Author: dannf Date: Tue Sep 5 06:26:15 2006 New Revision: 7325 Modified: dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/changelog dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/control
Log: * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 Modified: dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/changelog ============================================================================== --- dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/changelog (original) +++ dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/changelog Tue Sep 5 06:26:15 2006 @@ -1,3 +1,43 @@ +kernel-image-2.4.27-s390 (2.4.27-2sarge4) stable-security; urgency=high + + * Build against kernel-tree-2.4.27-10sarge4: + * [ERRATA] 213_madvise_remove-restrict.diff + [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with + CVE-2006-1524. However, this patch fixes an mprotect issue that was + split off from the original report into CVE-2006-2071. 2.4.27 is not + vulnerable to CVE-2006-1524 the madvise_remove issue. + See CVE-2006-2071 + * 223_nfs-handle-long-symlinks.diff + [SECURITY] Fix buffer overflow in NFS readline handling that allows a + remote server to cause a denial of service (crash) via a long symlink + See CVE-2005-4798 + * 224_cdrom-bad-cgc.buflen-assign.diff + [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially + be used by a local user to trigger a buffer overflow via a specially + crafted DVD, USB stick, or similar automatically mounted device. + See CVE-2006-2935 + * 225_sg-no-mmap-VM_IO.diff + [SECURITY] Fix DoS vulnerability whereby a local user could attempt + a dio/mmap and cause the sg driver to oops. + See CVE-2006-1528 + * 226_snmp-nat-mem-corruption-fix.diff + [SECURITY] Fix memory corruption in snmp_trap_decode + See CVE-2006-2444 + * 227_kfree_skb.diff + [SECURITY] Fix race between kfree_skb and __skb_unlink + See CVE-2006-2446 + * 228_sparc-mb-extraneous-semicolons.diff + Fix a syntax error caused by extranous semicolons in smp_mb() macros + which resulted in a build failure with 227_kfree_skb.diff + * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff + [SECURITY] Fix SCTP privelege escalation + See CVE-2006-3745 + * 231_udf-deadlock.diff + [SECURITY] Fix possible UDF deadlock and memory corruption + See CVE-2006-4145 + + -- dann frazier <[EMAIL PROTECTED]> Tue, 5 Sep 2006 00:24:23 -0600 + kernel-image-2.4.27-s390 (2.4.27-2sarge3) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge3: Modified: dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/control ============================================================================== --- dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/control (original) +++ dists/sarge-security/kernel-2.4/s390/kernel-image-2.4.27-s390/debian/control Tue Sep 5 06:26:15 2006 @@ -4,7 +4,7 @@ Maintainer: Debian S/390 Team <debian-s390@lists.debian.org> Uploaders: Bastian Blank <[EMAIL PROTECTED]> Standards-Version: 3.5.6 -Build-Depends: debhelper (>> 4.0.0), modutils (>= 2.4.21), kernel-tree-2.4.27-10sarge3, kernel-patch-2.4.27-s390 (>= 2.4.27-2sarge1), kernel-package (>= 8.084) +Build-Depends: debhelper (>> 4.0.0), modutils (>= 2.4.21), kernel-tree-2.4.27-10sarge4, kernel-patch-2.4.27-s390 (>= 2.4.27-2sarge1), kernel-package (>= 8.084) Package: kernel-headers-2.4.27-3 Architecture: s390 _______________________________________________ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes