-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 06 May 2009 16:19:13 -0600 Source: user-mode-linux Binary: user-mode-linux Architecture: source i386 Version: 2.6.18-1um-2etch.24etch2 Distribution: oldstable-security Urgency: high Maintainer: User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org> Changed-By: dann frazier <dannf@debian.org> Description: user-mode-linux - User-mode Linux (kernel) Changes: user-mode-linux (2.6.18-1um-2etch.24etch2) oldstable-security; urgency=high . * Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-24etch2: * Fix buffer underflow in the ib700wdt watchdog driver: - bugfix/all/watchdog-ib700wdt-buffer_underflow.patch See CVE-2008-5702 * nfs: Fix fcntl/close race - bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch See CVE-2008-4307 * sctp: fix memory overflow - bugfix/all/sctp-avoid-memory-overflow.patch See CVE-2009-0065 * Fix sign-extend ABI issue w/ system calls on various 64-bit architectures - bugfix/all/CVE-2009-0029/* See CVE-2009-0029 * security: introduce missing kfree - bugfix/all/security-keyctl-missing-kfree.patch See CVE-2009-0031 * dell_rbu: use scnprintf instead of less secure sprintf - bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch See CVE-2009-0322 * [hppa] Fix system crash while unwinding a userspace process - bugfix/hppa/userspace-unwind-crash.patch See CVE-2008-5395 * NET: Add preemption point in qdisc_run - bugfix/all/net-add-preempt-point-in-qdisc_run.patch See CVE-2008-5713 * [mips] Fix potential DOS by untrusted user app - bugfix/mips/fix-potential-dos.patch See CVE-2008-5701 * Fix sensitive memory leak in SO_BSDCOMPAT gsopt - bugfix/all/net-SO_BSDCOMPAT-leak.patch - bugfix/all/net-SO_BSDCOMPAT-leak-2.patch See CVE-2009-0676 * skfp: Fix inverted capabilities check logic - bugfix/all/skfp-fix-inverted-cap-logic.patch See CVE-2009-0675 * [amd64] syscall-audit: fix 32/64 syscall hole - bugfix/syscall-audit-fix-32+64-syscall-hole.patch See CVE-2009-0834 * shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM This issue does not effect pre-build Debian kernels. - bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch See CVE-2009-0859 * copy_process: fix CLONE_PARENT && parent_exec_id interaction - bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch See CVE-2009-0028 * af_rose/x25: Sanity check the maximum user frame size - bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch See CVE-2009-1265 * NFS: fix an oops in encode_lookup() - bugfix/all/nfs-fix-oops-in-encode_lookup.patch See CVE-2009-1336 * exit_notify: kill the wrong capable(CAP_KILL) check - bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch See CVE-2009-1337 * agp: zero pages before sending to userspace - bugfix/all/agp-zero-pages-before-sending-to-userspace.patch See CVE-2009-1192 * cifs: Fix memory overwrite when saving nativeFileSystem field during mount - bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch - bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch - bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch See CVE-2009-1439 * Fix mips FTBFS due to a missed rename of the mips-specific sys_pipe symbol. Files: 68d98e1c77c46035a49ff30831b6dde9 892 misc extra user-mode-linux_2.6.18-1um-2etch.24etch2.dsc 9fe6e2b6513767676fb005a00cbb71f6 20663 misc extra user-mode-linux_2.6.18-1um-2etch.24etch2.diff.gz a43ee679786a92ff8600c6a8e7fb036c 25602218 misc extra user-mode-linux_2.6.18-1um-2etch.24etch2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKAhbDhuANDBmkLRkRAvAeAJ410ehKxwxJvzN7xtnngWyuRwcsagCffUSW 3+ETuyZcu+ABX087NDx7j/Q= =EdGC -----END PGP SIGNATURE----- Accepted: user-mode-linux_2.6.18-1um-2etch.24etch2.diff.gz to pool/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch2.diff.gz user-mode-linux_2.6.18-1um-2etch.24etch2.dsc to pool/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch2.dsc user-mode-linux_2.6.18-1um-2etch.24etch2_i386.deb to pool/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch2_i386.deb