Filewatcher File Search File Search
Content Search
» » » » » linux-headers-2.6.26-2-common-xen_2.6.26-29_amd64.deb » Content »
pkg://linux-headers-2.6.26-2-common-xen_2.6.26-29_amd64.deb:3865696/usr/share/doc/linux-headers-2.6.26-2-common-xen/  info  control  downloads

linux-headers-2.6.26-2-common-xen - Common header files for Linux 2.6.26-2-xen…  more info»


linux-2.6 (2.6.26-29) oldstable; urgency=high

  * Revert: [powerpc] oprofile: Handle events that raise an exception without
    overflowing (CVE-2011-4347).

 -- dann frazier <>  Sat, 03 Mar 2012 22:24:34 -0700

linux-2.6 (2.6.26-28) oldstable; urgency=high

  * hfs: fix hfs_find_init() sb->ext_tree NULL ptr oops (CVE-2011-2203)
  * xfs: Fix possible memory corruption in xfs_readlink (CVE-2011-4077)
  * KEYS: Fix a NULL pointer deref in the user-defined key type (CVE-2011-4110)
  * futex: clear robust_list on execve (CVE-2012-0028)
  * rose: Add length checks to CALL_REQUEST parsing (CVE-2011-4914)
  * [x86] KVM: Prevent starting PIT timers in the absence of irqchip support
  * jbd/jbd2: validate sb->s_first in journal_get_superblock() (CVE-2011-4132)
  * hfs: add sanity check for file name length (CVE-2011-4330)
  * [powerpc] oprofile: Handle events that raise an exception without
    overflowing (CVE-2011-4347)
  * Restrict ioctl forwarding on partitions and logical volumes (CVE-2011-4127)

 -- dann frazier <>  Thu, 01 Mar 2012 17:17:19 -0700

linux-2.6 (2.6.26-27) oldstable; urgency=high

  [ Ben Hutchings ]
  * dm,md: Deal with merge_bvec_fn in component devices better
    (Closes: #604457)
  * rt2x00: Fix memory leak after failing to insert RTS/CTS frame
    (Closes: #561890)

  [ dann frazier ]
  * Include selected backport from
    - md: fix bug with re-adding of partially recovered device.
  * Include selected backports from
    - NFS: fix the return value of nfs_file_fsync()
    - ptrace: use safer wake up on ptrace_detach()
    - [x86] mm: avoid possible bogus tlb entries by clearing prev mm_cpumask
      after switching mm
    - dm raid1: fail writes if errors are not handled and log fails
    - [x86] asus_acpi: world-writable procfs files
    - [x86] acer-wmi: world-writable sysfs threeg file
    - [x86] tc1100-wmi: world-writable sysfs wireless and jogdial files
    - NFSD: memory corruption due to writing beyond the stat array
    - ext2: Fix link count corruption under heavy link+rename load
    - virtio: set pci bus master enable bit
    - [s390] keyboard: integer underflow bug
    - ocfs2_connection_find() returns pointer to bad structure
    - libsas: fix runaway error handler problem
    - NFS: Fix "kernel BUG at fs/aio.c:554!"
    - md: fix regression with re-adding devices to arrays with no metadata
    - [x86] Flush TLB if PGD entry is changed in i386 PAE mode
    - ext3: skip orphan cleanup on rocompat fs
    - cciss: fix lost command issue
  * cifs: fix an oops that can occur when accessing filenames containing
    accented characters from a Windows ME server (Closes: #524438)
  * [hppa] Fix FTBFS caused by CVE-2011-2496 fix

 -- dann frazier <>  Mon, 19 Sep 2011 22:30:56 -0600

linux-2.6 (2.6.26-26lenny4) oldstable-security; urgency=high

  [ dann frazier ]
  * Fix regression in fix for CVE-2011-1768 (Closes: #633738)
  * taskstats: don't allow duplicate entries in listener mode (CVE-2011-2484)
  * NLM: Don't hang forever on NLM unlock requests (CVE-2011-2491)
  * proc: restrict access to /proc/PID/io (CVE-2011-2495)
  * vm: fix vm_pgoff wrap in up/down stack expansions (CVE-2011-2496)
  * Bluetooth: Prevent buffer overflow in l2cap config request (CVE-2011-2497)
  * net_sched: Fix qdisc_notify() (CVE-2011-2525)
  * Fix overflow in auerswald driver (CVE-2009-4067)
  * restrict access to /proc/pid/* after setuid exec (CVE-2011-1020)
  * befs: Validate length of long symbolic links (CVE-2011-2928)
  * cifs: fix possible memory corruption in CIFSFindNext (CVE-2011-3191)
  * Switch to MD5 for sequence number generation (CVE-2011-3188)

  [ Moritz Muehlenhoff ]
  * ALSA: caiaq - Fix possible string-buffer overflow (CVE-2011-0712)
  * Fix several Alpha vulnerabilities (CVE-2011-2208, CVE-2011-2209,
    CVE-2011-2210, CVE-2011-2211)
  * inet_diag: fix inet_diag_bc_audit() (CVE-2011-2213)	
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace

 -- dann frazier <>  Sat, 17 Sep 2011 10:10:24 -0600

linux-2.6 (2.6.26-26lenny3) oldstable-security; urgency=high

  [ dann frazier ]
  * net: clear heap allocations for privileged ethtool actions (CVE-2010-4655)
  * xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
  * [s390] remove task_show_regs (CVE-2011-0710)
  * fs/partitions: Validate map_count in Mac partition tables (CVE-2011-1010)
  * ldm: corrupted partition table can cause kernel oops (CVE-2011-1012)
  * Bluetooth: sco: fix information leak to userspace (CVE-2011-1078)
  * Bluetooth: bnep: fix buffer overflow (CVE-2011-1079)
  * bridge: netfilter: fix information leak (CVE-2011-1080)
  * nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab
  * dccp: fix oops on Reset after close (CVE-2011-1093)
  * Fix corrupted OSF partition table parsing (CVE-2011-1163)
  * netfilter: arp_tables: fix infoleak to userspace (CVE-2011-1170)
  * netfilter: ip_tables: fix infoleak to userspace (CVE-2011-1171)
  * ipv6: netfilter: ip6_tables: fix infoleak to userspace (CVE-2011-1172)
  * econet: 4 byte infoleak to the network (CVE-2011-1173)
  * irda: validate peer name and attribute lengths (CVE-2011-1180)
  * RDMA/cma: Fix crash in request handlers (CVE-2011-0695)
  * IB/cm: Bump reference count on cm_id before invoking callback
  * Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code
  * Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo (CVE-2011-1182)
  * proc: protect mm start_code/end_code in /proc/pid/stat (CVE-2011-0726)
  * cifs: Fix cache stuffing issue in the dns_resolver keyring (CVE-2010-2524)
  * serial: Fix information leak in TIOCGICOUNT ioctl (CVE-2010-4075)
  * net: ax25: improve information leak to userland fix, a further fix
    for CVE-2010-3875
  * char/tpm: Fix unitialized usage of data buffer (CVE-2011-1160)
  * ROSE: prevent heap corruption with bad facilities (CVE-2011-1493)
  * next_pidmap: fix overflow condition (CVE-2011-1593)
  * can: Add missing socket check in can/bcm release (CVE-2011-1598)
  * agp: fix arbitrary kernel memory writes (CVE-2011-1745, CVE-2011-2022)
  * agp: fix OOM and buffer overflow (CVE-2011-1746)
  * can: Add missing socket check in can/raw release (CVE-2011-1748)
  * [arm] 6891/1: prevent heap corruption in OABI semtimedop (CVE-2011-1759)
  * gre: fix netns vs proto registration ordering (CVE-2011-1767)
  * Validate size of EFI GUID partition entries (CVE-2011-1776)
  * fs/partitions/ldm.c: fix oops caused by corrupted partition table
  * Improve fix for buffer overflow in ldm_frag_add (CVE-2011-2182)
  * efi: corrupted GUID partition tables can cause kernel oops (CVE-2011-1577)
  * tunnels: fix netns vs proto registration ordering

  [ Ben Hutchings ]
  * [vserver] Complete fix for CVE-2010-4243 (Closes: #618485)

 -- dann frazier <>  Sat, 11 Jun 2011 08:25:25 -0600

linux-2.6 (2.6.26-26lenny2) stable-security; urgency=high

  [ dann frazier ]
  * filter: make sure filters dont read uninitialized memory (CVE-2010-4158)
  * bio: take care not overflow page count when mapping/copying user data
  * block: check for proper length of iov entries in blk_rq_map_user_iov()
  * bluetooth: Fix missing NULL check (CVE-2010-4242)
  * posix-cpu-timers: workaround to suppress the problems with mt exec
  * KVM: VMX: fix vmx null pointer dereference on debug register access
  * exec: make argv/envp memory visible to oom-killer (CVE-2010-4243)
  * af_unix: limit unix_tot_inflight (CVE-2010-4249)
  * do_exit(): make sure that we run with get_fs() == USER_DS (CVE-2010-4258)
  * econet: Disable auto-loading as mitigation against local exploits. This
    module has been shown to be broken, so this risk of this affecting
    real users is insignificant.
  * econet: Fix crash in aun_incoming() (CVE-2010-4342)
  * install_special_mapping skips security_file_mmap check (CVE-2010-4346)
  * CAN: Use inode instead of kernel address for /proc file (CVE-2010-4565)
  * IB/uverbs: Handle large number of entries in poll CQ (CVE-2010-4649)
  * block: check for proper length of iov entries earlier in
    blk_rq_map_user_iov() (CVE-2010-4668)
  * av7110: check for negative array offset (CVE-2011-0521)
  * usb: iowarrior: don't trust report_size for buffer size (CVE-2010-4656)

  [ Moritz Muehlenhoff ]
  * blkback/blktap/netback: Fix CVE-2010-3699 	
  * sctp: Fix a race between ICMP protocol unreachable and connect()
  * sound: Prevent buffer overflow in OSS load_mixer_volumes (CVE-2010-4527)	
  * irda: prevent integer underflow in IRLMP_ENUMDEVICES (CVE-2010-4529)

 -- dann frazier <>  Mon, 24 Jan 2011 23:46:35 -0600

linux-2.6 (2.6.26-26lenny1) stable-security; urgency=high

  * net sched: fix kernel leak in act_police (CVE-2010-3477)
  * aio: check for multiplication overflow in do_io_submit (CVE-2010-3067)
  * cxgb3: prevent reading uninitialized stack memory (CVE-2010-3296)
  * eql: prevent reading uninitialized stack memory (CVE-2010-3297)
  * rose: Fix signedness issues wrt. digi count (CVE-2010-3310)
  * sctp: Do not reset the packet during sctp_packet_config() (CVE-2010-3432)
  * Fix pktcdvd ioctl dev_minor range check (CVE-2010-3437)
  * ALSA: prevent heap corruption in snd_ctl_new() (CVE-2010-3442)
  * thinkpad-acpi: lock down video output state access (CVE-2010-3448)
  * sctp: Fix out-of-bounds reading in sctp_asoc_get_hmac() (CVE-2010-3705)
  * setup_arg_pages: diagnose excessive argument size (CVE-2010-3858)
  * X.25: memory corruption in X.25 facilities parsing (CVE-2010-3873)
  * sys_semctl: fix kernel stack leakage (CVE-2010-4083)
  * ALSA: rme9652: prevent reading uninitialized stack memory
    (CVE-2010-4080, CVE-2010-4081)
  * V4L/DVB: ivtvfb: prevent reading uninitialized stack memory (CVE-2010-4079)
  * video/sis: prevent reading uninitialized stack memory (CVE-2010-4078)
  * X.25: Prevent crashing when parsing bad X.25 facilities (CVE-2010-4164)
  * v4l1: fix 32-bit compat microcode loading translation (CVE-2010-2963)
  * net: Mitigate overflow issues
     - Truncate recvfrom and sendto length to INT_MAX.
     - Limit socket I/O iovec total length to INT_MAX.
     - Resolves kernel heap overflow in the TIPC protcol (CVE-2010-3859)
  * net: ax25: fix information leak to userland (CVE-2010-3875)
  * can-bcm: fix minor heap overflow (CVE-2010-3874)
  * net: packet: fix information leak to userland (CVE-2010-3876)
  * net: tipc: fix information leak to userland (CVE-2010-3877)
  * inet_diag: Make sure we actually run the same bytecode we audited
  * ipc: shm: fix information leak to userland (CVE-2010-4072)
  * ipc: initialize structure memory to zero for compat functions
  * USB: serial/mos*: prevent reading uninitialized stack memory (CVE-2010-4074)
  * [SCSI] gdth: integer overflow in ioctl (CVE-2010-4157)
  * econet: Avoid stack overflow w/ large msgiovlen (CVE-2010-3848)
  * econet: disallow NULL remote addr for sendmsg() (CVE-2010-3849)
  * econet: Add mising CAP_NET_ADMIN check in SIOCSIFADDR (CVE-2010-3850)

 -- dann frazier <>  Wed, 24 Nov 2010 17:46:00 -0700

linux-2.6 (2.6.26-26) stable; urgency=high

  [ Ben Hutchings ]
  * [alpha,s390,sparc] math-emu: correct test for downshifting fraction in
    _FP_FROM_INT() (Closes: #593193)
  * SCSI/mptsas: fix hangs caused by ATA pass-through (Closes: #594690)
  * xfs: prevent kernel crash due to corrupted inode log format
    (Closes: #550733)
  * r6040: Fix various bugs in r6040_multicast_list() (Closes: #600155)

 -- dann frazier <>  Sat, 20 Nov 2010 15:30:51 -0700

linux-2.6 (2.6.26-25lenny1) stable-security; urgency=high

  * irda: Correctly clean up self->ias_obj on irda_bind() failure.
  * compat: Make compat_alloc_user_space() incorporate the access_ok()
  * ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
  * xfs: prevent reading uninitialized stack memory (CVE-2010-3078)
  * ecryptfs: Bugfix for error related to ecryptfs_hash_buckets (CVE-2010-2492)

 -- dann frazier <>  Thu, 16 Sep 2010 09:38:09 -0600

linux-2.6 (2.6.26-25) stable; urgency=high

  [ Ben Hutchings ]
  * pid_ns: Ensure that child_reaper is always valid (Closes: #570350)
  * [xen] Fix deadlock in timer interrupt, thanks to Zdenek Salvet
    (Closes: #534880)
  * e1000e: Add support for 82567LM-4, 82567LM-3, 82567LF-3 and 82583V
    controllers (Closes: #512546)

  [ Moritz Muehlenhoff ]
  * parport: quickfix the proc registration bug (Closes: #588672);
    ignore ABI changes in parport and parport_pc

  [ dann frazier ]
  * Add guard page for stacks that grow up, an additional fix for
  * mm: make stack guard page logic use vm_prev pointer, an additional
    fix for CVE-2010-2240
  * net sched: fix some kernel memory leaks (CVE-2010-2942)
  * jfs: don't allow os2 xattr namespace overlap with others (CVE-2010-2946)

 -- dann frazier <>  Sun, 29 Aug 2010 23:12:06 -0600

linux-2.6 (2.6.26-24lenny1) stable-security; urgency=high

  * cifs: Fix a kernel BUG with remote OS/2 server (CVE-2010-2248)
  * Fix race in tty_fasync() properly (CVE-2009-4895)
  * xfs: prevent swapext from operating on write-only files (CVE-2010-2226)
  * nfsd4: bug in read_buf (CVE-2010-2521)
  * GFS2: rename causes kernel Oops (CVE-2010-2798)
  * exec: Fix 'flush_old_exec()/setup_new_exec()' split (Closes: #589179;
    regression due to fix for CVE-2010-0307)
  * can: add limit for nframes and clean up signed/unsigned variables
  * mm: keep a guard page below a grow-down stack segment (CVE-2010-2240)
  * drm: stop information leak of old kernel stack (CVE-2010-2803)
  * ext4: fix integer overflows in ext4_ext_{in_cache,get_blocks}

 -- dann frazier <>  Wed, 18 Aug 2010 17:56:34 -0600

linux-2.6 (2.6.26-24) stable; urgency=high

  [ Ben Hutchings ]
  * usbhid: Reduce the race condition between disconnect and ioctl
    (Closes: #511892)
  * r8169: Fix MDIO timing (Closes: #583139)
  * [x86] Restore automatic update of LILO on kernel installation, upgrade
    or removal (Closes: #505609)

 -- dann frazier <>  Sun, 20 Jun 2010 13:54:25 -0600

linux-2.6 (2.6.26-23) stable; urgency=high

  [ dann frazier ]
  * x86: check boundary in setup_node_bootmem() (Closes: 569704)
  * sunxvr500: Ignore secondary output PCI devices (Closes: #580422)
  * sctp: fix append error cause to ERROR chunk correctly
    (a further fix for CVE-2010-1173)
  * nsfd: fix vm overcommit crash (CVE-2008-7256, CVE-2010-1643)
  * GFS2: Fix permissions checking for setflags ioctl() (CVE-2010-1641)
  * GFS2: Fix writing to non-page aligned gfs2_quota structures (CVE-2010-1436)
  [ Ben Hutchings ]
  * [sparc64] Fix definition of VMEMMAP_SIZE (Closes: #509202)
  * megaraid_sas: Version and documentation update (Closes: #547183)
  * bnx2: Fix lost MSI-X problem on 5709 NICs (Closes: #581001)
  * raid456: Fix two bugs in handling of degraded states (Closes: #581392)
    - Prevent reshaping of doubly-degraded RAID4
    - Enable error-correction on singly-degraded RAID6
  * r8169: fix broken register writes (Closes: #407217, #573007)
  * [i386] Disable use of NOPL instruction in alternatives (Closes: #463606)
  * virtio_blk: don't bounce highmem requests (Closes: #584217)

  [ maximilian attems ]
  * openvz: printk_cpu have to be "cleared" in __vprintk (v2)
    (closes: #573460)
  * openvz: Fix "Bad throughput of TCP connection after live migration"
    (closes: #500145)
  * ub: incorrect skb is charged in tcp_send_synack.

  [ Aurelien Jarno ]
  * mips/swarm: fix boot from IDE based media (Sebastian Andrzej Siewior)
    (closes: #466977).
  * backport mips/swarm: fix M3 TLB exception handler.
  * backport MIPS FPU emulator: allow Cause bits of FCSR to be writeable
    by ctc1. (closes: #580602).

 -- dann frazier <>  Fri, 11 Jun 2010 19:40:17 -0600

linux-2.6 (2.6.26-22lenny1) stable-security; urgency=high

  [ dann frazier ]
  * USB: usbfs: only copy the actual data received (CVE-2010-1083)
  * GFS2: Skip check for mandatory locks when unlocking (CVE-2010-0727)
  * Bluetooth: Fix potential bad memory access with sysfs files (CVE-2010-1084)
  * dvb-core: Fix DoS bug in ULE decapsulation code that can be triggered
    by an invalid Payload Pointer (CVE-2010-1086)
  * NFS: Fix an Oops when truncating a file (CVE-2010-1087)
  * fix LOOKUP_FOLLOW on automount "symlinks" (CVE-2010-1088)
  * tty: release_one_tty() forgets to put pids (CVE-2010-1162)
  * tipc: Fix oops on send prior to entering networked mode (CVE-2010-1187)
  * sctp: Fix skb_over_panic resulting from multiple invalid parameter
    errors (CVE-2010-1173)
  * sparc64: Fix sun4u execute bit check in TSB I-TLB load (CVE-2010-1451)
  * KEYS: find_keyring_by_name() can gain access to a freed keyring
  * [powerpc] KGDB: don't needlessly skip PAGE_USER test for Fsl booke
    Note: KGDB is not currently enabled in debian builds (CVE-2010-1446)

  [ Ben Hutchings ]
  * [x86] KVM: disable paravirt mmu reporting (Closes: #573071) (regressed
    due to fix for CVE-2010-0298; considered obsolete by upstream)
  * r8169: Increase default RX buffer size to avoid RX scattering bug

 -- dann frazier <>  Sun, 09 May 2010 23:22:44 -0600

linux-2.6 (2.6.26-22) stable; urgency=high

  [ maximilian attems ]
  * [openvz] 1f7db8e checkpointing shared memory fails. (closes: #562891)
  * [openvz] 1a6d795 Fix cfq related oops. (closes: #562892)
  * [openvz] ddbec37 inotify: unblock umounting. (closes: #513537)
  * ALSA: cs4232: fix crash during chip PNP detection. (closes: #529697)
  * matroxfb: fix problems with display stability. (closes: #479652)
  * [openvz] [UBC]: Endless loop in __sk_stream_wait_memory.
    (closes: #542633)

  [ Moritz Muehlenhoff ]
  * Fix deadlock in saa7134-empress driver (Closes: #499671)
  * x86, vmi: TSC going backwards check in vmi clocksource (Closes: #524521)
  * ipv6: fix run pending DAD when interface becomes ready (Closes: #508460)
  * ata_piix: IDE Mode SATA patch for Intel Ibex Peak DeviceIDs (Closes: #5571533)

  [ Ben Hutchings ]
  * via-velocity: Give RX descriptors to the NIC later on open or MTU change
    (Closes: #508527)
  * Add atl1c driver for Atheros AR8131 and AR8132 Ethernet controllers
    (Closes: #562694)
  * dmfe/tulip: Let dmfe handle DM910x except for SPARC on-board chips
    (Closes: #515533)
  * x86: Increase MIN_GAP to include randomized stack (Closes: #559035)
  * bnx2: Add PCI IDs for Broadcom 5716 and 5716S (Closes: #565353)
  * bnx2: Fix several crash bugs (Closes: #565960)
  * audit: Fix memory management bugs (Closes: #562815)
    - fix braindamage in audit_tree.c untag_chunk()
    - fix more leaks in audit_tree.c tag_chunk()
  * megaraid_sas: Fix I/O and shutdown sequencing bugs (Closes: #568345)
  * megaraid_sas: Add support for MegaRAID SAS 9260 and other PCIe gen2
    controllers (Closes: #547183)
  * postinst: Fix pattern-matching for 'do_bootloader' configuration option
    (Closes: #568317)
  * yealink: Reliably kill URBs, fixing potential deadlock (Closes: #570532)
  * qla2xxx: Disable MSI/MSI-X on some chips or as selected by module parameter
    (Closes: #572322)
    - MSI is disabled on QLA24xx chips other than QLA2432 (MSI-X already was)
    - MSI-X is disabled if qlx2enablemsix=2
    - MSI and MSI-X are disabled if qlx2enablemsix=0
  * Adjust fix for #524542 to avoid changing ABI

  [ dann frazier ]
  * Add be2net driver (Closes: #570428)
  * Fix issues with tsc clocksource on VMWare (Closes: #524542)

  [ Ian Campbell ]
  * [xen/x86] Use correct form of PHYSDEVOP_map_pirq hypercall to prevent crash
    when trying to use MSI in domain 0 (Closes: #571603)

 -- dann frazier <>  Tue, 09 Mar 2010 09:52:09 -0700

linux-2.6 (2.6.26-21lenny4) stable-security; urgency=high

  [ dann frazier ]
  * futex: Handle user space corruption gracefully (CVE-2010-0622)
  * mmap: cleanup compiler warnings from CVE-2010-0291 fixes
  * x86: set_personality_ia32() misses force_personality32, an additional
    fix for CVE-2010-0307
  * Replace fix for CVE-2009-2691 w/ upstreamed version (Closes: #570554)
  * uvesafb/connector: prevent unprivileged users from sending netlink packets
  [ Ben Hutchings ]
  * [xen][i386] Fix kernel logging via userspace (Closes: #568561)
    (regression due to fix for #510478)

 -- dann frazier <>  Tue, 09 Mar 2010 09:34:37 -0700

linux-2.6 (2.6.26-21lenny3) stable-security; urgency=high

  * Additional fixes for CVE-2010-0307
  * Build fix for CVE-2010-0291 change on powerpc64
  * KVM: PIT: control word is write-only (CVE-2010-0309)
  * connector: Delete buggy notification code. (CVE-2010-0410)
  * Fix potential crash with sys_move_pages (CVE-2010-0415)
  * KVM: emulator privilege escalation (CVE-2010-0298)
  * KVM: emulator privilege escalation IOPL/CPL level check (CVE-2010-0306)

 -- dann frazier <>  Tue, 09 Feb 2010 22:28:22 -0700

linux-2.6 (2.6.26-21lenny2) stable-security; urgency=high

  [ dann frazier ]
  * Fix build failure on hppa & mipsen due to missing #include
  * Port CVE-2010-0291 fix to xen featureset
  [ Ben Hutchings ]
  * cdc_ether: Do not set link down initially; not all devices send link
    change interrupts (Closes: #567689)

  [ dann frazier ]
  * Split 'flush_old_exec' into two functions (CVE-2010-0307)

 -- dann frazier <>  Mon, 01 Feb 2010 23:47:42 -0700

linux-2.6 (2.6.26-21lenny1) stable-security; urgency=high

  [ dann frazier ]
  * mac80211: fix spurious delBA handling (CVE-2009-4027)
  * e1000: enhance frame fragment detection (CVE-2009-4536)
  * e1000e: enhance frame fragment detection (CVE-2009-4538)
  * Fix several issues with mmap/mremap (CVE-2010-0291)
  * [SCSI] megaraid_sas: remove sysfs poll_mode_io world writeable
    permissions (CVE-2009-3939)
  [ Ben Hutchings ]
  * kernel/signal.c: fix kernel information leak with print-fatal-signals=1
  * netfilter: ebtables: enforce CAP_NET_ADMIN (CVE-2010-0007)

 -- dann frazier <>  Fri, 29 Jan 2010 17:20:16 -0700

linux-2.6 (2.6.26-21) stable; urgency=high

  [ Ben Hutchings ]
  * Fix false soft lockup reports for the nohz idle loop
  * nohz: Fix two bugs that can keep a processor idle and lead to a
    system hang (may fix #496917, #538158 and others)
  * usbmidi: Fix crash when device is disconnected (Closes: #513050)
  * r8169: Apply various upstream bug fixes
  * r8169: Add support for RTL8101e (v2), RTL8102e (v1,v2,v3),
    RTL8168c/8111c (v3,v4), RTL8168cp/8111cp (v2,v3), RTL8168d (v1)
    (Closes: #552465; may fix #516187)
  * Revert patch to sanitise <linux/socket.h>, which introduced
    different build failures
  * usbnet: Set link down initially for drivers that update link state
    (Closes: #444043)
  * atl1e: Remove broken implementation of TSO for TCP/IPv6
    (Closes: #558426) and allow other hardware offloads to be disabled in
    case they are also buggy

  [ dann frazier ]
  * floppy: request and release only the ports we actually use
    (Closes: #332942)
  * igb: Add 82576 MAC support (Closes: #522922), backport
    by Ben Hutchings
  * [SCSI] gdth: Prevent negative offsets in ioctl (CVE-2009-3080)
  * NFSv4: Fix a problem whereby a buggy server can oops the kernel
  * [SCSI] megaraid_sas: remove sysfs dbg_lvl world writeable permissions
  * isdn: hfc_usb: Fix read buffer overflow (CVE-2009-4005)
  * fuse: prevent fuse_put_request on invalid pointer (CVE-2009-4021)
  * hpilo: new PCI ID (Closes: #559064)
  * Avoid /proc/$pid/maps visibility during initial setuid ELF loading
  * hfs: fix a potential buffer overflow (CVE-2009-4020)
  * KVM: x86 emulator: limit instructions to 15 bytes (CVE-2009-4031)
  * firewire: ohci: handle receive packets with a data length of zero
  * ext4: Avoid null pointer dereference when decoding EROFS w/o a journal
  * s390: dasd diag - add support for read-only minidisks (Closes: #550898)

 -- dann frazier <>  Sat, 26 Dec 2009 01:06:01 -0700

linux-2.6 (2.6.26-20) stable; urgency=high

  [ Ben Hutchings ]
  * xen: Fix crash in xen_spin_wait() on busy multiprocessor domain
    (Closes: #542250), thanks to Nikita V. Youshchenko <>
  * x86: Fix crash in text_poke_early() on 486-class processors
    (Closes: #515982)
  * hppa: Ensure TLB purge runs single threaded (Closes: #539215),
    thanks to Helge Deller <>
  * virtio_balloon: Fix towards_target when deflating balloon
    (Closes: #544619)
  * dm-snap: Fix crash when using both snapshot and origin volumes
    (Closes: #545999)
  * nfs: Avoid overrun when copying client IP address string
    (Closes: #549002)
  * sis190: Correct DMA sync handling on small packets (Closes: #541169)
  * mmc: Increase power-up delay (Closes: #508599)
  * v4l2: Improve 32/64-bit ioctl translation (Closes: #508649)
  * proc: Fix truncation of entries in /proc/*/pagemap on 32-bit
    architectures (Closes: #511419)
  * Sanitise <linux/socket.h> and <linux/uio.h> (Closes: #538372)
  * nfs: Handle -ESTALE error in access() (Closes: #508866)
  * r8169: Fix rx_missed_errors statistic (Closes: #531932)
  * hfsplus: Refuse to mount volumes larger than 2TB, which may otherwise
    be corrupted (Closes: #550010)
  * acenic: Pass up error code from ace_load_firmware(), avoiding an oops
    (Closes: #521383)
  * axnet_cs: Reclaim Netgear FA411 from pcnet_cs (Closes: #550935)
  * Update bug script from trunk:
    - Update taint checks
    - Prompt submitters to run the kernel version they're reporting on
      or otherwise record boot messages
    - Include PCI device list even if the running kernel doesn't match
    - Include model information
    - Include firmware package status
    - Include network configuration and status (optional)
    - Include USB device list
  * printk: Avoid hanging when logging messages for time adjustment
    (Closes: #510478)

  [ dann frazier ]
  * autofs4: don't make expiring dentry negative, avoiding an oops
    (Closes: #530636)
  * ocfs/dlm: fix race in dlm_get_lock_resource() which can cause
    flock() to return EINVAL (Closes: #515741)
  * Increase default mmap_min_addr from 0 to 4096 (Closes: #541457)

  [ Martin Michlmayr ]
  * Disable SYS_HAS_EARLY_PRINTK on SGI IP22 to work around a hang
    during bootup (Closes: #507557)
  * USB: ftdi_sio: add product_id for Marvell OpenRD Base, Client

  [ maximilian attems ]
  * [openvz] enable SYSFS_DEPRECATED_V2 for ipv6 tunnels through sit.
    (closes: #517892)
  [ Moritz Muehlenhoff ]
  * nbd: fix I/O hang on disconnected NDBs. (Closes: #550863)
 -- dann frazier <>  Fri, 23 Oct 2009 16:31:23 -0600

linux-2.6 (2.6.26-19lenny2) stable-security; urgency=high

  * tc: Fix uninitialized kernel memory leak (CVE-2009-3228)
  * random: make get_random_int() more random (CVE-2009-3238)
  * netlink: fix typo in initialization (CVE-2009-3612)
  * drm/r128: Add test for initialisation to all ioctls that require it
  * AF_UNIX: Fix deadlock on connecting to shutdown socket (CVE-2009-3621)
  * fs: pipe.c null pointer dereference (CVE-2009-3547)
  * KVM: Prevent overflow in KVM_GET_SUPPORTED_CPUID (CVE-2009-3638)

 -- dann frazier <>  Wed, 04 Nov 2009 12:33:37 -0700

linux-2.6 (2.6.26-19lenny1) stable-security; urgency=high

  * appletalk: Fix skb leak when ipddp interface is not loaded
  * KVM: x86: Disallow hypercalls for guest callers in rings > 0
  * selinux: prevent local users from bypassing mmap_min_addr
    in unconfined domains (CVE-2009-2695)
  * fix information leak in llc_ui_getname (CVE-2009-3001)
  * net: fix information leak due to uninitialized structures in
    getname functions (CVE-2009-3002)
  * eCryptfs: Prevent lower dentry from going negative during unlink
  * net ax25: Fix signed comparison in the sockopt handler (CVE-2009-2909)
  * x86: Don't leak 64-bit kernel register values to 32-bit processes
  * NFSv4: move iattr & verf attributes of struct nfsd4_open out of the
    union (CVE-2009-3286)
  * r8169: use hardware auto padding (CVE-2009-3613)

 -- dann frazier <>  Sat, 17 Oct 2009 10:52:13 -0600

linux-2.6 (2.6.26-19) stable; urgency=high

  [ Moritz Muehlenhoff ]
  * Input: ALPS - add signature for Toshiba Satellite Pro M10
    (Closes: #434722)

  [ dann frazier ]
  * aacraid: Fix regression w/ bigmem kernel (Closes: #537771)
  * [parisc] isa-eeprom - Fix loff_t usage (CVE-2009-2846)
  * do_sigaltstack: avoid copying 'stack_t' as a structure to user space
  * execve: must clear current->clear_child_tid (CVE-2009-2848)
  * md: avoid dereferencing NULL pointer when accessing suspend_* sysfs
    attributes (CVE-2009-2849)

 -- dann frazier <>  Tue, 18 Aug 2009 22:45:27 -0600

linux-2.6 (2.6.26-18) stable; urgency=high

  [ maximilian attems ]
  * [openvz] 19f7f85 net: bridge - process skbs has been already substituted
    due to via_phys_dev (closes: #532811)
  * [openvz] b1f08ed net: avoid double free on net->gen pointer on error
    (closes: #532813)
  * [openvz] bbbad0a pidns: pi-futex pid check fixup

  [ Martin Michlmayr ]
  * MIPS: DS1286: New RTC driver
  * MIPS: IP22/28: Switch over to RTC class driver
  * [mips/r4k-ip22] Build in RTC_DRV_DS1286. (Closes: #533895)

  [ dann frazier ]
  * e1000e: add support for 82574L controllers (closes: #534519)
  * Use -fno-strict-overflow instead of -fwrapv and workaround a
    regression in fbcon this may introduce if users build custom kernels
    w/ gcc-4.2 (prebuilt kernels use 4.1) (closes: #536354)
  * sata_nv: avoid link reset on controllers where it's broken
    (Closes: #498271, Closes: #501023)
  * libata: make sure port is thawed when skipping resets. This change
    avoid regressing #533657 with the fix for #498271.
  * Add -fno-delete-null-pointer-checks to CFLAGS (Closes: #537617)
  * Add a backport of bnx2x from 2.6.30 with request_firmware changes

  [ Moritz Muehlenhoff ]
  * fbdev/atyfb: Fix display corruption on some PowerMacs & PowerBooks
    (Closes: #420582)
  * ALSA: hda_intel: enable snoop for NVidia HDA controller (Closes: #521192)
  * eeepc: Fix oops when changing backlight brightness during init
    (Closes: #513406)
  * Emit HPET warning only once to avoid syslog floods, which occur on
    some systems like HP DC7900 (Closes: #512617)
  * Fix support for AverMedia AverTV Cardbus Hybrid E506R (Closes: #511385)
  * ALSA: HDA patch_via.c: Fix inversion of surround and side channels
    (Closes: #538391)
  * NTP Adjust SHIFT_PLL to improve NTP convergence (Closes: #527968)

 -- dann frazier <>  Fri, 31 Jul 2009 00:12:58 -0600

linux-2.6 (2.6.26-17lenny2) stable-security; urgency=high

  * Make sock_sendpage() use kernel_sendpage() (CVE-2009-2692)

 -- dann frazier <>  Thu, 13 Aug 2009 15:41:34 -0600

linux-2.6 (2.6.26-17lenny1) stable-security; urgency=high

  * [KVM] x86: check for cr3 validity in ioctl_set_sregs
  * personality: fix PER_CLEAR_ON_SETID (CVE-2009-1895)
  * ecryptfs: Check Tag 11 literal data buffer size (CVE-2009-2406)
  * ecryptfs: check tag 3 package encrypted size (CVE-2009-2407)

 -- dann frazier <>  Sat, 25 Jul 2009 15:10:10 -0600

linux-2.6 (2.6.26-17) stable; urgency=high

  * Revert "sata_nv: avoid link reset on controllers where it's broken"
    due to regression. (closes: #533657)

 -- dann frazier <>  Fri, 19 Jun 2009 23:03:53 -0600

linux-2.6 (2.6.26-16) stable; urgency=high

  [ maximilian attems ]
  * [openvz] 5dcfcf5 NETLINK: disable netns broadcast filtering.
    (closes: #520551)
  * Fix SQLite performance regression. (closes: #521420)
  * [openvz] 0c295ff cfq link cfq_bc_data without bc io sched.
    (closes: #523364)
  * [openvz] 7e0f90d cfq: revalidate cached async queue.
    (closes: #523359)
  * [openvz] e4cea21 VE: fix idle time accounting.
  * [openvz] 19b8e13 ptrace: ban ptracing of a container init from inside the
    container. (closes: #523360)
  * [openvz] 5b58141 ubc: uncharging too much for TCPSNDBUF.
  * [openvz] 0ff728e ve: show task's vpid and veid even inside a container.

  [ dann frazier ]
  * [s390] Fix __div64_31 for CONFIG_MARCH_G5 (Closes: #511334)
  * SUNRPC: Fix a performance regression in the RPC authentication code
    (Closes: #524199)
  * [x86] fix IBM Summit based systems' phys_cpu_present_map on 32-bit
    kernels (closes: #529312)
  * Fix soft lockups caused by one md resync blocking on another due
    to sharing the same device (closes: #514627)
  * [sparc64] Fix crash when reading /proc/iomem w/ heap memory checking
  * splice: fix deadlock in ocfs2 (CVE-2009-1961)
  * e1000: add missing length check to e1000 receive routine (CVE-2009-1385)
  * r8169: fix crash when large packets are received (CVE-2009-1389)

  [ Martin Michlmayr ]
  * cdc-acm: Add quirk for MTK II GPS, such as Qstarz BT-Q1000X (closes:
  * USB: ftdi_sio: add vendor/product id for the Marvell SheevaPlug.
  * [mipsel/r5k-cobalt] Enable SCSI_SYM53C8XX_2 (closes: #526836).
  * [mips/r4k-ip22] Enable NET_ISA and various ISA network modules on
    the request of Damian Dimmich since they might be useful on the
    SGI Indigo2.

  [ John Wright ]
  * [x86] gettimeofday() vDSO: fix segfault when tv == NULL (Closes: #466491)

  [ Ian Campbell ]
  * [x86/xen] Apply missing syscall detection patch to -xen-amd64 image
    (Closes: #527101)
  * [xen] Add support for CDROM_GET_CAPABILITY to blkfront driver
    (Closes: #529864)

  [ Ben Hutchings ]
  * sata_nv: avoid link reset on controllers where it's broken
    (Closes: #498271)
  * r8169: fix multicast filtering for RTL8101 and RTL8168 (Closes: #514268)
  * asus_acpi: don't load asus-acpi if model is not supported
    (Closes: #524300)
  * iwl4965: avoid sleep in softirq context (Closes: #530884)

 -- dann frazier <>  Tue, 09 Jun 2009 09:09:27 -0600

linux-2.6 (2.6.26-15lenny3) stable-security; urgency=high

  [ dann frazier ]
  * Fix selinux panic introduced by the fix for CVE-2009-1184
    (Closes: #528860)
  * nfs4: fix MAY_EXEC handling (CVE-2009-1630)
  * cifs: fix several string conversion issues (CVE-2009-1633)

  [ Ian Campbell ]
  * xen: Fix missing check of interrupted code's code selector

 -- dann frazier <>  Thu, 28 May 2009 08:34:15 -0600

linux-2.6 (2.6.26-15lenny2) stable-security; urgency=high

  * mips: implement is_compat_task macro, fixing FTBFS introduced
    by CVE-2009-0835 fix.

 -- dann frazier <>  Mon, 11 May 2009 11:57:56 -0600

linux-2.6 (2.6.26-15lenny1) stable-security; urgency=high

  * copy_process: fix CLONE_PARENT && parent_exec_id interaction
  * [amd64] syscall-audit: fix 32/64 syscall hole (CVE-2009-0834)
  * seccomp: fix 32/64 syscall hole (CVE-2009-0835)
  * shm: fix shmctl(SHM_INFO) lockup with !CONFIG_SHMEM (CVE-2009-0859)
    This issue does not effect pre-build Debian kernels.
  * Fix an off-by-two memory error in console selection (CVE-2009-1046)
  * nfsd: drop CAP_MKNOD for non-root (CVE-2009-1072)
  * af_rose/x25: Sanity check the maximum user frame size (CVE-2009-1265)
  * KVM: VMX: Don't allow uninhibited access to EFER on i386 (CVE-2009-1242)
  * exit_notify: kill the wrong capable(CAP_KILL) check (CVE-2009-1337)
  * Make 'kill sig -1' only apply to caller's namespace (CVE-2009-1338)
  * cifs: Fix memory overwrite when saving nativeFileSystem field during mount
  * agp: zero pages before sending to userspace (CVE-2009-1192)
  * Fix unreached code in selinux_ip_postroute_iptables_compat()

 -- dann frazier <>  Mon, 04 May 2009 16:10:11 -0600

linux-2.6 (2.6.26-15) stable; urgency=high

  * Switch out mips/llseek regression fix for the less invasive one
    that is more likely to be accepted upstream.

