2009
fai-kernels (1.17+etch.24etch4) oldstable-security; urgency=high
* Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-24etch3:
* [parisc] isa-eeprom - Fix loff_t usage (CVE-2009-2846)
* do_sigaltstack: avoid copying 'stack_t' as a structure to user space
(CVE-2009-2847)
* execve: must clear current->clear_child_tid (CVE-2009-2848)
* md: avoid dereferencing NULL pointer when accessing suspend_* sysfs
attributes (CVE-2009-2849)
* [UDP]: Fix MSG_PROBE crash (CVE-2009-2698)
-- dann frazier <dannf@debian.org> Mon, 24 Aug 2009 10:03:10 -0600
fai-kernels (1.17+etch.24etch3) oldstable-security; urgency=high
* Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-24etch3:
* e1000: add missing length check to e1000 receive routine (CVE-2009-1385)
* r8169: fix crash when large packets are received (CVE-2009-1389)
* nfs4: fix MAY_EXEC handling (CVE-2009-1630)
* cifs: fix several string conversion issues (CVE-2009-1633)
* net: fix possible NULL dereference in sock_sendpage() (CVE-2009-2692)
-- dann frazier <dannf@debian.org> Sun, 16 Aug 2009 09:18:49 -0600
fai-kernels (1.17+etch.24etch2) oldstable-security; urgency=high
* Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-24etch2:
* Fix buffer underflow in the ib700wdt watchdog driver:
- bugfix/all/watchdog-ib700wdt-buffer_underflow.patch
See CVE-2008-5702
* nfs: Fix fcntl/close race
- bugfix/all/nfs-remove-buggy-lock-if-signalled-case.patch
See CVE-2008-4307
* sctp: fix memory overflow
- bugfix/all/sctp-avoid-memory-overflow.patch
See CVE-2009-0065
* Fix sign-extend ABI issue w/ system calls on various 64-bit architectures
- bugfix/all/CVE-2009-0029/*
See CVE-2009-0029
* security: introduce missing kfree
- bugfix/all/security-keyctl-missing-kfree.patch
See CVE-2009-0031
* dell_rbu: use scnprintf instead of less secure sprintf
- bugfix/all/dell_rbu-use-scnprintf-instead-of-sprintf.patch
See CVE-2009-0322
* [hppa] Fix system crash while unwinding a userspace process
- bugfix/hppa/userspace-unwind-crash.patch
See CVE-2008-5395
* NET: Add preemption point in qdisc_run
- bugfix/all/net-add-preempt-point-in-qdisc_run.patch
See CVE-2008-5713
* [mips] Fix potential DOS by untrusted user app
- bugfix/mips/fix-potential-dos.patch
See CVE-2008-5701
* Fix sensitive memory leak in SO_BSDCOMPAT gsopt
- bugfix/all/net-SO_BSDCOMPAT-leak.patch
- bugfix/all/net-SO_BSDCOMPAT-leak-2.patch
See CVE-2009-0676
* skfp: Fix inverted capabilities check logic
- bugfix/all/skfp-fix-inverted-cap-logic.patch
See CVE-2009-0675
* [amd64] syscall-audit: fix 32/64 syscall hole
- bugfix/syscall-audit-fix-32+64-syscall-hole.patch
See CVE-2009-0834
* shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM
This issue does not effect pre-build Debian kernels.
- bugfix/all/shm-fix-shmctl-SHM_INFO-lockup-without-CONFIG_SHMEM.patch
See CVE-2009-0859
* copy_process: fix CLONE_PARENT && parent_exec_id interaction
- bugfix/all/copy_process-fix-CLONE_PARENT-and-parent_exec_id-interaction.patch
See CVE-2009-0028
* af_rose/x25: Sanity check the maximum user frame size
- bugfix/all/af_rose+x25-sanity-check-the-max-user-frame-size.patch
See CVE-2009-1265
* NFS: fix an oops in encode_lookup()
- bugfix/all/nfs-fix-oops-in-encode_lookup.patch
See CVE-2009-1336
* exit_notify: kill the wrong capable(CAP_KILL) check
- bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch
See CVE-2009-1337
* agp: zero pages before sending to userspace
- bugfix/all/agp-zero-pages-before-sending-to-userspace.patch
See CVE-2009-1192
* cifs: Fix memory overwrite when saving nativeFileSystem field during mount
- bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch
- bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch
- bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch
See CVE-2009-1439
* Fix mips FTBFS due to a missed rename of the mips-specific
sys_pipe symbol.
-- dann frazier <dannf@debian.org> Wed, 06 May 2009 16:22:58 -0600
2008
fai-kernels (1.17+etch.24) stable; urgency=high
* Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-24:
[ dann frazier ]
* cciss: Add support for new hardware (closes: #502553)
- Add PCI ids for P700m, P212, P410, P410i, P411, P812, P711m, p712m
- Read the FIFO size from the controller config instead of
hardcoding it into the driver
* [hppa] disable UP-optimized flush_tlb_mm, fixing thread-related
hangs. (closes: #478717)
[ Ian Campbell ]
* xen: Add softlockup-no-idle-hz.patch to prevent softlockup in xen guest.
(closes: #506418)
[ Bastian Blank ]
* [xen] Remove 4gb segments warning completely. (closes: #391373)
* [xen/i386] Fix pseudo hwcap value to match newer kernels.
(closes: #506420)
-- dann frazier <dannf@debian.org> Mon, 29 Dec 2008 11:36:34 -0700
fai-kernels (1.17+etch.23etch1) stable-security; urgency=high
* Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-23etch1:
* Fix missing boundary checks in syscall/syscall32_nopage():
- bugfix/add-install_special_mapping.patch
- bugfix/i386-vdso-use_install_special_mapping.patch
- bugfix/x86_64-ia32-vDSO-use-install_special_mapping.patch
- features/all/xen/vdso-use_install_special_mapping.patch
See CVE-2008-3527
* Modify feature patches to apply on top of the fixes for
CVE-2008-3527:
- features/all/vserver/vs2.0.2.2-rc9.patch
- features/all/xen/fedora-2.6.18-36186.patch
- features/all/xen/vserver-update.patch
* Don't allow splicing to files opened with O_APPEND:
- bugfix/dont-allow-splice-to-files-opened-with-O_APPEND.patch
See CVE-2008-4554
* Avoid printk floods when reading corrupted ext[2,3] directories
- bugfix/ext2-avoid-corrupted-directory-printk-floods.patch
- bugfix/ext3-avoid-corrupted-directory-printk-floods.patch
See CVE-2008-3528
* Fix oops in SCTP
- bugfix/sctp-fix-oops-when-INIT-ACK-indicates-that-peer-doesnt-support-AUTH.patch
See CVE-2008-4576
* Fix buffer overflow in hfsplus
- bugfix/hfsplus-fix-Buffer-overflow-with-a-corrupted-image.patch
See CVE-2008-4933
* Fix BUG() in hfsplus
- bugfix/hfsplus-check_read_mapping_page-return-value.patch
See CVE-2008-4934
* Fix stack corruption in hfs
- bugfix/hfs-fix-namelength-memory-corruption.patch
See CVE-2008-5025
* Fix recursive descent in __scm_destroy
- bugfix/af_unix-fix-garbage-collector-races.patch
- bugfix/af_unix-convert-socks-to-unix_socks.patch
- bugfix/net-unix-fix-inflight-counting-bug-in-garbage-collector.patch
- bugfix/net-fix-recursive-descent-in-__scm_destroy.patch
See CVE-2008-5029
* Make sendmsg() block during UNIX garbage collection:
- bugfix/net-unix-gc-fix-soft-lockups-oom-issues.patch
See CVE-2008-5300
* Fix DoS when calling svc_listen twice on the same socket while reading
/proc/net/atm/*vc:
- bugfix/atm-duplicate-listen-on-socket-corrupts-the-vcc-table.patch
See CVE-2008-5079
* Fix race conditions between inotify removal and umount
- bugfix/inotify-watch-removal-umount-races.patch
See CVE-2008-5182
-- dann frazier <dannf@debian.org> Sat, 13 Dec 2008 17:42:58 -0700
fai-kernels (1.17+etch.23) stable; urgency=high
* Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-23:
[ Ian Campbell ]
* Fix DMA crash under Xen when no IOMMU is present (closes: #445987)
[ dann frazier ]
* [xfs] Fix attr2 corruption with btree data extents (closes: #498309)
-- dann frazier <dannf@debian.org> Mon, 13 Oct 2008 17:52:29 -0600
fai-kernels (1.17+etch.22etch3) stable-security; urgency=high
* Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-22etch3:
* bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch
Fix integer overflow in dccp_setsockopt_change()
See CVE-2008-3276
* bugfix/dio-zero-struct-dio-with-kzalloc-instead-of-manually.patch
Fix oops caused by uninitialized field in struct dio
See CVE-2007-6716
* bugfix/wan-sbni_ioctl-cap-checks.patch
Add missing capability checks in sbni_ioctl
See CVE-2008-3525
* bugfix/open-allows-sgid-in-sgid-directory.patch
Prevent open() creating file with wrong permissions
See CVE-2008-4210
* bugfix/splice-fix-bad-unlock_page-in-error-case.patch
Don't attempt to unlock a page if add_to_page_cache_lru fails
See CVE-2008-4302
* bugfix/remove-SUID-when-splicing-into-an-inode.patch
Remove SUID when splicing into an inode
See CVE-2008-3833
-- dann frazier <dannf@debian.org> Sun, 12 Oct 2008 21:29:25 -0600
fai-kernels (1.17+etch.22etch2) stable-security; urgency=high
* Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-22etch2:
* bugfix/x86-wrong-register-was-used-in-align-macro.patch
Fix regression introduced upstream by the fix for CVE-2008-0598
* bugfix/cifs-fix-compiler-warning.patch,
bugfix/netfilter-nf_nat_snmp_basic-fix-range-check.patch
Fix regressions introduced upstream by the fixes for CVE-2008-1673
* bugfix/sound-ensure-device-number-is-valid-in-snd_seq_oss_synth_make_info.patch
Fix possible information leak in seq_oss_synth.c
See CVE-2008-3272
* bugfix/vfs-fix-lookup-on-deleted-directory.patch
Fix potential memory leak in lookup path
See CVE-2008-3275
-- dann frazier <dannf@debian.org> Mon, 18 Aug 2008 22:07:49 -0600
fai-kernels (1.17+etch.22etch1) stable-security; urgency=high
* Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-22etch1:
* bugfix/sctp-make-sure-n-sizeof-does-not-overflow.patch
[SECURITY] Fix potential overflow condition in
sctp_getsockopt_local_addrs_old
See CVE-2008-2826
* bugfix/esp-iv-in-linear-part-of-skb.patch
[SECURITY] Avoid tripping BUG() in IPsec code when the first fragment
of an ESP packet does not contain the entire ESP header and IV
See CVE-2007-6282
* bugfix/amd64-fix-zeroing-on-exception-in-copy_user.patch
[SECURITY] [amd64] Fix potential information leak when a copy
operation fails by properly zeroing out destination memory
See CVE-2008-2729
* bugfix/tty-fix-for-tty-operations-bugs.patch
[SECURITY] Fix issues with tty operation handling in various drivers
See CVE-2008-2812
* bugfix/check-privileges-before-setting-mount-propagation.patch
[SECURITY] Check CAP_SYS_ADMIN when changing mountpoint type
See CVE-2008-2931
* bugfix/x86-fix-copy_user.patch
[SECURITY][amd64] Fix memory leak in the copy_user routine, see #490910.
See CVE-2008-0598
* Changes from 2.6.18.dfsg.1-22:
* Merge in changes from 2.6.18.dfsg.1-18etch6
* 3w-9xxx: Add 3ware 9690SA Backport (closes: #479773)
* Backport http://xenbits.xensource.com/xen-unstable.hg?rev/914304b3a3da,
fixing kernel BUG at drivers/xen/core/evtchn.c:481 (closes: #410807).
* Changes from 2.6.18.dfsg.1-18etch6
* bugfix/dccp-feature-length-check.patch
[SECURITY] Validate feature length to avoid heap overflow
See CVE-2008-2358
* bugfix/asn1-ber-decoding-checks.patch
[SECURITY] Validate lengths in ASN.1 decoding code to avoid
heap overflow
See CVE-2008-1673
-- dann frazier <dannf@debian.org> Wed, 6 Aug 2008 00:31:44 -0600
fai-kernels (1.17+etch.21) stable; urgency=high
* Rebuild against linux-source-2.6.18_2.6.18.dfsg.1-21
-- dann frazier <dannf@debian.org> Sat, 31 May 2008 13:45:13 -0600
fai-kernels (1.17+etch.18etch5) stable-security; urgency=high
* Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-18etch5):
* bugfix/sit-missing-kfree_skb-on-pskb_may_pull.patch
[SECURITY] Fix remotely-triggerable memory leak in the Simple
Internet Transition (SIT) code used for IPv6 over IPv4 tunnels
See CVE-2008-2136
* bugfix/hrtimer-prevent-overrun.patch,
bugfix/ktime-fix-MTIME_SEC_MAX-on-32-bit.patch
[SECURITY] Fix potential infinite loop in hrtimer_forward on
64-bit systems
See CVE-2007-6712
* bugfix/amd64-cs-corruption.patch
[SECURITY] Fix local ptrace denial of service for amd64 flavor
kernels, bug #480390
See CVE-2008-1615
* bugfix/sparc-fix-mmap-va-span-checking.patch
bugfix/sparc-fix-mremap-addr-range-validation.patch
[SECURITY] Validate address ranges regardless of MAP_FIXED
See CVE-2008-2137
-- dann frazier <dannf@debian.org> Tue, 27 May 2008 01:54:12 -0600
fai-kernels (1.17+etch.18etch4) stable-security; urgency=high
* Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-18etch4)
* bugfix/fcntl_setlk-close-race.patch
[SECURITY] Fix an SMP race to prevent reordering of flock updates
and accesses to the descriptor table on close().
See CVE-2008-1669
-- dann frazier <dannf@debian.org> Mon, 12 May 2008 10:19:37 -0600
fai-kernels (1.17+etch.18etch3) stable-security; urgency=high
* Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-18etch3):
* Wrap added code in bugfix/dnotify-race-avoid-abi-change.patch in
#ifndef __GENKSYMS__ to avoid ABI change
* Revert ABI change introduced in 2.6.18.dfsg.1-18etch2
-- dann frazier <dannf@debian.org> Mon, 28 Apr 2008 22:57:05 -0600
fai-kernels (1.17+etch.18etch2) stable-security; urgency=high
* Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-18etch2):
* bugfix/powerpc-chrp-null-deref.patch
[SECURITY][powerpc] Fix NULL pointer dereference if get_property
fails on the subarchitecture
See CVE-2007-6694
* bugfix/mmap-VM_DONTEXPAND.patch
[SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
a fault handler but do not bounds check the offset argument
See CVE-2008-0007
* bugfix/RLIMIT_CPU-earlier-checking.patch
[SECURITY] Move check for an RLIMIT_CPU with a value of 0 earlier
to prevent a user escape (closes: #419706)
See CVE-2008-1294
* bugfix/dnotify-race.patch
[SECURITY] Fix a race in the directory notify
See CVE-2008-1375
This patch changes the ABI
* Bump ABI to 7.
-- dann frazier <dannf@debian.org> Mon, 21 Apr 2008 22:30:26 -0600
fai-kernels (1.17+etch.18etch1) stable-security; urgency=high
* Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-18etch1)
* bugfix/vmsplice-security.patch
[SECURITY] Fix missing access check in vmsplice.
See CVE-2008-0010, CVE-2008-0600
* bugfix/all/vserver/proc-link-security.patch
[SECURITY][vserver] Fix access checks for the links in /proc/$pid.
* Changes from linux-source-2.6.18 (2.6.18.dfsg.1-18)
[ Martin Michlmayr ]
* [mips] Fix network on Cobalt RaQ1, thanks Thomas Bogendoerfer
(closes: #460337).
[ dann frazier ]
* [ia64] Fix an issue with unaligned accesses and certain floating point
instructions that can result in silent user data corruption
(closes: #461493).
* Update abi reference files for ABI 6
-- dann frazier <dannf@debian.org> Tue, 12 Feb 2008 09:59:43 -0700
fai-kernels (1.17+etch.17etch1) stable-security; urgency=high
* Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-17etch1):
* bugfix/i4l-isdn_ioctl-mem-overrun.patch
[SECURITY] Fix potential isdn ioctl memory overrun
See CVE-2007-6151
* bugfix/vfs-use-access-mode-flag.patch
[SECURITY] Use the access mode flag instead of the open flag when
testing access mode for a directory. Modify
features/all/vserver/vs2.0.2.2-rc9.patch to apply on top of this
See CVE-2008-0001
* bugfix/fat-move-ioctl-compat-code.patch, bugfix/fat-fix-compat-ioctls.patch
[SECURITY][ABI Changer] Fix kernel_dirent corruption in the compat layer
for fat ioctls
See CVE-2007-2878
* bugfix/proc-snd-page-alloc-mem-leak.patch
[SECURITY][ABI Changer] Fix an issue in the alsa subsystem that allows a
local user to read potentially sensitive kernel memory from the proc
filesystem
See CVE-2007-4571
* Bump ABI to 6.
-- dann frazier <dannf@debian.org> Tue, 22 Jan 2008 22:42:35 -0700
2007
fai-kernels (1.17+etch.17) stable; urgency=high
* Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-17):
* [futex] Fix address computation in compat code, fixing hangs
on sparc64. (closes: #433187)
* [x86_64] Mask the NX bit in mk_pte_phys to avoid triggering a RSVD type
page fault on non-NX capable systems which causes a crash.
(closes: #414742)
* [fusion] Avoid holding the device busy for too long in the low level
driver, which was causing filesystems in VMWare guests to get remounted
read-only under load. (closes: #453120)
* Add UNUSUAL_DEV entries for supertop usb drives which require the
IGNORE_RESIDUE flag. (closes: #455856)
* [sparc64] Enable CONFIG_USB_SERIAL (closes: #412740)
-- dann frazier <dannf@debian.org> Sat, 22 Dec 2007 17:32:43 -0700
fai-kernels (1.17+etch.13etch6) stable-security; urgency=high
* NMU by the Security Team
* Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-13etch6):
* bugfix/isdn-net-overflow.patch
[SECURITY] Fix potential overflows in the ISDN subsystem
See CVE-2007-6063
* bugfix/coredump-only-to-same-uid.patch
[SECURITY] Fix an issue where core dumping over a file that
already exists retains the ownership of the original file
See CVE-2007-6206
* bugfix/hrtimer-large-relative-timeouts-overflow.patch
[SECURITY] Avoid overflow in hrtimers due to large relative timeouts
See CVE-2007-5966
* bugfix/minixfs-printk-hang.patch
[SECURITY] Rate-limit printks caused by accessing a corrupted minixfs
filesystem that would otherwise cause a system to hang (printk storm)
See CVE-2006-6058
* bugfix/tmpfs-restore-clear_highpage.patch
[SECURITY] Fix a theoretical kernel memory leak in the tmpfs filesystem
See CVE-2007-6417
-- dann frazier <dannf@debian.org> Wed, 19 Dec 2007 23:59:32 -0700
fai-kernels (1.17+etch.13etch5) stable-security; urgency=high
* NMU by the Security Team
* Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-13etch5):
* bugfix/sysfs_readdir-NULL-deref-1.patch,
bugfix/sysfs_readdir-NULL-deref-2.patch,
bugfix/sysfs-fix-condition-check.patch
[SECURITY] Fix potential NULL pointer dereference which can lead to
a local DoS (kernel oops)
See CVE-2007-3104
* bugfix/ieee80211-underflow.patch
[SECURITY] Fix integer overflow in ieee80211 which makes it possible
for a malicious frame to crash a system using a driver built on top of
the Linux 802.11 wireless code.
See CVE-2007-4997
* bugfix/wait_task_stopped-hang.patch
[SECURITY] wait_task_stopped was incorrectly testing for TASK_TRACED -
check p->exit_state instead avoiding a potential system hang
See CVE-2007-5500
* bugfix/cifs-better-failed-mount-errors.patch,
bugfix/cifs-corrupt-server-response-overflow.patch
[SECURITY][CIFS] Fix multiple overflows that can be remotely triggered
by a server sending a corrupt response.
See CVE-2007-5904
-- dann frazier <dannf@debian.org> Mon, 10 Dec 2007 20:13:22 -0700
fai-kernels (1.17+etch.13etch4) stable-security; urgency=high
* NMU by the Security Team
* Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-13etch4):
[ Bastian Blank ]
* bugfix/amd64-zero-extend-32bit-ptrace-xen.patch
[SECURITY] Zero extend all registers after ptrace in 32-bit entry path
(Xen).
See CVE-2007-4573
* bugfix/don-t-leak-nt-bit-into-next-task-xen.patch
[SECURITY] Don't leak NT bit into next task (Xen).
See CVE-2006-5755
[ dann frazier ]
* bugfix/hugetlb-prio_tree-unit-fix.patch
[SECURITY] Fix misconversion of hugetlb_vmtruncate_list to prio_tree
which could be used to trigger a BUG_ON() call in exit_mmap.
See CVE-2007-4133
* bugfix/usb-pwc-disconnect-block.patch
[SECURITY] Fix issue with unplugging webcams that use the pwc driver.
If userspace still has the device open it can result, the driver would
wait for the device to close, blocking the USB subsystem.
See CVE-2007-5093
-- dann frazier <dannf@debian.org> Mon, 8 Oct 2007 23:42:43 -0600
fai-kernels (1.17+etch.13etch3) stable-security; urgency=high
* NMU by the Security Team
* Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-13etch3):
* bugfix/ptrace-handle-bogus-selector.patch,
bugfix/fixup-trace_irq-breakage.patch
[SECURITY] Handle an invalid LDT segment selector %cs (the xcs field)
during ptrace single-step operations that can be used to trigger a
NULL-pointer dereference causing an Oops.
See CVE-2007-3731
* bugfix/prevent-stack-growth-into-hugetlb-region.patch
[SECURITY] Prevent OOPS during stack expansion when the VMA crosses
into address space reserved for hugetlb pages.
See CVE-2007-3739
* bugfix/cifs-honor-umask.patch
[SECURITY] Make CIFS honor a process' umask
See CVE-2007-3740
* bugfix/amd64-zero-extend-32bit-ptrace.patch
[SECURITY] Zero extend all registers after ptrace in 32-bit entry path.
See CVE-2007-4573
* bugfix/jffs2-ACL-vs-mode-handling.patch
[SECURITY] Write correct legacy modes to the medium on inode creation to
prevent incorrect permissions upon remount.
See CVE-2007-4849
-- dann frazier <dannf@debian.org> Thu, 27 Sep 2007 12:53:36 -0600
fai-kernels (1.17+etch5) stable-security; urgency=high
* NMU by the Security Team
* Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-13etch2):
* bugfix/ipv4-fib_props-out-of-bounds.patch
[SECURITY] Fix a typo which caused fib_props[] to be of the wrong size
and check for out of bounds condition in index provided by userspace
See CVE-2007-2172
* bugfix/cpuset_tasks-underflow.patch
[SECURITY] Fix integer underflow in /dev/cpuset/tasks which could allow
local attackers to read sensitive kernel memory if the cpuset filesystem
is mounted.
See CVE-2007-2875
* bugfix/random-bound-check-ordering.patch
[SECURITY] Fix stack-based buffer overflow in the random number
generator
See CVE-2007-3105
* bugfix/cifs-fix-sign-settings.patch
[SECURITY] Fix overriding the server to force signing on caused by
checking the wrong gloal variable.
See CVE-2007-3843
* bugfix/aacraid-ioctl-perm-check.patch
[SECURITY] Require admin capabilities to issue ioctls to aacraid devices
See CVE-2007-4308
-- dann frazier <dannf@debian.org> Fri, 31 Aug 2007 15:20:11 -0600
fai-kernels (1.17+etch4) stable-security; urgency=high
* NMU by the Security Team
* Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-13etch1):
* Update abi reference files for ABI 5
* bugfix/bluetooth-l2cap-hci-info-leaks.patch
[SECURITY] Fix information leaks in setsockopt() implementations
See CVE-2007-1353
* bugfix/usblcd-limit-memory-consumption.patch
[SECURITY] limit memory consumption during write in the usblcd driver
See CVE-2007-3513
* bugfix/pppoe-socket-release-mem-leak.patch
[SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
after connect but before PPPIOCGCHAN ioctl is called upon it
See CVE-2007-2525
* bugfix/nf_conntrack_h323-bounds-checking.patch
[SECURITY] nf_conntrack_h323: add checking of out-of-range on choices'
index values
See CVE-2007-3642
* bugfix/dn_fib-out-of-bounds.patch
[SECURITY] Fix out of bounds condition in dn_fib_props[]
See CVE-2007-2172
* bugfix/random-fix-seeding-with-zero-entropy.patch
bugfix/random-fix-error-in-entropy-extraction.patch
[SECURITY] Avoid seeding with the same values at boot time when a
system has no entropy source and fix a casting error in entropy
extraction that resulted in slightly less random numbers.
See CVE-2007-2453
* bugfix/nf_conntrack_sctp-null-deref.patch
[SECURITY] Fix remotely triggerable NULL pointer dereference
by sending an unknown chunk type.
See CVE-2007-2876
* bugfix/i965-secure-batchbuffer.patch
[SECURITY] Fix i965 secured batchbuffer usage
See CVE-2007-3851
* bugfix/reset-pdeathsig-on-suid.patch
[SECURITY] Fix potential privilege escalation caused by improper
clearing of the child process' pdeath signal.
Thanks to Marcel Holtmann for the patch.
See CVE-2007-3848
-- dann frazier <dannf@debian.org> Wed, 15 Aug 2007 17:06:20 -0600
fai-kernels (1.17+etch3) stable; urgency=low
* build arcmsr scsi-driver as module on all three archs (Closes: #417752) * updated maintainer address
-- Holger Levsen <holger@debian.org> Wed, 16 May 2007 11:03:49 +0200
fai-kernels (1.17+etch2) stable-security; urgency=high
* NMU by the Security Team
* Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-12etch2):
* bugfix/nfnetlink_log-null-deref.patch
[SECURITY] Fix remotely exploitable NULL pointer dereference in
nfulnl_recv_config()
See CVE-2007-1496
* bugfix/nf_conntrack-set-nfctinfo.patch
[SECURITY] Fix incorrect classification of IPv6 fragments as ESTABLISHED,
which allows remote attackers to bypass certain rulesets
See CVE-2007-1497
* bugfix/netlink-infinite-recursion.patch
[SECURITY] Fix infinite recursion bug in netlink
See CVE-2007-1861
* bugfix/nl_fib_lookup-oops.patch
Add fix for oops bug added by previous patch
-- dann frazier <dannf@debian.org> Wed, 09 May 2007 18:26:42 -0600
fai-kernels (1.17+etch1) stable-security; urgency=high
* NMU by the Security Team * Rebuild with a version greater than the binNMU in stable (1.17+b1)
-- dann frazier <dannf@debian.org> Fri, 4 May 2007 13:33:20 -0600
fai-kernels (1.17etch1) stable-security; urgency=high
* NMU by the Security Team
* Rebuild against linux-source-2.6.18 (2.6.18.dfsg.1-12etch1):
* bugfix/core-dump-unreadable-PT_INTERP.patch
[SECURITY] Fix a vulnerability that allows local users to read
otherwise unreadable (but executable) files by triggering a core dump.
See CVE-2007-0958
* bugfix/appletalk-length-mismatch.patch
[SECURITY] Fix a remote DoS (crash) in appletalk
Depends upon bugfix/appletalk-endianness-annotations.patch
See CVE-2007-1357
* bugfix/cm4040-buffer-overflow.patch
[SECURITY] Fix a buffer overflow in the Omnikey CardMan 4040 driver
See CVE-2007-0005
* bugfix/ipv6_fl_socklist-no-share.patch
[SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
ipv6_fl_socklist between the listening socket and the socket created
for connection.
See CVE-2007-1592
-- dann frazier <dannf@debian.org> Mon, 30 Apr 2007 14:39:56 -0600
fai-kernels (1.17) unstable; urgency=low
* build against newer version of linux-source-2.6.18 (2.6.18.dfsg.1-11)
-- Holger Levsen <debian@layer-acht.org> Tue, 27 Feb 2007 19:56:20 +0000
fai-kernels (1.16) unstable; urgency=low
* build against newer version of linux-source-2.6.18 (2.6.18.dfsg.1-10)
-- Holger Levsen <debian@layer-acht.org> Wed, 7 Feb 2007 12:29:52 +0100
2006
fai-kernels (1.15) unstable; urgency=low
* build against newer version of linux-source-2.6.18 (2.6.18-7) * JFFS2 (i386 only) needs MTD, this really (Closes: #399990)
-- Holger Levsen <debian@layer-acht.org> Sun, 10 Dec 2006 13:54:20 +0000
fai-kernels (1.14) unstable; urgency=low
* build against newer version of linux-source-2.6.18 * add Vcs-Svn control field (Closes: #399554) * build IPMI modules on i386 and amd64 (Closes: #399545) * build 3ware modules on powerpc too, so on all archs now (Closes: #399538) * build JFFS2 modules on i386 (Closes: #399990) * build LSI MegaRAID modules on powerpc too, so on all archs now (Closes: #399534)
-- Holger Levsen <debian@layer-acht.org> Tue, 28 Nov 2006 20:02:04 +0000
fai-kernels (1.13) unstable; urgency=low
* upgraded to 2.6.18 * bnx2 network driver enabled (Closes: #387572) * copied the Graphics support and Console display driver support configuration sections from config-2.6.18-2-vserver-686/amd64/powerpc (Closes: #396740) * introduced config-2.6.17.144floppy in /usr/share/doc/fai-kernels/ for easy rebuilding with a kernel that still fits on a 1.44mb floppy Those configurations are the same as where used in fai-kernels 1.12 but without the gigabit nic drivers. * moved NEWS to NEWS.Debian * enabled nfs4
-- Holger Levsen <debian@layer-acht.org> Mon, 13 Nov 2006 18:35:14 +0000
fai-kernels (1.12) unstable; urgency=low
* reverted 1.11-2 as the NMU was a.) incomplete (only i386), b.) included
cruft and unmentioned changes, c.) I had most changes in SVN anyway and d.)
got additional bonus points for not sending the patches to the BTS nor
opening a bug for the NMU
* switched images and configs to 2.6.17
* added CONFIG_USB_HIDINPUT=y to amd64 and i386 (Closes: #385435)
* enabled some more SCSI modules on i386, amd64 and powerpc (Closes: #381494)
* enabled CONFIG_SKGE and CONFIG_SKY2 on i386 and amd64 (Closes: #385613)
* enabled CONFIG_MV643XX_ETH on powerpc
* enabled CONFIG_NETLINK on i386, amd64 and powerpc (Closes: #380611)
-- Holger Levsen <debian@layer-acht.org> Mon, 11 Sep 2006 12:07:23 +0200
fai-kernels (1.11.2) unstable; urgency=low
* build with CONFIG_SKGE and CONFIG_SKY2 driver Marvell/Yukon gigabit
ethernet cards support on i386 (closes: #385613).
* build with CONFIG_USB_HIDINPUT driver for USB keyboards on i386
(closes: #385435).
* added myself as uploader
-- Cyril Bouthors <cyril@bouthors.org> Sat, 2 Sep 2006 14:41:27 +0300
fai-kernels (1.11.1) unstable; urgency=low
* build SATA_SIS as a module on i386 (Closes: #378021) * removed PATCH_THE_KERNEL=yes as suggested by Dann Frazier in 1.9.1sarge1, removed build-conflicts linux-patch-bootsplash (Closes: #378008, #378018) * added build-dep module-init-tools also suggested by him in that security-upload * removed veryclean target and moved its contents to clean
-- Holger Levsen <debian@layer-acht.org> Fri, 14 Jul 2006 16:28:19 +0000
fai-kernels (1.11) unstable; urgency=low
* removed kernel 2.4
* therefore also removed alpha build as no 2.6 config for fai-kernels for
alpha exits :-(
* build SATA nvidia driver as a module on i386 (Closes: #366423) and the
AHCI SATA driver on i386 and amd64 (Closes: #375653)
* build all megaraid drivers as modules on i386 and amd64 (Closes: #375843)
* build with FORCEDETH nvidia driver support on i386 (Closes: #368612)
* confirmed that the package conforms to debian-policy 3.7.2
-- Holger Levsen <debian@layer-acht.org> Tue, 11 Jul 2006 18:47:22 +0000
fai-kernels (1.10.3) unstable; urgency=low
* upgraded to build with 2.6.16
* enabled aacraid driver (as module) in i386, amd64 and powerpc 2.6 kernels
as well as in powerpc 2.4 kernels (closes: #357918)
-- Holger Levsen <debian@layer-acht.org> Sat, 8 Apr 2006 15:45:01 +0000
fai-kernels (1.10.2) unstable; urgency=low
* updated to use 2.6.15
* the test, if the patch for #328707 applies, now works as intended.
(That means fai-kernels builds with kernel-source-2.4.27-12 in sid.)
* increased CONFIG_BLK_DEV_RAM_SIZE=8192 as this is needed for the new
fai-cd and also matches the debian default kernels
* added arch specific build-depends on kernel sources
* bugfix: don't copy the 2.6 kernel config on alpha - the real fix (tm)
should be to build 2.6 fai-kernels on alpha... as I don't have an
alpha I'm waiting for someone to send that config to the BTS
* build HW_RANDOM as module on archs that support it (2.6 only) - requested
by user via private mail (please use the BTS instead)
* build with CONFIG_PDC202XX_FORCE=y as requested by user via private mail
* set CONFIG_FUSION=y as it's an option, not a driver
* more driver needed for 2.6 i386, requested by Thomas Lange (TULIP,
CONFIG_DE4X5, CONFIG_WINBOND_840, CONFIG_DM9102, CONFIG_ULI526X)
* the i386, amd64 and powerpc kernel configs have been re-generated with
"make menuconfig" so in future it will be easier to diff them. The alpha
config still needs to be updated that way.
* enabled CONFIG_SCSI_SATA_ULI=m (and therefore experimental drivers) on
2.6 on i386 and amd64 as requested by Thomas Lange.
-- Holger Levsen <debian@layer-acht.org> Wed, 18 Jan 2006 15:44:37 +0100
2005
fai-kernels (1.10.1) unstable; urgency=low
* added build-depends on gcc-3.3 (closes: #340884) * reenabled serial console on 2.6 on i386 (closes: #296932) and also on powerpc and amd64 as well as on 2.4 on powerpc * streamlined support for Fusion MPT on i386 and amd64 * added support for 2.4 fai-kernels on alpha - thanks to Steffen Grunewald
-- Holger Levsen <debian@layer-acht.org> Wed, 30 Nov 2005 11:42:16 +0100
fai-kernels (1.10) unstable; urgency=low
* fai-kernels was removed as requested in #323183. Unfortunatly neither
Thomas Lange (the former maintainer) nor me was informed of that action
before it was done.
This makes FAI unpleasent to use in unstable, and since FAI is in heavy
development at the moment we would like to have as many testers as possible
- so we decided to re-upload fai-kernels.
As this is done now, I will stick to my original plan, which is using
standard debian kernels with "nfsroot"-initrds for FAI. This will make
fai-kernel unnecessary so it _then_ can be removed again.
* added support for amd64 and ppc
* updated README.non-i386 accordingly
* updated to use linux-tree-2.6.14 instead of 2.6.8
* apply the patch for #328707 to kernel-source-2.4.27 during build-time, so
that it builds with the latest binutils. As 2.4.27-12 will hopefully soon
be uploaded with the patch included, the patch will only be applied, if it
applies cleanly without errors.
* dont merge kernel config snipplets, rather use one config file per arch
and kernel version (2.4/2.6)
* added some drivers for various network cards and scsi controllers
(closes: #328232)
* updated README (closes: #328230)
* append "fai-kernels" to version of the build kernel-packages instead of
"fai"
* updated the FSF address in copyright
* confirmed that the package conforms to debian-policy 3.6.2
* made build-dependency to debhelper versioned and raised debian/compat to
a non-deprecated value
* added myself to maintainers field
-- Holger Levsen <debian@layer-acht.org> Fri, 21 Nov 2005 16:23:42 +0100
fai-kernels (1.9.1) unstable; urgency=high
* recompile with new kernel sources * use kernel-tree-2.6.8-16 and kernel-tree-2.4.27-10
-- Thomas Lange <lange@debian.org> Tue, 31 May 2005 14:33:16 +0200
fai-kernels (1.9) unstable; urgency=high
* provide kernel patchlevel in Build-depends to easier track security
issues (closes: #297811)
* build-depends on kernel-tree packges with abi version number
* added README.security-updates, README.non-i386
* prepare the rules files to support powerpc
* added powerpc-kernel-configs
* rules: set PATCH_THE_KERNEL=YES, so kernel-sources will be patched
-- Thomas Lange <lange@debian.org> Fri, 8 Apr 2005 16:05:45 +0200
fai-kernels (1.8.2) unstable; urgency=low
* add SATA support for 2.4 kernel (closes: 286854)
* add IA32_EMULATION (only usefull on x86-64)
* disable math emulation to make kernel fit on a floppy (for 2.6 kernel)
* ps2 mouse and serial mouse as module, disable autofs support (2.6 kernel)
* rules: include file versions which sets the variables kversion and
kversion24
* disable HAMACHI and ARCNET in both kernel configs
* enable options which are needed for fai bootcd kernel
* use gcc 3.3.5 for compilation
-- Thomas Lange <lange@debian.org> Fri, 7 Jan 2005 11:58:37 +0100
2004
fai-kernels (1.8.1) unstable; urgency=low
* add POSIX ACL support for 2.4 kernel (closes: #279871) * add ReiserFS ACL support for 2.6 kernel
-- Thomas Lange <lange@debian.org> Tue, 9 Nov 2004 11:23:32 +0100
fai-kernels (1.8) unstable; urgency=medium
* use kernel 2.4.27 and 2.6.8 (closes: #271244) * disable coda fs * added xfs for 2.4 kernel * added some network drivers * copy kernel config for 2.6 kernel to doc directory
-- Thomas Lange <lange@debian.org> Mon, 13 Sep 2004 11:20:35 +0200
fai-kernels (1.7.1) unstable; urgency=low
* add Promise IDE drivers * add SATA drivers to 2.6 kernel
-- Thomas Lange <lange@debian.org> Tue, 3 Aug 2004 21:14:22 +0200
fai-kernels (1.7) unstable; urgency=low
* use 2.4.26 kernel * add config for 2.6.7 kernel * add aic79xx scsi driver (closes: #241278) * control: reformat extended description
-- Thomas Lange <lange@debian.org> Thu, 22 Jul 2004 13:49:50 +0200
fai-kernels (1.6) unstable; urgency=low
* use 2.4.24 kernel
* rules: add --append-to-version, copy kernel config to doc directory,
move value of DH_COMPAT in rules to new compat file
* fai-kernel-config-2.4: add 3Com typhoon drivers, remove some PCMCIA
drivers, enable highmem support
* file kernel-version removed, set version in debian/rules
-- Thomas Lange <lange@debian.org> Tue, 3 Feb 2004 15:47:46 +0100
2003
fai-kernels (1.5.3) unstable; urgency=low
* add dependency on modutils (closes: #190895)
-- Thomas Lange <lange@debian.org> Tue, 29 Apr 2003 15:59:15 +0200
fai-kernels (1.5.2) unstable; urgency=high
* kernel configuration now build with make oldconfig instead of
make menuconfig (closes: #188633)
* dependency on libncurses5-dev is not needed any more
* add NEWS file
-- Thomas Lange <lange@debian.org> Wed, 23 Apr 2003 14:46:58 +0200
fai-kernels (1.5.1) unstable; urgency=low
* add more network drivers for gigabit cards
* README: list some network card drivers and their size, if someone need
more space on the boot floppy
-- Thomas Lange <lange@debian.org> Mon, 7 Apr 2003 11:08:09 +0200
fai-kernels (1.5) unstable; urgency=low
* use 2.4.20 kernel * debian/rules: build target only builds kernel version 2.4.x * debian/control: remove dependency on kernel-source-2.2.20 * remove frame buffer support (and the penguin logo) * SCSI and IDE drivers are only availavle as modules * build target does not need root privileges (closes: #167102) * add build dependencies in control file * use new Intel NIC drivers, add tulip NIC driver * remove NFS server and quota support * ext2, loop, floppy now as modules * use even more kernel modules to reduce the size of the kernel image * disable FDDI drivers
-- Thomas Lange <lange@debian.org> Thu, 6 Feb 2003 15:53:45 +0100
2002
fai-kernels (1.4) unstable; urgency=medium
* remove setting of DEB_HOST_ARCH in rules file (closes: #146107) * add build-depends on bin86 * merge the two 2.2.20 kernels to one that support both BOOTP and DHCP * override obsolete 1.3 version of this package, but add 2.4 kernel support
-- Thomas Lange <lange@debian.org> Thu, 16 May 2002 14:30:34 +0200
fai-kernels (1.3) unstable; urgency=low
* add README to the Debian package * add info how to compile a 2.4.X kernel * new kernel-config-2.4 file * kernel 2.4.18 included in package
-- Thomas Lange <lange@debian.org> Wed, 8 May 2002 12:58:16 +0200
fai-kernels (1.2) unstable; urgency=low
* update for kernel 2.2.20
-- Thomas Lange <lange@debian.org> Thu, 11 Apr 2002 11:45:47 +0200
fai-kernels (1.1.5) unstable; urgency=low
* package depends on kernel-source-2.2.19 (closes: #133584) * use RTL8139TOO ethernet driver instead of RTL8139 * added via-rhine ethernet driver
-- Thomas Lange <lange@debian.org> Mon, 18 Feb 2002 14:59:55 +0100
fai-kernels (1.1.4) unstable; urgency=low
* add build-depends (closes: #123716) * don't use option I with tar, instead use a pipe and bzcat * Standards update to 3.5.6
-- Thomas Lange <lange@debian.org> Wed, 2 Jan 2002 15:08:13 +0100
2001
fai-kernels (1.1.3) unstable; urgency=low
* added driver for Promise IDE controlle (needs kernel boot parameter)
-- Thomas Lange <lange@debian.org> Fri, 16 Nov 2001 13:48:46 +0100
fai-kernels (1.1.2) unstable; urgency=low
* kernel configuration slightly changed * added serial console support
-- Thomas Lange <lange@debian.org> Thu, 4 Oct 2001 13:01:46 +0200
fai-kernels (1.1.1) unstable; urgency=low
* Build-Depends to kernel-source without version number (closes:
#102040, #98117)
-- Thomas Lange <lange@debian.org> Mon, 23 Jul 2001 11:19:59 +0200
fai-kernels (1.1) unstable; urgency=low
* first upload to Debian archive * Support for kernel 2.2.19 * enhanced documentation
-- Thomas Lange <lange@debian.org> Tue, 8 May 2001 16:22:46 +0200
2000
fai-kernels (1.0) unstable; urgency=low
* Initial Release.
-- Thomas Lange <lange@debian.org> Wed, 29 Nov 2000 17:25:29 +0100