is 2.6.26-19lenny1 legit?
I don't seen any annoucement on security-announce or on security.debian.org!
Are these packages legit?
linux-headers-2.6.26-2-amd64_2.6.26-19lenny1_amd64.deb
linux-headers-2.6.26-2-common_2.6.26-19lenny1_amd64.deb
linux-libc-dev_2.6.26-19lenny1_amd64.deb
linux-image-2.6.26-2-amd64_2.6.26-19lenny1_amd64.deb
linux-image-2.6.26-2-686_2.6.26-19lenny1_i386.deb
linux-libc-dev_2.6.26-19lenny1_i386.deb
Here's the last two changelog entries I found in the amd64 deb
(linux-image-2.6.26-2-amd64_2.6.26-19lenny1_amd64.deb). I couldn't find the
changelog on packages.debian.org.
linux-2.6 (2.6.26-19lenny1) stable-security; urgency=high
* appletalk: Fix skb leak when ipddp interface is not loaded
(CVE-2009-2903)
* KVM: x86: Disallow hypercalls for guest callers in rings > 0
(CVE-2009-3290)
* selinux: prevent local users from bypassing mmap_min_addr
in unconfined domains (CVE-2009-2695)
* fix information leak in llc_ui_getname (CVE-2009-3001)
* net: fix information leak due to uninitialized structures in
getname functions (CVE-2009-3002)
* eCryptfs: Prevent lower dentry from going negative during unlink
(CVE-2009-2908)
* net ax25: Fix signed comparison in the sockopt handler (CVE-2009-2909)
* x86: Don't leak 64-bit kernel register values to 32-bit processes
(CVE-2009-2910)
* NFSv4: move iattr & verf attributes of struct nfsd4_open out of the
union (CVE-2009-3286)
* r8169: use hardware auto padding (CVE-2009-3613)
-- dann frazier <dannf@debian.org> Sat, 17 Oct 2009 10:52:13 -0600
linux-2.6 (2.6.26-19) stable; urgency=high
[ Moritz Muehlenhoff ]
* Input: ALPS - add signature for Toshiba Satellite Pro M10
(Closes: #434722)
[ dann frazier ]
* aacraid: Fix regression w/ bigmem kernel (Closes: #537771)
* [parisc] isa-eeprom - Fix loff_t usage (CVE-2009-2846)
* do_sigaltstack: avoid copying 'stack_t' as a structure to user space
(CVE-2009-2847)
* execve: must clear current->clear_child_tid (CVE-2009-2848)
* md: avoid dereferencing NULL pointer when accessing suspend_* sysfs
attributes (CVE-2009-2849)
-- dann frazier <dannf@debian.org> Tue, 18 Aug 2009 22:45:27 -0600
--
Tom Vier <nester@gmail.com>
DSA Key ID 0x15741ECE
Reply to: