-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 18 Feb 2008 04:27:46 -0700 Source: kernel-image-2.4.27-m68k Binary: kernel-image-2.4.27-sun3 kernel-image-2.4.27-atari kernel-image-2.4.27-q40 kernel-image-2.4.27-sun3x kernel-image-2.4.27-amiga kernel-image-2.4.27-mvme16x kernel-image-2.4.27-mac kernel-image-2.4.27-mvme147 kernel-image-2.4.27-bvme6000 Architecture: source m68k Version: 2.4.27-3sarge6 Distribution: oldstable-security Urgency: high Maintainer: Christian T. Steigies <cts@debian.org> Changed-By: dann frazier <dannf@debian.org> Description: kernel-image-2.4.27-amiga - Linux kernel image for Amiga computers kernel-image-2.4.27-atari - Linux kernel image for Atari computers kernel-image-2.4.27-bvme6000 - Linux kernel image for BVM BVME4000 and BVME6000 SBCs. kernel-image-2.4.27-mac - Linux kernel image for Macintosh computers kernel-image-2.4.27-mvme147 - Linux kernel image for Motorola MVME147 SBCs. kernel-image-2.4.27-mvme16x - Linux kernel image for Motorola MVME162/6/7, MVME172/7 SBCs. kernel-image-2.4.27-q40 - Linux kernel image for Q40 and Q60 computers Changes: kernel-image-2.4.27-m68k (2.4.27-3sarge6) oldstable-security; urgency=high . * Build against kernel-tree-2.4.27-10sarge6: * 239_mincore-hang.diff [SECURITY] Fix a potential deadlock in mincore See CVE-2006-4814 * [ERRATA] 240_smbfs-honor-mount-opts-2.diff Fix some regressions with respect to file types (e.g., symlinks) introduced by the fix for CVE-2006-5871 in 2.4.27-10sarge5 * 241_bluetooth-capi-size-checks.diff [SECURITY] Add additional length checks to avoid potential remote DoS attacks in the handling of CAPI messages in the bluetooth driver See CVE-2006-6106 * 242_ext3-fsfuzz.diff [SECURITY] Fix a DoS vulnerability that can be triggered by a local user with the ability to mount a corrupted ext3 filesystem See CVE-2006-6053 * 243_ipv6_fl_socklist-no-share.diff [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing ipv6_fl_socklist between the listening socket and the socket created for connection. See CVE-2007-1592 * 244_bluetooth-l2cap-hci-info-leaks.diff 245_bluetooth-l2cap-hci-info-leaks-2.diff [SECURITY] Fix information leaks in setsockopt() implementations See CVE-2007-1353 * 246_dn_fib-out-of-bounds.diff 266_ipv4-fib_props-out-of-bounds.diff 267_ipv4-fib_props-out-of-bounds-2.diff [SECURITY] Fix out of bounds condition in dn_fib_props[] See CVE-2007-2172 * 247_reset-pdeathsig-on-suid.diff [SECURITY] Fix potential privilege escalation caused by improper clearing of the child process' pdeath signal. Thanks to Marcel Holtmann for the patch. See CVE-2007-3848 * 248_random-reseed-sizeof-fix.diff [SECURITY] Fix a bug in the random driver reseeding code that reduces entropy by reseeding a smaller buffer size than expected See CVE-2007-4311 * 249_openpromfs-signedness-bug.diff 250_openpromfs-checks-1.diff 251_openpromfs-checks-2.diff 252_openpromfs-checks-3.diff [SECURITY] Fix a number of data checks in openprom code See CVE-2004-2731 * 253_coredump-only-to-same-uid.diff [SECURITY] Fix an issue where core dumping over a file that already exists retains the ownership of the original file See CVE-2007-6206 * 254_cramfs-check-block-length.diff [SECURITY] Add a sanity check of the block length in cramfs_readpage to avoid a potential oops condition See CVE-2006-5823 * 255_pppoe-socket-release-mem-leak.diff [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released after connect but before PPPIOCGCHAN ioctl is called upon it See CVE-2007-2525 * 256_i4l-isdn_ioctl-mem-overrun.diff [SECURITY] Fix potential isdn ioctl memory overrun See CVE-2007-6151 * 257_isdn-net-overflow.diff [SECURITY] Fix potential overflows in the ISDN subsystem See CVE-2007-6063 * 258_ext2_readdir-f_pos-fix.diff, 259_ext2_readdir-infinite-loop.diff, 260_ext2-skip-pages-past-num-blocks.diff [SECURITY] Add some sanity checking for a corrupted i_size in ext2_find_entry() See CVE-2006-6054 * 261_listxattr-mem-corruption.diff [SECURITY] Fix userspace corruption vulnerability caused by incorrectly promoted return values in bad_inode_ops This patches changes the kernel ABI. See CVE-2006-5753 * 262_aacraid-ioctl-perm-check.diff [SECURITY] Require admin capabilities to issue ioctls to aacraid devices See CVE-2007-4308 * 263_usb-pwc-disconnect-block.diff [SECURITY] Fix issue with unplugging webcams that use the pwc driver. If userspace still has the device open it can result, the driver would wait for the device to close, blocking the USB subsystem. See CVE-2007-5093 * 264_mmap-VM_DONTEXPAND.diff [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register a fault handler but do not bounds check the offset argument See CVE-2008-0007 * 265_powerpc-chrp-null-deref.diff [SECURITY][powerpc] Fix NULL pointer dereference if get_property fails on the subarchitecture See CVE-2007-6694 Files: 1a7aac50d25494a39a12da08d10c9139 876 devel optional kernel-image-2.4.27-m68k_2.4.27-3sarge6.dsc 50eac91503e4d951e8c555470526c56d 14303 devel optional kernel-image-2.4.27-m68k_2.4.27-3sarge6.tar.gz ebf015a5cde926e2203d59ca336859e7 2636312 base optional kernel-image-2.4.27-amiga_2.4.27-3sarge6_m68k.deb 334a1c3125131e8844fb5de91fff3dd9 2543642 base optional kernel-image-2.4.27-atari_2.4.27-3sarge6_m68k.deb 73a3bbff4db6f767123d09be3656f6ff 2394638 base optional kernel-image-2.4.27-bvme6000_2.4.27-3sarge6_m68k.deb 5876a64c1242781d5f15351b3fe8f180 2476770 base optional kernel-image-2.4.27-mac_2.4.27-3sarge6_m68k.deb 164b52f450e86d51b99bd8647fefed2d 2323460 base optional kernel-image-2.4.27-mvme147_2.4.27-3sarge6_m68k.deb 017278dac5baccad9a4b779d1863bf0f 2395372 base optional kernel-image-2.4.27-mvme16x_2.4.27-3sarge6_m68k.deb f5528d8ff99980a0f9bf3c8e8fc9e06c 2260822 base optional kernel-image-2.4.27-q40_2.4.27-3sarge6_m68k.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHvN4ShuANDBmkLRkRAkczAJ9uESkixyflzbg8Dx3iSYcoTbWkagCeMMPE OhGq9Ie2JLCcOof/7qe5GaE= =99hD -----END PGP SIGNATURE----- Accepted: kernel-image-2.4.27-amiga_2.4.27-3sarge6_m68k.deb to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-amiga_2.4.27-3sarge6_m68k.deb kernel-image-2.4.27-atari_2.4.27-3sarge6_m68k.deb to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-atari_2.4.27-3sarge6_m68k.deb kernel-image-2.4.27-bvme6000_2.4.27-3sarge6_m68k.deb to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-bvme6000_2.4.27-3sarge6_m68k.deb kernel-image-2.4.27-m68k_2.4.27-3sarge6.dsc to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge6.dsc kernel-image-2.4.27-m68k_2.4.27-3sarge6.tar.gz to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge6.tar.gz kernel-image-2.4.27-mac_2.4.27-3sarge6_m68k.deb to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mac_2.4.27-3sarge6_m68k.deb kernel-image-2.4.27-mvme147_2.4.27-3sarge6_m68k.deb to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme147_2.4.27-3sarge6_m68k.deb kernel-image-2.4.27-mvme16x_2.4.27-3sarge6_m68k.deb to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme16x_2.4.27-3sarge6_m68k.deb kernel-image-2.4.27-q40_2.4.27-3sarge6_m68k.deb to pool/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-q40_2.4.27-3sarge6_m68k.deb