-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 18 Feb 2008 04:25:26 -0700 Source: kernel-image-2.4.27-arm Binary: kernel-headers-2.4.27 kernel-build-2.4.27 kernel-image-2.4.27-bast kernel-image-2.4.27-riscstation kernel-image-2.4.27-riscpc kernel-image-2.4.27-netwinder kernel-image-2.4.27-lart Architecture: source arm Version: 2.4.27-2sarge6 Distribution: oldstable-security Urgency: high Maintainer: Vincent Sanders <vince@debian.org> Changed-By: dann frazier <dannf@debian.org> Description: kernel-build-2.4.27 - Headers for building modules for Linux 2.4.27 kernel-headers-2.4.27 - Header files related to Linux kernel version 2.4.27 kernel-image-2.4.27-bast - Linux kernel image for version 2.4.27 for Bast. kernel-image-2.4.27-lart - Linux kernel image for version 2.4.27 for LART. kernel-image-2.4.27-netwinder - Linux kernel image for version 2.4.27 for Netwinder. kernel-image-2.4.27-riscpc - Linux kernel image for version 2.4.27 for RiscPC. kernel-image-2.4.27-riscstation - Linux kernel image for version 2.4.27 for Riscstations. Changes: kernel-image-2.4.27-arm (2.4.27-2sarge6) oldstable-security; urgency=high . * Build against kernel-tree-2.4.27-10sarge6: * 239_mincore-hang.diff [SECURITY] Fix a potential deadlock in mincore See CVE-2006-4814 * [ERRATA] 240_smbfs-honor-mount-opts-2.diff Fix some regressions with respect to file types (e.g., symlinks) introduced by the fix for CVE-2006-5871 in 2.4.27-10sarge5 * 241_bluetooth-capi-size-checks.diff [SECURITY] Add additional length checks to avoid potential remote DoS attacks in the handling of CAPI messages in the bluetooth driver See CVE-2006-6106 * 242_ext3-fsfuzz.diff [SECURITY] Fix a DoS vulnerability that can be triggered by a local user with the ability to mount a corrupted ext3 filesystem See CVE-2006-6053 * 243_ipv6_fl_socklist-no-share.diff [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing ipv6_fl_socklist between the listening socket and the socket created for connection. See CVE-2007-1592 * 244_bluetooth-l2cap-hci-info-leaks.diff 245_bluetooth-l2cap-hci-info-leaks-2.diff [SECURITY] Fix information leaks in setsockopt() implementations See CVE-2007-1353 * 246_dn_fib-out-of-bounds.diff 266_ipv4-fib_props-out-of-bounds.diff 267_ipv4-fib_props-out-of-bounds-2.diff [SECURITY] Fix out of bounds condition in dn_fib_props[] See CVE-2007-2172 * 247_reset-pdeathsig-on-suid.diff [SECURITY] Fix potential privilege escalation caused by improper clearing of the child process' pdeath signal. Thanks to Marcel Holtmann for the patch. See CVE-2007-3848 * 248_random-reseed-sizeof-fix.diff [SECURITY] Fix a bug in the random driver reseeding code that reduces entropy by reseeding a smaller buffer size than expected See CVE-2007-4311 * 249_openpromfs-signedness-bug.diff 250_openpromfs-checks-1.diff 251_openpromfs-checks-2.diff 252_openpromfs-checks-3.diff [SECURITY] Fix a number of data checks in openprom code See CVE-2004-2731 * 253_coredump-only-to-same-uid.diff [SECURITY] Fix an issue where core dumping over a file that already exists retains the ownership of the original file See CVE-2007-6206 * 254_cramfs-check-block-length.diff [SECURITY] Add a sanity check of the block length in cramfs_readpage to avoid a potential oops condition See CVE-2006-5823 * 255_pppoe-socket-release-mem-leak.diff [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released after connect but before PPPIOCGCHAN ioctl is called upon it See CVE-2007-2525 * 256_i4l-isdn_ioctl-mem-overrun.diff [SECURITY] Fix potential isdn ioctl memory overrun See CVE-2007-6151 * 257_isdn-net-overflow.diff [SECURITY] Fix potential overflows in the ISDN subsystem See CVE-2007-6063 * 258_ext2_readdir-f_pos-fix.diff, 259_ext2_readdir-infinite-loop.diff, 260_ext2-skip-pages-past-num-blocks.diff [SECURITY] Add some sanity checking for a corrupted i_size in ext2_find_entry() See CVE-2006-6054 * 261_listxattr-mem-corruption.diff [SECURITY] Fix userspace corruption vulnerability caused by incorrectly promoted return values in bad_inode_ops This patches changes the kernel ABI. See CVE-2006-5753 * 262_aacraid-ioctl-perm-check.diff [SECURITY] Require admin capabilities to issue ioctls to aacraid devices See CVE-2007-4308 * 263_usb-pwc-disconnect-block.diff [SECURITY] Fix issue with unplugging webcams that use the pwc driver. If userspace still has the device open it can result, the driver would wait for the device to close, blocking the USB subsystem. See CVE-2007-5093 * 264_mmap-VM_DONTEXPAND.diff [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register a fault handler but do not bounds check the offset argument See CVE-2008-0007 * 265_powerpc-chrp-null-deref.diff [SECURITY][powerpc] Fix NULL pointer dereference if get_property fails on the subarchitecture See CVE-2007-6694 Files: 09f407768d0a85fa121f68595bf6d9da 839 devel optional kernel-image-2.4.27-arm_2.4.27-2sarge6.dsc dcdb061379c1e912712be472ef423a2e 37326 devel optional kernel-image-2.4.27-arm_2.4.27-2sarge6.tar.gz 305dbb3ab1d46dbeac5aeb1db685853e 4728038 devel optional kernel-headers-2.4.27_2.4.27-2sarge6_arm.deb ec852f94b459dec72e9e776d7b7babdf 3693056 base optional kernel-image-2.4.27-riscstation_2.4.27-2sarge6_arm.deb af8a1eb0a1eab58c562f639343ee5101 1698658 base optional kernel-image-2.4.27-bast_2.4.27-2sarge6_arm.deb 1d96d07f4b98258c48e37a3ce3fb9816 7379444 base optional kernel-image-2.4.27-netwinder_2.4.27-2sarge6_arm.deb a7539fe4daefea79532eda6846e92382 3168914 base optional kernel-image-2.4.27-riscpc_2.4.27-2sarge6_arm.deb fdac028111ef3d2a5bf226e21d74b394 1062484 base optional kernel-image-2.4.27-lart_2.4.27-2sarge6_arm.deb 106d72fdc046ad8ab48bf45aff7319da 484774 devel optional kernel-build-2.4.27_2.4.27-2sarge6_arm.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHvNFFhuANDBmkLRkRAutGAJ4nTaajBtd0ySYfTonvuB7wtP3jSwCdGnVM GJnB4g9RIPyUCfsUwcXx53I= =qZUQ -----END PGP SIGNATURE----- Accepted: kernel-build-2.4.27_2.4.27-2sarge6_arm.deb to pool/main/k/kernel-image-2.4.27-arm/kernel-build-2.4.27_2.4.27-2sarge6_arm.deb kernel-headers-2.4.27_2.4.27-2sarge6_arm.deb to pool/main/k/kernel-image-2.4.27-arm/kernel-headers-2.4.27_2.4.27-2sarge6_arm.deb kernel-image-2.4.27-arm_2.4.27-2sarge6.dsc to pool/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge6.dsc kernel-image-2.4.27-arm_2.4.27-2sarge6.tar.gz to pool/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge6.tar.gz kernel-image-2.4.27-bast_2.4.27-2sarge6_arm.deb to pool/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-bast_2.4.27-2sarge6_arm.deb kernel-image-2.4.27-lart_2.4.27-2sarge6_arm.deb to pool/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-lart_2.4.27-2sarge6_arm.deb kernel-image-2.4.27-netwinder_2.4.27-2sarge6_arm.deb to pool/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-netwinder_2.4.27-2sarge6_arm.deb kernel-image-2.4.27-riscpc_2.4.27-2sarge6_arm.deb to pool/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscpc_2.4.27-2sarge6_arm.deb kernel-image-2.4.27-riscstation_2.4.27-2sarge6_arm.deb to pool/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscstation_2.4.27-2sarge6_arm.deb