less predictable
    - netfilter: nf_ct_ipv4: packets with wrong ihl are invalid
    - ipvs: allow transmit of GRO aggregated skbs
    - ipvs: IPv6 MTU checking cleanup and bugfix
    - ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT)
    - atm: update msg_namelen in vcc_recvmsg()
    - atm: fix info leak via getsockname()
    - atm: fix info leak in getsockopt(SO_ATMPVC)
    - ax25: fix info leak via msg_name in ax25_recvmsg()
    - isdnloop: fix and simplify isdnloop_init()
    - iucv: Fix missing msg_namelen update in iucv_sock_recvmsg()
    - llc: fix info leak via getsockname()
    - llc: Fix missing msg_namelen update in llc_ui_recvmsg()
    - rds: set correct msg_namelen
    - rose: fix info leak via msg_name in rose_recvmsg()
    - irda: Fix missing msg_namelen update in irda_recvmsg_dgram()
    - tipc: fix info leaks via msg_name in recv_msg/recv_stream
    - mpt2sas: Send default descriptor for RAID pass through in mpt2ctl
    - x86, ptrace: fix build breakage with gcc 4.7
  * Add stable release
    - scsi: fix missing include linux/types.h in scsi_netlink.h
    - Fix lockup related to stop_machine being stuck in __do_softirq.
    - Revert "x86, ptrace: fix build breakage with gcc 4.7"
    - x86, ptrace: fix build breakage with gcc 4.7 (second try)
    - ipvs: fix CHECKSUM_PARTIAL for TCP, UDP
    - intel-iommu: Flush unmaps at domain_exit
    - staging: comedi: ni_65xx: (bug fix) confine insn_bits to one subdevice
    - kernel/kmod.c: check for NULL in call_usermodehelper_exec()
    - cciss: fix info leak in cciss_ioctl32_passthru()
    - cpqarray: fix info leak in ida_locked_ioctl()
    - drivers/cdrom/cdrom.c: use kzalloc() for failing hardware
    - sctp: deal with multiple COOKIE_ECHO chunks
    - sctp: Use correct sideffect command in duplicate cookie handling
    - ipv6: ip6_sk_dst_check() must not assume ipv6 dst
    - af_key: fix info leaks in notify messages
    - af_key: initialize satype in key_notify_policy_flush()
    - block: do not pass disk names as format strings
    - b43: stop format string leaking into error msgs
    - HID: validate HID report id size
    - HID: zeroplus: validate output report details
    - HID: pantherlord: validate output report details
    - HID: LG: validate HID output report details
    - HID: check for NULL field when setting values
    - HID: provide a helper for validating hid reports
    - crypto: api - Fix race condition in larval lookup
    - ipv6: tcp: fix panic in SYN processing
    - tcp: must unclone packets before mangling them
    - net: do not call sock_put() on TIMEWAIT sockets
    - net: heap overflow in __audit_sockaddr()
    - proc connector: fix info leaks
    - can: dev: fix nlmsg size calculation in can_get_size()
    - net: vlan: fix nlmsg size calculation in vlan_get_size()
    - farsync: fix info leak in ioctl
    - connector: use nlmsg_len() to check message length
    - net: dst: provide accessor function to dst->xfrm
    - sctp: Use software crc32 checksum when xfrm transform will happen.
    - sctp: Perform software checksum if packet has to be fragmented.
    - wanxl: fix info leak in ioctl
    - davinci_emac.c: Fix IFF_ALLMULTI setup
    - resubmit bridge: fix message_age_timer calculation
    - ipv6 mcast: use in6_dev_put in timer handlers instead of __in6_dev_put
    - ipv4 igmp: use in_dev_put in timer handlers instead of __in_dev_put
    - dm9601: fix IFF_ALLMULTI handling
    - bonding: Fix broken promiscuity reference counting issue
    - ll_temac: Reset dma descriptors indexes on ndo_open
    - tcp: fix tcp_md5_hash_skb_data()
    - ipv6: fix possible crashes in ip6_cork_release()
    - ip_tunnel: fix kernel panic with icmp_dest_unreach
    - net: sctp: fix NULL pointer dereference in socket destruction
    - packet: packet_getname_spkt: make sure string is always 0-terminated
    - neighbour: fix a race in neigh_destroy()
    - net: Swap ver and type in pppoe_hdr
    - sunvnet: vnet_port_remove must call unregister_netdev
    - ifb: fix rcu_sched self-detected stalls
    - dummy: fix oops when loading the dummy failed
    - ifb: fix oops when loading the ifb failed
    - vlan: fix a race in egress prio management
    - arcnet: cleanup sizeof parameter
    - sysctl net: Keep tcp_syn_retries inside the boundary
    - sctp: fully initialize sctp_outq in sctp_outq_init
    - net_sched: Fix stack info leak in cbq_dump_wrr().
    - af_key: more info leaks in pfkey messages
    - net_sched: info leak in atm_tc_dump_class()
    - htb: fix sign extension bug
    - net: check net.core.somaxconn sysctl values
    - tcp: cubic: fix bug in bictcp_acked()
    - ipv6: don't stop backtracking in fib6_lookup_1 if subtree does not match
    - ipv6: remove max_addresses check from ipv6_create_tempaddr
    - ipv6: drop packets with multiple fragmentation headers
    - ipv6: Don't depend on per socket memory for neighbour discovery messages
    - ICMPv6: treat dest unreachable codes 5 and 6 as EACCES, not EPROTO
    - tipc: fix lockdep warning during bearer initialization
    - net: Fix "ip rule delete table 256"
    - ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
    - random32: fix off-by-one in seeding requirement
    - bonding: fix two race conditions in bond_store_updelay/downdelay
    - isdnloop: use strlcpy() instead of strcpy()
    - ipv4: fix possible seqlock deadlock
    - inet: prevent leakage of uninitialized memory to user in recv syscalls
    - net: rework recvmsg handler msg_name and msg_namelen logic
    - net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
    - inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
    - net: clamp ->msg_namelen instead of returning an error
    - ipv6: fix leaking uninitialized port number of offender sockaddr
    - atm: idt77252: fix dev refcnt leak
    - net: core: Always propagate flag changes to interfaces
    - bridge: flush br's address entry in fdb when remove the bridge dev
    - inet: fix possible seqlock deadlocks
    - ipv6: fix possible seqlock deadlock in ip6_finish_output2
    - {pktgen, xfrm} Update IPv4 header total len and checksum after
    - net: drop_monitor: fix the value of maxattr
    - net: unix: allow bind to fail on mutex lock
    - drivers/net/hamradio: Integer overflow in hdlcdrv_ioctl()
    - hamradio/yam: fix info leak in ioctl
    - rds: prevent dereference of a NULL device
    - net: rose: restore old recvmsg behavior
    - net: llc: fix use after free in llc_ui_recvmsg
    - inet_diag: fix inet_diag_dump_icsk() timewait socket state logic
    - net: fix 'ip rule' iif/oif device rename
    - tg3: Fix deadlock in tg3_change_mtu()
    - bonding: 802.3ad: make aggregator_identifier bond-private
    - net: sctp: fix sctp_connectx abi for ia32 emulation/compat mode
    - virtio-net: alloc big buffers also when guest can receive UFO
    - tg3: Don't check undefined error bits in RXBD
    - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
    - net: sctp: fix skb leakage in COOKIE ECHO path of chunk->auth_chunk
    - net: socket: error on a negative msg_namelen
    - netlink: don't compare the nul-termination in nla_strcmp
    - isdnloop: several buffer overflows
    - rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - isdnloop: Validate NUL-terminated strings from user.
    - sctp: unbalanced rcu lock in ip_queue_xmit()
    - aacraid: prevent invalid pointer dereference
    - ipv6: udp packets following an UFO enqueued packet need also be handled 
    - inet: fix possible memory corruption with UDP_CORK and UFO
    - vm: add vm_iomap_memory() helper function
    - Fix a few incorrectly checked [io_]remap_pfn_range() calls
    - libertas: potential oops in debugfs
    - x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround
    - gianfar: disable TX vlan based on kernel 2.6.x
    - powernow-k6: set transition latency value so ondemand governor can be 
    - powernow-k6: disable cache when changing frequency
    - powernow-k6: correctly initialize default parameters
    - powernow-k6: reorder frequencies
    - tcp: fix tcp_trim_head() to adjust segment count with skb MSS
    - tcp_cubic: limit delayed_ack ratio to prevent divide error
    - tcp_cubic: fix the range of delayed_ack
    - n_tty: Fix n_tty_write crash when echoing in raw mode
    - exec/ptrace: fix get_dumpable() incorrect tests
    - ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET
      pending data
    - dm snapshot: fix data corruption
    - crypto: ansi_cprng - Fix off by one error in non-block size request
    - uml: check length in exitcode_proc_write()
    - KVM: Improve create VCPU parameter (CVE-2013-4587)
    - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
    - qeth: avoid buffer overflow in snmp ioctl
    - xfs: underflow bug in xfs_attrlist_by_handle()
    - aacraid: missing capable() check in compat ioctl
    - SELinux: Fix kernel BUG on empty security contexts.
