-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 13 Sep 2006 13:10:56 -0600 Source: kernel-image-2.6.8-m68k Binary: kernel-image-2.6.8-sun3x kernel-image-2.6.8-bvme6000 kernel-image-2.6.8-q40 kernel-image-2.6.8-atari kernel-image-2.6.8-mvme147 kernel-image-2.6.8-amiga kernel-image-2.6.8-sun3 kernel-image-2.6.8-mac kernel-image-2.6.8-hp kernel-image-2.6.8-mvme16x Architecture: source m68k Version: 2.6.8-4sarge5 Distribution: stable-security Urgency: high Maintainer: Christian T. Steigies <cts@debian.org> Changed-By: dann frazier <dannf@debian.org> Description: kernel-image-2.6.8-amiga - Linux kernel image for Amiga computers kernel-image-2.6.8-atari - Linux kernel image for Atari computers kernel-image-2.6.8-bvme6000 - Linux kernel image for BVM BVME4000 and BVME6000 SBCs. kernel-image-2.6.8-hp - Linux kernel image for hp computers kernel-image-2.6.8-mac - Linux kernel image for Macintosh computers kernel-image-2.6.8-mvme147 - Linux kernel image for Motorola MVME147 SBCs. kernel-image-2.6.8-mvme16x - Linux kernel image for Motorola MVME162/6/7, MVME172/7 SBCs. kernel-image-2.6.8-q40 - Linux kernel image for Q40 and Q60 computers kernel-image-2.6.8-sun3 - Linux kernel image for sun3 computers Changes: kernel-image-2.6.8-m68k (2.6.8-4sarge5) stable-security; urgency=high . * Build against kernel-tree-2.6.8-16sarge5: * [ERRATA] madvise_remove-restrict.dpatch [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.6.8 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * fs-ext3-bad-nfs-handle.dpatch [SECURITY] James McKenzie discovered a Denial of Service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. See CVE-2006-3468 * direct-io-write-mem-leak.dpatch [SECURITY] Fix memory leak in O_DIRECT write. See CVE-2004-2660 * nfs-handle-long-symlinks.dpatch [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * cdrom-bad-cgc.buflen-assign.dpatch [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * usb-serial-ftdi_sio-dos.patch [SECURITY] fix userspace DoS in ftdi_sio driver See CVE-2006-2936 * selinux-tracer-SID-fix.dpatch [SECURITY] Fix vulnerability in selinux_ptrace that prevents local users from changing the tracer SID to the SID of another process See CVE-2006-1052 * netfilter-SO_ORIGINAL_DST-leak.dpatch [SECURITY] Fix information leak in SO_ORIGINAL_DST See CVE-2006-1343 * sg-no-mmap-VM_IO.dpatch [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * exit-bogus-bugon.dpatch [SECURITY] Remove bogus BUG() in exit.c which could be maliciously triggered by a local user See CVE-2006-1855 * readv-writev-missing-lsm-check.dpatch, readv-writev-missing-lsm-check-compat.dpatch [SECURITY] Add missing file_permission callback in readv/writev syscalls See CVE-2006-1856 * snmp-nat-mem-corruption-fix.dpatch [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * kfree_skb-race.dpatch [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * hppa-mb-extraneous-semicolon.dpatch, sparc32-mb-extraneous-semicolons.dpatch, sparc64-mb-extraneous-semicolons.dpatch: Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with kfree_skb-race.dpatch * sctp-priv-elevation.dpatch [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * sctp-priv-elevation-2.dpatch [SECURITY] Fix local DoS resulting from sctp-priv-elevation.dpatch See CVE-2006-4535 * ppc-hid0-dos.dpatch [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on PPC970 at boot time See CVE-2006-4093 * udf-deadlock.dpatch [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 Files: 5a64d7ec2a16eeddbecb943b563a00e1 874 devel optional kernel-image-2.6.8-m68k_2.6.8-4sarge5.dsc 31002e1be5f792aaa5a8e3b85b85663e 18371 devel optional kernel-image-2.6.8-m68k_2.6.8-4sarge5.tar.gz 2f49e2b7d119fdff8ec195ac6e9f619a 2995694 base optional kernel-image-2.6.8-sun3_2.6.8-4sarge5_m68k.deb 4265aaca4ba1d14344da0ab7e389b057 3016322 base optional kernel-image-2.6.8-bvme6000_2.6.8-4sarge5_m68k.deb f549bdc0c4425dbf2e4754c71f337681 3104468 base optional kernel-image-2.6.8-atari_2.6.8-4sarge5_m68k.deb a0ec5ab5ef0a2974b2a53cdd3e96ea72 3050078 base optional kernel-image-2.6.8-mvme16x_2.6.8-4sarge5_m68k.deb 768425faa8c9fd6a576b72be587509a3 3175518 base optional kernel-image-2.6.8-mac_2.6.8-4sarge5_m68k.deb 1fcf6d780313788df48c6effd284afa4 3306528 base optional kernel-image-2.6.8-amiga_2.6.8-4sarge5_m68k.deb 79b41b28f663e562d8178edff85ff308 2980276 base optional kernel-image-2.6.8-mvme147_2.6.8-4sarge5_m68k.deb 4d1977a0d5beb7743e19a97d01319233 3110846 base optional kernel-image-2.6.8-q40_2.6.8-4sarge5_m68k.deb a33d9385ec84d450e2cfd8b7c096d877 2988544 base optional kernel-image-2.6.8-hp_2.6.8-4sarge5_m68k.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFDrXrhuANDBmkLRkRAhxtAJ9+88gDH3T0/RYdXSCpQyL2aOOT2gCeOE4z VsgsIai9ov1U42KmQNg0y68= =Q1q0 -----END PGP SIGNATURE----- Accepted: kernel-image-2.6.8-amiga_2.6.8-4sarge5_m68k.deb to pool/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-amiga_2.6.8-4sarge5_m68k.deb kernel-image-2.6.8-atari_2.6.8-4sarge5_m68k.deb to pool/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-atari_2.6.8-4sarge5_m68k.deb kernel-image-2.6.8-bvme6000_2.6.8-4sarge5_m68k.deb to pool/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-bvme6000_2.6.8-4sarge5_m68k.deb kernel-image-2.6.8-hp_2.6.8-4sarge5_m68k.deb to pool/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-hp_2.6.8-4sarge5_m68k.deb kernel-image-2.6.8-m68k_2.6.8-4sarge5.dsc to pool/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge5.dsc kernel-image-2.6.8-m68k_2.6.8-4sarge5.tar.gz to pool/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge5.tar.gz kernel-image-2.6.8-mac_2.6.8-4sarge5_m68k.deb to pool/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mac_2.6.8-4sarge5_m68k.deb kernel-image-2.6.8-mvme147_2.6.8-4sarge5_m68k.deb to pool/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme147_2.6.8-4sarge5_m68k.deb kernel-image-2.6.8-mvme16x_2.6.8-4sarge5_m68k.deb to pool/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme16x_2.6.8-4sarge5_m68k.deb kernel-image-2.6.8-q40_2.6.8-4sarge5_m68k.deb to pool/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-q40_2.6.8-4sarge5_m68k.deb kernel-image-2.6.8-sun3_2.6.8-4sarge5_m68k.deb to pool/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-sun3_2.6.8-4sarge5_m68k.deb