Author: dannf Date: Mon Sep 4 16:03:45 2006 New Revision: 7307 Modified: dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/changelog dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/rules
Log: * Build against kernel-tree-2.6.8-16sarge5: * [ERRATA] madvise_remove-restrict.dpatch [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.6.8 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * fs-ext3-bad-nfs-handle.dpatch [SECURITY] James McKenzie discovered a Denial of Service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. See CVE-2006-3468 * direct-io-write-mem-leak.dpatch [SECURITY] Fix memory leak in O_DIRECT write. See CVE-2004-2660 * nfs-handle-long-symlinks.dpatch [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * cdrom-bad-cgc.buflen-assign.dpatch [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * usb-serial-ftdi_sio-dos.patch [SECURITY] fix userspace DoS in ftdi_sio driver See CVE-2006-2936 * selinux-tracer-SID-fix.dpatch [SECURITY] Fix vulnerability in selinux_ptrace that prevents local users from changing the tracer SID to the SID of another process See CVE-2006-1052 * netfilter-SO_ORIGINAL_DST-leak.dpatch [SECURITY] Fix information leak in SO_ORIGINAL_DST See CVE-2006-1343 * sg-no-mmap-VM_IO.dpatch [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * exit-bogus-bugon.dpatch [SECURITY] Remove bogus BUG() in exit.c which could be maliciously triggered by a local user See CVE-2006-1855 * readv-writev-missing-lsm-check.dpatch, readv-writev-missing-lsm-check-compat.dpatch [SECURITY] Add missing file_permission callback in readv/writev syscalls See CVE-2006-1856 * snmp-nat-mem-corruption-fix.dpatch [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * kfree_skb-race.dpatch [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * sctp-priv-elevation.dpatch, sctp-priv-elevation-2.dpatch [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * ppc-hid0-dos.dpatch [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on PPC970 at boot time See CVE-2006-4093 * udf-deadlock.dpatch [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 Modified: dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/changelog ============================================================================== --- dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/changelog (original) +++ dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/changelog Mon Sep 4 16:03:45 2006 @@ -1,3 +1,71 @@ +kernel-patch-powerpc-2.6.8 (2.6.8-12sarge5) stable-security; urgency=high + + * Build against kernel-tree-2.6.8-16sarge5: + * [ERRATA] madvise_remove-restrict.dpatch + [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with + CVE-2006-1524. However, this patch fixes an mprotect issue that was + split off from the original report into CVE-2006-2071. 2.6.8 is not + vulnerable to CVE-2006-1524 the madvise_remove issue. + See CVE-2006-2071 + * fs-ext3-bad-nfs-handle.dpatch + [SECURITY] James McKenzie discovered a Denial of Service vulnerability + in the NFS driver. When exporting an ext3 file system over NFS, a remote + attacker could exploit this to trigger a file system panic by sending + a specially crafted UDP packet. + See CVE-2006-3468 + * direct-io-write-mem-leak.dpatch + [SECURITY] Fix memory leak in O_DIRECT write. + See CVE-2004-2660 + * nfs-handle-long-symlinks.dpatch + [SECURITY] Fix buffer overflow in NFS readline handling that allows a + remote server to cause a denial of service (crash) via a long symlink + See CVE-2005-4798 + * cdrom-bad-cgc.buflen-assign.dpatch + [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially + be used by a local user to trigger a buffer overflow via a specially + crafted DVD, USB stick, or similar automatically mounted device. + See CVE-2006-2935 + * usb-serial-ftdi_sio-dos.patch + [SECURITY] fix userspace DoS in ftdi_sio driver + See CVE-2006-2936 + * selinux-tracer-SID-fix.dpatch + [SECURITY] Fix vulnerability in selinux_ptrace that prevents local + users from changing the tracer SID to the SID of another process + See CVE-2006-1052 + * netfilter-SO_ORIGINAL_DST-leak.dpatch + [SECURITY] Fix information leak in SO_ORIGINAL_DST + See CVE-2006-1343 + * sg-no-mmap-VM_IO.dpatch + [SECURITY] Fix DoS vulnerability whereby a local user could attempt + a dio/mmap and cause the sg driver to oops. + See CVE-2006-1528 + * exit-bogus-bugon.dpatch + [SECURITY] Remove bogus BUG() in exit.c which could be maliciously + triggered by a local user + See CVE-2006-1855 + * readv-writev-missing-lsm-check.dpatch, + readv-writev-missing-lsm-check-compat.dpatch + [SECURITY] Add missing file_permission callback in readv/writev syscalls + See CVE-2006-1856 + * snmp-nat-mem-corruption-fix.dpatch + [SECURITY] Fix memory corruption in snmp_trap_decode + See CVE-2006-2444 + * kfree_skb-race.dpatch + [SECURITY] Fix race between kfree_skb and __skb_unlink + See CVE-2006-2446 + * sctp-priv-elevation.dpatch, sctp-priv-elevation-2.dpatch + [SECURITY] Fix SCTP privelege escalation + See CVE-2006-3745 + * ppc-hid0-dos.dpatch + [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on + PPC970 at boot time + See CVE-2006-4093 + * udf-deadlock.dpatch + [SECURITY] Fix possible UDF deadlock and memory corruption + See CVE-2006-4145 + + -- dann frazier <[EMAIL PROTECTED]> Mon, 4 Sep 2006 10:01:37 -0600 + kernel-patch-powerpc-2.6.8 (2.6.8-12sarge4) stable-security; urgency=high * Build against kernel-tree-2.6.8-16sarge4: Modified: dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/rules ============================================================================== --- dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/rules (original) +++ dists/sarge-security/kernel/powerpc/kernel-patch-powerpc-2.6.8-2.6.8/debian/rules Mon Sep 4 16:03:45 2006 @@ -11,7 +11,7 @@ OFFICIAL_VERSION = No # This is the kernel-tree version we build against -ktver = 16sarge4 +ktver = 16sarge5 # set the build architecture if necessary DEB_HOST_ARCH ?= $(shell dpkg --print-architecture) _______________________________________________ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes