-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 20 Feb 2008 14:20:35 -0700
Source: fai-kernels
Binary: fai-kernels
Architecture: source i386
Version: 1.9.1sarge8
Distribution: oldstable-security
Urgency: high
Maintainer: Thomas Lange <lange@debian.org>
Changed-By: dann frazier <dannf@debian.org>
Description:
fai-kernels - special kernels for FAI (Fully Automatic Installation)
Changes:
fai-kernels (1.9.1sarge8) oldstable-security; urgency=high
.
* Build against kernel-tree-2.4.27-10sarge6:
* 239_mincore-hang.diff
[SECURITY] Fix a potential deadlock in mincore
See CVE-2006-4814
* [ERRATA] 240_smbfs-honor-mount-opts-2.diff
Fix some regressions with respect to file types (e.g., symlinks)
introduced by the fix for CVE-2006-5871 in 2.4.27-10sarge5
* 241_bluetooth-capi-size-checks.diff
[SECURITY] Add additional length checks to avoid potential remote
DoS attacks in the handling of CAPI messages in the bluetooth driver
See CVE-2006-6106
* 242_ext3-fsfuzz.diff
[SECURITY] Fix a DoS vulnerability that can be triggered by a local
user with the ability to mount a corrupted ext3 filesystem
See CVE-2006-6053
* 243_ipv6_fl_socklist-no-share.diff
[SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
ipv6_fl_socklist between the listening socket and the socket created
for connection.
See CVE-2007-1592
* 244_bluetooth-l2cap-hci-info-leaks.diff
245_bluetooth-l2cap-hci-info-leaks-2.diff
[SECURITY] Fix information leaks in setsockopt() implementations
See CVE-2007-1353
* 246_dn_fib-out-of-bounds.diff
266_ipv4-fib_props-out-of-bounds.diff
267_ipv4-fib_props-out-of-bounds-2.diff
[SECURITY] Fix out of bounds condition in dn_fib_props[]
See CVE-2007-2172
* 247_reset-pdeathsig-on-suid.diff
[SECURITY] Fix potential privilege escalation caused by improper
clearing of the child process' pdeath signal.
Thanks to Marcel Holtmann for the patch.
See CVE-2007-3848
* 248_random-reseed-sizeof-fix.diff
[SECURITY] Fix a bug in the random driver reseeding code that reduces
entropy by reseeding a smaller buffer size than expected
See CVE-2007-4311
* 249_openpromfs-signedness-bug.diff
250_openpromfs-checks-1.diff
251_openpromfs-checks-2.diff
252_openpromfs-checks-3.diff
[SECURITY] Fix a number of data checks in openprom code
See CVE-2004-2731
* 253_coredump-only-to-same-uid.diff
[SECURITY] Fix an issue where core dumping over a file that
already exists retains the ownership of the original file
See CVE-2007-6206
* 254_cramfs-check-block-length.diff
[SECURITY] Add a sanity check of the block length in cramfs_readpage to
avoid a potential oops condition
See CVE-2006-5823
* 255_pppoe-socket-release-mem-leak.diff
[SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
after connect but before PPPIOCGCHAN ioctl is called upon it
See CVE-2007-2525
* 256_i4l-isdn_ioctl-mem-overrun.diff
[SECURITY] Fix potential isdn ioctl memory overrun
See CVE-2007-6151
* 257_isdn-net-overflow.diff
[SECURITY] Fix potential overflows in the ISDN subsystem
See CVE-2007-6063
* 258_ext2_readdir-f_pos-fix.diff,
259_ext2_readdir-infinite-loop.diff,
260_ext2-skip-pages-past-num-blocks.diff
[SECURITY] Add some sanity checking for a corrupted i_size in
ext2_find_entry()
See CVE-2006-6054
* 261_listxattr-mem-corruption.diff
[SECURITY] Fix userspace corruption vulnerability caused by
incorrectly promoted return values in bad_inode_ops
This patches changes the kernel ABI.
See CVE-2006-5753
* 262_aacraid-ioctl-perm-check.diff
[SECURITY] Require admin capabilities to issue ioctls to aacraid devices
See CVE-2007-4308
* 263_usb-pwc-disconnect-block.diff
[SECURITY] Fix issue with unplugging webcams that use the pwc driver.
If userspace still has the device open it can result, the driver would
wait for the device to close, blocking the USB subsystem.
See CVE-2007-5093
* 264_mmap-VM_DONTEXPAND.diff
[SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
a fault handler but do not bounds check the offset argument
See CVE-2008-0007
* 265_powerpc-chrp-null-deref.diff
[SECURITY][powerpc] Fix NULL pointer dereference if get_property
fails on the subarchitecture
See CVE-2007-6694
* Build against kernel-tree-2.6.8-17sarge1:
* compat_sys_mount-NULL-data_page.dpatch
[SECURITY] Fix oops in compat_sys_mount triggered by NULL data_page
See CVE-2006-7203
* pppoe-socket-release-mem-leak.dpatch
[SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
after connect but before PPPIOCGCHAN ioctl is called upon it
See CVE-2007-2525
* dn_fib-out-of-bounds.dpatch, ipv4-fib_props-out-of-bounds.dpatch
[SECURITY] Fix out of bounds condition in dn_fib_props[]
See CVE-2007-2172
* aacraid-ioctl-perm-check.dpatch
[SECURITY] Require admin capabilities to issue ioctls to aacraid devices
See CVE-2007-4308
* reset-pdeathsig-on-suid.dpatch
[SECURITY] Fix potential privilege escalation caused by improper
clearing of the child process' pdeath signal.
See CVE-2007-3848
* bluetooth-l2cap-hci-info-leaks.dpatch
[SECURITY] Fix information leaks in setsockopt() implementations
See CVE-2007-1353
* coredump-only-to-same-uid.dpatch
[SECURITY] Fix an issue where core dumping over a file that
already exists retains the ownership of the original file
See CVE-2007-6206
* i4l-isdn_ioctl-mem-overrun.dpatch
[SECURITY] Fix potential isdn ioctl memory overrun
See CVE-2007-6151
* cramfs-check-block-length.dpatch
[SECURITY] Add a sanity check of the block length in cramfs_readpage to
avoid a potential oops condition
See CVE-2006-5823
* ext2-skip-pages-past-num-blocks.dpatch
[SECURITY] Add some sanity checking for a corrupted i_size in
ext2_find_entry()
See CVE-2006-6054
* minixfs-printk-hang.dpatch
[SECURITY] Rate-limit printks caused by accessing a corrupted minixfs
filesystem that would otherwise cause a system to hang (printk storm)
See CVE-2006-6058
* isdn-net-overflow.dpatch
[SECURITY] Fix potential overflows in the ISDN subsystem
See CVE-2007-6063
* prevent-stack-growth-into-hugetlb-region.dpatch
[SECURITY] Prevent OOPS during stack expansion when the VMA crosses
into address space reserved for hugetlb pages.
See CVE-2007-3739
* cifs-honor-umask.dpatch
[SECURITY] Make CIFS honor a process' umask
See CVE-2007-3740
* hugetlb-prio_tree-unit-fix.dpatch
[SECURITY] Fix misconversion of hugetlb_vmtruncate_list to prio_tree
which could be used to trigger a BUG_ON() call in exit_mmap.
See CVE-2007-4133
* amd64-zero-extend-32bit-ptrace.dpatch
[SECURITY] Zero extend all registers after ptrace in 32-bit entry path.
See CVE-2007-4573
* usb-pwc-disconnect-block.dpatch
[SECURITY] Fix issue with unplugging webcams that use the pwc driver.
If userspace still has the device open it can result, the driver would
wait for the device to close, blocking the USB subsystem.
See CVE-2007-5093
* powerpc-chrp-null-deref.dpatch
[SECURITY][powerpc] Fix NULL pointer dereference if get_property
fails on the subarchitecture
See CVE-2007-6694
* random-bound-check-ordering.dpatch
[SECURITY] Fix stack-based buffer overflow in the random number
generator
See CVE-2007-3105
* mmap-VM_DONTEXPAND.dpatch
[SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
a fault handler but do not bounds check the offset argument
See CVE-2008-0007
Files:
fd5cf0a4b08aadf72cedb8029390fdeb 621 admin extra fai-kernels_1.9.1sarge8.dsc
ee1ef40c64f09bcdc25d9c9b7ea325e0 32434 admin extra fai-kernels_1.9.1sarge8.tar.gz
5c06b0a78b203b2032aa327839fa9795 12010766 admin extra fai-kernels_1.9.1sarge8_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHvN6thuANDBmkLRkRApWYAJ9fbtYS1ngh+ZtNZx6IfTE4kJqT8ACgltIF
hMXrbUO7I3/9iGNgor28Jv8=
=SX6i
-----END PGP SIGNATURE-----
Accepted:
fai-kernels_1.9.1sarge8.dsc
to pool/main/f/fai-kernels/fai-kernels_1.9.1sarge8.dsc
fai-kernels_1.9.1sarge8.tar.gz
to pool/main/f/fai-kernels/fai-kernels_1.9.1sarge8.tar.gz
fai-kernels_1.9.1sarge8_i386.deb
to pool/main/f/fai-kernels/fai-kernels_1.9.1sarge8_i386.deb
