is 2.6.26-19lenny1 legit?

To: debian-security@lists.debian.org
Subject: is 2.6.26-19lenny1 legit?
From: Tom Vier <nester@gmail.com>
Date: Fri, 23 Oct 2009 11:04:03 -0400
Message-id: <[🔎] 20091023150403.GA5522@zero>
Reply-to: Tom Vier <nester@gmail.com>

I don't seen any annoucement on security-announce or on security.debian.org!
Are these packages legit?

linux-headers-2.6.26-2-amd64_2.6.26-19lenny1_amd64.deb
linux-headers-2.6.26-2-common_2.6.26-19lenny1_amd64.deb
linux-libc-dev_2.6.26-19lenny1_amd64.deb
linux-image-2.6.26-2-amd64_2.6.26-19lenny1_amd64.deb

linux-image-2.6.26-2-686_2.6.26-19lenny1_i386.deb
linux-libc-dev_2.6.26-19lenny1_i386.deb


Here's the last two changelog entries I found in the amd64 deb
(linux-image-2.6.26-2-amd64_2.6.26-19lenny1_amd64.deb). I couldn't find the
changelog on packages.debian.org.


linux-2.6 (2.6.26-19lenny1) stable-security; urgency=high

  * appletalk: Fix skb leak when ipddp interface is not loaded
    (CVE-2009-2903)                                           
  * KVM: x86: Disallow hypercalls for guest callers in rings > 0
    (CVE-2009-3290)                                             
  * selinux: prevent local users from bypassing mmap_min_addr
    in unconfined domains (CVE-2009-2695)                    
  * fix information leak in llc_ui_getname (CVE-2009-3001)
  * net: fix information leak due to uninitialized structures in
    getname functions (CVE-2009-3002)                           
  * eCryptfs: Prevent lower dentry from going negative during unlink
    (CVE-2009-2908)                                                 
  * net ax25: Fix signed comparison in the sockopt handler (CVE-2009-2909)
  * x86: Don't leak 64-bit kernel register values to 32-bit processes
    (CVE-2009-2910)                                                  
  * NFSv4: move iattr & verf attributes of struct nfsd4_open out of the
    union (CVE-2009-3286)                                              
  * r8169: use hardware auto padding (CVE-2009-3613)

 -- dann frazier <dannf@debian.org>  Sat, 17 Oct 2009 10:52:13 -0600

linux-2.6 (2.6.26-19) stable; urgency=high

  [ Moritz Muehlenhoff ]
  * Input: ALPS - add signature for Toshiba Satellite Pro M10
    (Closes: #434722)                                        

  [ dann frazier ]
  * aacraid: Fix regression w/ bigmem kernel (Closes: #537771)
  * [parisc] isa-eeprom - Fix loff_t usage (CVE-2009-2846)
  * do_sigaltstack: avoid copying 'stack_t' as a structure to user space
    (CVE-2009-2847)                                                     
  * execve: must clear current->clear_child_tid (CVE-2009-2848)
  * md: avoid dereferencing NULL pointer when accessing suspend_* sysfs
    attributes (CVE-2009-2849)                                         

 -- dann frazier <dannf@debian.org>  Tue, 18 Aug 2009 22:45:27 -0600


-- 
Tom Vier <nester@gmail.com>
DSA Key ID 0x15741ECE

Reply to:

Follow-Ups:
- Re: is 2.6.26-19lenny1 legit?
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Re: Live Penetration Testing.
Next by Date: Re: is 2.6.26-19lenny1 legit?
Previous by thread: Re: Live Penetration Testing.
Next by thread: Re: is 2.6.26-19lenny1 legit?
Index(es):
- Date
- Thread