-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 17 Feb 2008 16:21:39 -0700
Source: kernel-source-2.4.27
Binary: kernel-tree-2.4.27 kernel-source-2.4.27 kernel-patch-debian-2.4.27 kernel-doc-2.4.27
Architecture: source all
Version: 2.4.27-10sarge6
Distribution: oldstable-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: dann frazier <dannf@debian.org>
Description:
kernel-doc-2.4.27 - Linux kernel specific documentation for version 2.4.27
kernel-patch-debian-2.4.27 - Debian patches to Linux 2.4.27
kernel-source-2.4.27 - Linux kernel source for version 2.4.27 with Debian patches
kernel-tree-2.4.27 - Linux kernel source tree for building Debian kernel images
Changes:
kernel-source-2.4.27 (2.4.27-10sarge6) oldstable-security; urgency=high
.
* 239_mincore-hang.diff
[SECURITY] Fix a potential deadlock in mincore
See CVE-2006-4814
* [ERRATA] 240_smbfs-honor-mount-opts-2.diff
Fix some regressions with respect to file types (e.g., symlinks)
introduced by the fix for CVE-2006-5871 in 2.4.27-10sarge5
* 241_bluetooth-capi-size-checks.diff
[SECURITY] Add additional length checks to avoid potential remote
DoS attacks in the handling of CAPI messages in the bluetooth driver
See CVE-2006-6106
* 242_ext3-fsfuzz.diff
[SECURITY] Fix a DoS vulnerability that can be triggered by a local
user with the ability to mount a corrupted ext3 filesystem
See CVE-2006-6053
* 243_ipv6_fl_socklist-no-share.diff
[SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
ipv6_fl_socklist between the listening socket and the socket created
for connection.
See CVE-2007-1592
* 244_bluetooth-l2cap-hci-info-leaks.diff
245_bluetooth-l2cap-hci-info-leaks-2.diff
[SECURITY] Fix information leaks in setsockopt() implementations
See CVE-2007-1353
* 246_dn_fib-out-of-bounds.diff
266_ipv4-fib_props-out-of-bounds.diff
267_ipv4-fib_props-out-of-bounds-2.diff
[SECURITY] Fix out of bounds condition in dn_fib_props[]
See CVE-2007-2172
* 247_reset-pdeathsig-on-suid.diff
[SECURITY] Fix potential privilege escalation caused by improper
clearing of the child process' pdeath signal.
Thanks to Marcel Holtmann for the patch.
See CVE-2007-3848
* 248_random-reseed-sizeof-fix.diff
[SECURITY] Fix a bug in the random driver reseeding code that reduces
entropy by reseeding a smaller buffer size than expected
See CVE-2007-4311
* 249_openpromfs-signedness-bug.diff
250_openpromfs-checks-1.diff
251_openpromfs-checks-2.diff
252_openpromfs-checks-3.diff
[SECURITY] Fix a number of data checks in openprom code
See CVE-2004-2731
* 253_coredump-only-to-same-uid.diff
[SECURITY] Fix an issue where core dumping over a file that
already exists retains the ownership of the original file
See CVE-2007-6206
* 254_cramfs-check-block-length.diff
[SECURITY] Add a sanity check of the block length in cramfs_readpage to
avoid a potential oops condition
See CVE-2006-5823
* 255_pppoe-socket-release-mem-leak.diff
[SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
after connect but before PPPIOCGCHAN ioctl is called upon it
See CVE-2007-2525
* 256_i4l-isdn_ioctl-mem-overrun.diff
[SECURITY] Fix potential isdn ioctl memory overrun
See CVE-2007-6151
* 257_isdn-net-overflow.diff
[SECURITY] Fix potential overflows in the ISDN subsystem
See CVE-2007-6063
* 258_ext2_readdir-f_pos-fix.diff,
259_ext2_readdir-infinite-loop.diff,
260_ext2-skip-pages-past-num-blocks.diff
[SECURITY] Add some sanity checking for a corrupted i_size in
ext2_find_entry()
See CVE-2006-6054
* 261_listxattr-mem-corruption.diff
[SECURITY] Fix userspace corruption vulnerability caused by
incorrectly promoted return values in bad_inode_ops
This patches changes the kernel ABI.
See CVE-2006-5753
* 262_aacraid-ioctl-perm-check.diff
[SECURITY] Require admin capabilities to issue ioctls to aacraid devices
See CVE-2007-4308
* 263_usb-pwc-disconnect-block.diff
[SECURITY] Fix issue with unplugging webcams that use the pwc driver.
If userspace still has the device open it can result, the driver would
wait for the device to close, blocking the USB subsystem.
See CVE-2007-5093
* 264_mmap-VM_DONTEXPAND.diff
[SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
a fault handler but do not bounds check the offset argument
See CVE-2008-0007
* 265_powerpc-chrp-null-deref.diff
[SECURITY][powerpc] Fix NULL pointer dereference if get_property
fails on the subarchitecture
See CVE-2007-6694
Files:
cacb4fcef0ee57a53ba0efbfcae9d3cf 900 devel optional kernel-source-2.4.27_2.4.27-10sarge6.dsc
57cbeb3a0d58f27c5491ea92ae8760dc 783802 devel optional kernel-source-2.4.27_2.4.27-10sarge6.diff.gz
ea5d65d5f1c650e0b9d7db4373df65b4 752214 devel optional kernel-patch-debian-2.4.27_2.4.27-10sarge6_all.deb
333eed9fc4f7de67d8d348b4437e212d 3590114 doc optional kernel-doc-2.4.27_2.4.27-10sarge6_all.deb
d8e3315c288f5550386686d4f56b945b 31485082 devel optional kernel-source-2.4.27_2.4.27-10sarge6_all.deb
2f946b48d7784fd66e1833972999b091 28966 devel optional kernel-tree-2.4.27_2.4.27-10sarge6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHvMbjhuANDBmkLRkRAqEjAJ9Ndiyzn2asXtGHPGsUVC/HMpdH7wCfThf4
0OQbOW2wlL13Zt6Ou+r2cnU=
=LoaU
-----END PGP SIGNATURE-----
Accepted:
kernel-doc-2.4.27_2.4.27-10sarge6_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-10sarge6_all.deb
kernel-patch-debian-2.4.27_2.4.27-10sarge6_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-10sarge6_all.deb
kernel-source-2.4.27_2.4.27-10sarge6.diff.gz
to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge6.diff.gz
kernel-source-2.4.27_2.4.27-10sarge6.dsc
to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge6.dsc
kernel-source-2.4.27_2.4.27-10sarge6_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge6_all.deb
kernel-tree-2.4.27_2.4.27-10sarge6_all.deb
to pool/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-10sarge6_all.deb