    - s390: fix kernel crash due to linkage stack instructions
    - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
    - floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - floppy: don't write kernel-only members to FDRAWCMD ioctl output
  * Add stable release
    - ethtool: Report link-down while interface is down
    - futex: Add another early deadlock detection check
    - futex: Prevent attaching to kernel threads
    - futex-prevent-requeue-pi-on-same-futex.patch futex: Forbid uaddr == 
      in futex_requeue(..., requeue_pi=1)
    - futex: Validate atomic acquisition in futex_lock_pi_atomic()
    - futex: Always cleanup owner tid in unlock_pi
    - futex: Make lookup_pi_state more robust
    - auditsc: audit_krule mask accesses need bounds checking
    - net: fix regression introduced in by sysctl fixes
  * Add stable release
    - x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508)
    - x86_32, entry: Store badsys error code in %eax
    - x86_32, entry: Clean up sysenter_badsys declaration
    - MIPS: Cleanup flags in syscall flags handlers.
    - MIPS: asm: thread_info: Add _TIF_SECCOMP flag
    - fix autofs/afs/etc. magic mountpoint breakage
    - ALSA: control: Make sure that id->index does not overflow
    - ALSA: control: Handle numid overflow
    - sctp: Fix sk_ack_backlog wrap-around problem
    - mm: try_to_unmap_cluster() should lock_page() before mlocking
    - filter: prevent nla extensions to peek beyond the end of the message
    - ALSA: control: Protect user controls against concurrent access
    - ptrace,x86: force IRET path after a ptrace_stop()
    - sym53c8xx_2: Set DID_REQUEUE return code when aborting squeue
    - tcp: fix tcp_match_skb_to_sack() for unaligned SACK at end of an skb
    - igmp: fix the problem when mc leave group
    - appletalk: Fix socket referencing in skb
    - net: sctp: fix information leaks in ulpevent layer
    - sunvnet: clean up objects created in vnet_new() on vnet_exit()
    - ipv4: fix buffer overflow in ip_options_compile()
    - net: sctp: inherit auth_capable on INIT collisions
      Fixes CVE-2014-5077
    - net: sendmsg: fix NULL pointer dereference
    - tcp: Fix integer-overflows in TCP veno
    - tcp: Fix integer-overflow in TCP vegas
    - macvlan: Initialize vlan_features to turn on offload support.
    - net: Correctly set segment mac_len in skb_segment().
    - iovec: make sure the caller actually wants anything in 
    - sctp: fix possible seqlock seadlock in sctp_packet_transmit()
    - Revert "nfsd: correctly handle return value from nfsd_map_name_to_*"
    - dm crypt: fix access beyond the end of allocated space
    - gianfar: disable vlan tag insertion by default
    - USB: kobil_sct: fix non-atomic allocation in write path
    - fix misuses of f_count() in ppp and netlink
    - net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks
    - tty: Fix high cpu load if tty is unreleaseable
    - netfilter: nf_log: account for size of NLMSG_DONE attribute
    - netfilter: nfnetlink_log: fix maximum packet length logged to userspace
    - ring-buffer: Always reset iterator to reader page
    - md/raid6: avoid data corruption during recovery of double-degraded RAID6
    - net: pppoe: use correct channel MTU when using Multilink PPP
    - ARM: 7668/1: fix memset-related crashes caused by recent GCC (4.7.2)
    - ARM: 7670/1: fix the memset fix
    - lib/lzo: Update LZO compression to current upstream version
    - Documentation: lzo: document part of the encoding
    - lzo: check for length overrun in variable length encoding.
    - USB: add new zte 3g-dongle's pid to option.c
    - futex: Unlock hb->lock in futex_wait_requeue_pi() error path
    - isofs: Fix unbounded recursion when processing relocated directories
      Fixes CVE-2014-5471 CVE-2014-5472
    - sctp: not send SCTP_PEER_ADDR_CHANGE notifications with failed probe
  * Update the OpenVZ patch to apply on top of Non-trivial changes
    in net/ipv4/tcp_output.c.

  [ Holger Levsen ]
  * CVE-2014-4653: ALSA: control: Ensure possession of a read/write lock.
  * CVE-2014-4654: ALSA: control: Check authorization for commands.
  * CVE-2014-4655: ALSA: control: Maintain the user_ctl_count value properly.
  * Ignore ABI change of  module:drivers/scsi/osd/libosd by listing it in

  [ Raphael Geissert ]
  * CVE-2014-4943: net: ppol2tp: don't fall back on UDP [get|set]sockopt

 -- Holger Levsen <holger@debian.org>  Sun, 30 Nov 2014 15:57:49 +0100

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: