-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 25 Feb 2013 17:04:57 -0700 Source: user-mode-linux Binary: user-mode-linux Architecture: source amd64 Version: 2.6.32-1um-4+48squeeze1 Distribution: stable-security Urgency: low Maintainer: User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org> Changed-By: dann frazier <dannf@debian.org> Description: user-mode-linux - User-mode Linux (kernel) Closes: 698022 Changes: user-mode-linux (2.6.32-1um-4+48squeeze1) stable-security; urgency=low . * Rebuild against linux-source-2.6.32 (2.6.32-48squeeze1): * ptrace: Fix race condition allowing kernel stack corruption (CVE-2013-0871) * xen: pciback: rate limit error message from pciback_enable_msi() (CVE-2013-0231) * [s390] s390/time: fix sched_clock() overflow * Revert "time: Avoid making adjustments if we haven't accumulated anything" (regression in 2.6.32.60) * exec: Fix accounting of execv*() memory after vfork() * r8169: Fix bugs that can cause an interface to hang (possible fix for: #617220, #642025) - r8169: missing barriers. - r8169: fix unsigned int wraparound with TSO - r8169: remove the obsolete and incorrect AMD workaround * [x86] ALSA: hda_intel: Add device/class IDs for Intel Patsburg, Vortex86MX, VMware, Intel Panther Point and other Intel chips * header: fix broken headers for user space * nfsv4: Fix kernel panic when mounting NFSv4 * hpsa: Backport changes up to Linux 3.2.35 * net: fix route cache rebuilds * Add longterm release 2.6.32.60, including: - netxen: support for GbE port settings - futex: Fix uninterruptible loop due to gate_area - time: Improve sanity checking of timekeeping inputs - eCryptfs: Copy up lower inode attrs after setting lower xattr - eCryptfs: Clear ECRYPTFS_NEW_FILE flag during truncate - bonding: 802.3ad - fix agg_device_up - usbnet: increase URB reference count before usb_unlink_urb - usbnet: don't clear urb->dev in tx_complete - xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink() - nilfs2: fix NULL pointer dereference in nilfs_load_super_block() - ntp: Fix integer overflow when setting time - ext4: check for zero length extent - Bluetooth: add NULL pointer check in HCI - Bluetooth: hci_ldisc: fix NULL-pointer dereference on tty_close - phonet: Check input from user before allocating - netlink: fix races after skb queueing - net: fix a race in sock_queue_err_skb() - net/ethernet: ks8851_mll fix rx frame buffer overflow - NFSv4: Revalidate uid/gid after open - ext3: Fix error handling on inode bitmap corruption - ext4: fix error handling on inode bitmap corruption - SCSI: fix scsi_wait_scan - fuse: fix stat call on 32 bit platforms - udf: Improve table length check to avoid possible overflow - eCryptfs: Properly check for O_RDONLY flag before doing privileged open - mm: Hold a file reference in madvise_remove (CVE-2012-3511) - SCSI: Avoid dangling pointer in scsi_requeue_command() - usbdevfs: Correct amount of data copied to user in processcompl_compat - ext4: don't let i_reserved_meta_blocks go negative - sctp: Fix list corruption resulting from freeing an association on a list - cipso: don't follow a NULL pointer when setsockopt() is called - net/tun: fix ioctl() based info leaks - futex: Test for pi_mutex on fault in futex_wait_requeue_pi() - futex: Fix bug in WARN_ON for NULL q.pi_state - futex: Forbid uaddr == uaddr2 in futex_wait_requeue_pi() - mm: mmu_notifier: fix freed page still mapped in secondary MMU - fuse: verify all ioctl retry iov elements - vfs: missed source of ->f_pos races - compat_sys_{read,write}v() - NFSv3: Ensure that do_proc_get_root() reports errors correctly - Remove user-triggerable BUG from mpol_to_str - udf: Fix data corruption for files in ICB - ext3: Fix fdatasync() for files with only i_size changes - dccp: check ccid before dereferencing - [ia64] Add accept4() syscall - tcp: drop SYN+FIN messages - [x86] amd, xen: Avoid NULL pointer paravirt references - [x86] tls: Off by one limit check - sparc64: Eliminate obsolete __handle_softirq() function - udf: fix retun value on error path in udf_load_logicalvol - epoll: introduce POLLFREE to flush ->signalfd_wqh before kfree() - epoll: ep_unregister_pollwait() can use the freed pwq->whead - Don't limit non-nested epoll paths - epoll: limit paths (CVE-2011-1083) - epoll: clear the tfile_check_list on -ELOOP (CVE-2012-3375) - random: Improve random number generation on non-interactive systems + random: Use arch_get_random_int instead of cycle counter if avail + random: Use arch-specific RNG to initialize the entropy store + random: make 'add_interrupt_randomness()' do something sane + usb: feed USB device information to the /dev/random driver + net: feed /dev/random with the MAC address when registering a device + rtc: wm831x: Feed the write counter into device_add_randomness() + mfd: wm831x: Feed the device UUID into device_add_randomness() + dmi: Feed DMI table to /dev/random driver For the complete list of changes, see: http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.60 and the bug report which this closes: #698022. - [ia64] Revert "pcdp: use early_ioremap/early_iounmap to access pcdp table", which breaks compilation of this driver * [x86] Don't use the EFI reboot method by default * [x86] drm/i915: Attempt to fix watermark setup on 85x (v2) * [x86] isci: Backport changes up to Linux 3.2.35 * [amd64] rtl8192e: Fix transmit on 64-bit architectures * [x86] usbip: Fix loss of isochronous packets that require padding * staging: Fix various log messages that were broken on 64-bit architectures * [x86] xen/x86: don't corrupt %eip when returning from a signal handler * [i386] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. (CVE-2013-0190) * megaraid_sas: Backport changes up to Linux 3.0.56 * kmod: make __request_module() killable (CVE-2012-4398) * net: fix divide by zero in tcp algorithm illinois (CVE-2012-4565) * exec: do not leave bprm->interp on stack (CVE-2012-4530) * exec: use -ELOOP for max recursion depth (CVE-2012-4530) * ext4: Fix max file size and logical block counting of extent format file (CVE-2011-2695) * net: sk_add_backlog() take rmem_alloc into account (CVE-2010-4805) * ipv6: discard overlapping fragment (CVE-2012-4444) * x86/msr: Add capabilities check (CVE-2013-0268) * xen: netback: shutdown the ring if it contains garbage (CVE-2013-0216) * xen: netback: correct netbk_tx_err() to handle wrap around (CVE-2013-0217) * xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS (CVE-2013-0228) * [s390] Enable IUCV special message support. * linux-image: Relax version dependency on linux-base, to simplify testing of bug fixes * [x86] linux-image: Fix minimum version of lilo * [openvz] proc: Fix extreme memory use for /proc/self/mountinfo in container, thanks to Andrew Vagin, Christoph Lechleitner * usb: Fix deadlock in hid_reset when Dell iDRAC is reset * drm: Apply changes deferred from 2.6.32.42+drm33.19: - drm: implement helper functions for scanning lru list - drm/i915: Implement fair lru eviction across both rings. (v2) - drm/i915: Maintain LRU order of inactive objects upon access by CPU (v2) - drm/i915/evict: Ensure we completely cleanup on failure * Add drm changes from 2.6.32.46+drm33.20, 2.6.32.48+drm33.21, 2.6.32.56+drm33.22, 2.6.32.57+drm33.23, 2.6.32.58+drm33.24 including: - drm/radeon/kms: prefer high post dividers in legacy pll algo - drm: mm: fix range restricted allocations (regression in 2.6.32-36) - drm/i915: no lvds quirk for AOpen MP45 * [armel/kirkwood] ahci: Add JMicron 362 device IDs * tcp: Don't change unlocked socket state in tcp_v4_err(). * locks: fix checking of fcntl_setlease argument * sfc: Fix maximum number of TSO segments and minimum TX queue size (CVE-2012-3412) * ath5k: initialize default noise floor * ath5k: use noise calibration from madwifi hal * sky2: Add 'legacy_pme' option for PCI legacy power management (works around regression introduced in 2.6.32-22) * Avoid leap second deadlock and early hrtimer/futex expiration issue * net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (CVE-2012-2136) * dl2k: Clean up rio_ioctl, add missing CAP_NET_ADMIN checks (CVE-2012-2313) * hfsplus: Fix potential buffer overflows (CVE-2012-2319) * hugetlb: fix resv_map leak in error path (CVE-2012-2390) * mm: fix vma_resv_map() NULL pointer (CVE-2012-2390) * cred: copy_process() should clear child->replacement_session_keyring (CVE-2012-2745) * udf: Fix buffer overflow when parsing sparing table (CVE-2012-3400) * rds: set correct msg_namelen (CVE-2012-3430) Checksums-Sha1: 00c1d9ef6bbab9aa372b45c8c6d7cf4c84b53424 2070 user-mode-linux_2.6.32-1um-4+48squeeze1.dsc dfa69d2e992b2bae9ab01fb6592a1697d3d9cf2e 24122 user-mode-linux_2.6.32-1um-4+48squeeze1.diff.gz 9eaf9b6f9ebc206952a7c61056e8da5f8fb3db31 7092310 user-mode-linux_2.6.32-1um-4+48squeeze1_amd64.deb Checksums-Sha256: 09ad98563ba9877f0602518a67e4dd99d906dbd80961daa70579692127c13485 2070 user-mode-linux_2.6.32-1um-4+48squeeze1.dsc be649513a2c1db5cacd1e9f41d3ad6638e28720745b0a5cc83418d1c07c8ea62 24122 user-mode-linux_2.6.32-1um-4+48squeeze1.diff.gz 244aac9a2b7cb37283577be33cb8c494d3518f2a2ba4712d698623865fd06c21 7092310 user-mode-linux_2.6.32-1um-4+48squeeze1_amd64.deb Files: a19622af22ee43bb5315cea11d0f9333 2070 kernel extra user-mode-linux_2.6.32-1um-4+48squeeze1.dsc 6c62a5106313c83b7e3e7f77cd5fbcb2 24122 kernel extra user-mode-linux_2.6.32-1um-4+48squeeze1.diff.gz b3e77129772bbb779aac00030705d8fa 7092310 kernel extra user-mode-linux_2.6.32-1um-4+48squeeze1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJRLDBKAAoJEBv4PF5U/IZAU7kP/3L/WpmUa3cYrhTnzE4K9In8 ireUgRMxEoXobX1955iSVNYv5DgTrCz6Sn7MqCEXlEm5kGBMJLE9IgbE/+4dse+V 1Is0sDQ3uXyPmH1FlXzaNHoUf8OYY6yj1kY52zoNclZRlTImTWY4q3XawkPjA6xC B46PgBN53tJgFxulG7jkRuykPXdSxrvjQAgtVvvnQJKVNkTpcozh9ux3IYN7HNrw 1eNFMRv1D+36udR2tPiEN/uRGv4U8Zk8RXs0fTZCdP7Eftcs7vkloT+Fc/XbYuL0 5ur3+4+WlELbAuKa+MBUCIKJrLxVQWDB6R0AiP40YZsROtV8zTGSPFrPEcv1UzY0 Flvet+6g8hUGRHvAwZ6Y4firO8r3PLilYJiM47S7NMoRB4Wcjpy34K25JWkqlGb+ 18UwTpnu5uRODBWpEGlGp5LrEaLRClsHkoXM8W4u+dAL806EzDEvg41FQM8jtEmm 3/SC3mlhPNOOderX+Y58QhneufDg2WxLj+LGwTvkDuWJuY5Vil/fW85fPHWFqpYH q4uRZmRndKXKXZmU60xKFXK7nCu/+451mL11X6T/Fvzw1/YBT2ulX2MCuVcpM2w5 OAfDapVNqqOxtE8dAIUHUSoelmEB76oyXqWV456g1+RQFHc0Zq9QBilglZ58BPBB cj6QUczeHABvl8U8Qt8m =Vi3G -----END PGP SIGNATURE-----