 -- dann frazier <>  Wed, 25 Mar 2009 16:48:44 -0600

linux-2.6 (2.6.26-14) stable; urgency=high

  [ Moritz Muehlenhoff ]
  * Add support for Acer Aspire One with ALC269 codec chip. (Closes: #505250)
  * Allow authenticated deep NFS mounts, a regression from etch
    (Closes: #512031)
  * ALSA HDA hardware support (closes: #514567)
    - Backport ALSA driver quirks for various HP notebooks
    - Add appletv support
    - Fix SPDIF output on AD1989B
    - Add ALC887 support
    - Add support for Dell Studio 15
    - Add support for MEDION MD96630
    - Support Asus P5Q Premium/Pro boards
    - Add support for ECS/PC Chips boards with Sigmatel codecs
    - Add support for Toshiba L305
  * Add USB mass storage quirk for "Kyocera / Contax SL300R T*" digital
    cameras. (Closes: #518899)
  * ALSA: Fix OOPS with MIDI in caiaq driver. (Closes: #518900)
  * Add USB mass storage quirks (Closes: #520561)
     - Nikon D300 and Nikon D2H cameras
     - Mio C520-GPS units and Mio Moov 330 GPS
     - Nokia phones: 7610, Supernova, 3500c, 3109c, 5300 and 5310
     - Nokia 6233 (Closes: #493415)
  * [cifs] Fix oops when mounting servers that don't specify their OS
    (Closes: #463402)
  * Remove invalid truesize detection (Closes: #509716)

  [ dann frazier ]
  * Fix softlockups in sungem driver (Closes: #514624)
  * intel-agp: Add support for G41 chipset (Closes: #513228)
  * [openvz] 777e816 Fix wrong size of ub0_percpu.
    (Closes: #500876, #503097, #514149)
  * [openvz] b5e1f74 Fix oops in netlink conntrack module when loaded after
    a ve start (Closes: #511165)
  * [openvz] 6d18ba3 CPT: revert check on sk_reuse>1 (Closes: #500645)
  * Fixes for CVE-2009-0029 broke uml compilation; fix.
  * [openvz] 20bd907 simfs: fix oops if filesystem passes NULL mnt arg to
    getattr. (Closes: #508773)
  * Add -fwrapv to CFLAGS to prevent gcc from optimizing out certain
    wrap tests. (Closes: #520548)
  * Bump ABI to 2.
  * [parisc] Fix the loading of large kernel modules (Closes: #401439)
  * Make the max number of lockd connections configurable and increase
    the default from 80 to the more reasonable 1024 (Closes: #520379)
  * [x86, vmi] Fix missing paravirt_release_pmd in pgd_dtor (Closes: #520677)
  * [mips64] Fix sign extend issue in llseek syscall (Closes: #521016)

  [ Martin Michlmayr ]
  * rt2x00: Fix VGC lower bound initialization. (Closes: #510607)
  * sata_mv: Fix 8-port timeouts on 508x/6081 chips (Closes: #514155)
  * sata_mv: Properly initialize main irq mask.
  * IP32: Add platform device for CMOS RTC; remove dead code.
  * [mips/r5k-ip32] Build in RTC_DRV_CMOS. (Closes: #516775)
  * [arm, armel] Enable USB_HIDDEV. (Closes: #517771)
  * [arm, armel] Enable various V4L USB devices. (Closes: #518582)
  * [arm/iop32x, arm/ixp4xx, arm/orion5x] Enable INPUT_JOYDEV, GAMEPORT
    and INPUT_JOYSTICK (Closes: #520433).

  [ Bastian Blank ]
  * [sparc] Revert: Reintroduce dummy PCI host controller to workaround broken Not supportable and breaks to many things.
  * [amd64] Fix errno on nonexistant syscalls. (closes: #518921)

  [ Ian Campbell ]
  * [nfs] Backport upstream patches to fix NFS "task blocked for more than 120
    seconds" issue (Closes: #518431)

  [ Aurelien Jarno ]
  * [mips/mipsel] Fix errno on inexistent syscalls. (Closes: #520034).

  [ maximilian attems ]
  * [openvz] 849af42 [UB]: Double free for UDP socket.
  * [openvz] 7ebcbe3 autofs: fix default pgrp vnr.
  * [openvz] 17b09e1 conntrack: prevent double allocate/free of protos.
    (closes: #494445)
  * [openvz] 7d3f10f conntrack: prevent call register_pernet_subsys() from VE
  * [openvz] 482dd20 conntrack: prevent call nf_register_hooks() from VE
  * [openvz] ff3483a Fix erratum that causes memory corruption.
  * [openvz] 5fff3eb conntrack: adjust context during freeing.
  * [openvz] 3cb8bc3 netfilter: NAT: assign nf_nat_seq_adjust_hook from VE0
    context only.
  * [openvz] 4909102 netfilter: call nf_register_hooks from VE0 context only.
  * [openvz] ce67d5b iptables: setup init iptables mask before net
  * [openvz] 134416f Correct per-process capabilities bounding set in CT.
  * [openvz] 029cecb cpt: Make the proper check for sigmask.
  * [openvz] 86d7416 ms: fix inotify umount.
  * [openvz] c5c1032 Don't dereference NULL tsk->mm in ve_move_task.
  * [openvz] 5c591ae bridge: don't leak master device on brctl addif.
  * [openvz] c578262 net: NETIF_F_VIRTUAL intersects with NETIF_F_LRO.
  * [openvz] 8aa7044 Fix broken permissions for Unix98 pty.
  * [openvz] 09686c1 Free skb->nf_bridge in veth_xmit() and venet_xmit().
  * [openvz] 397500c autofs4: fix ia32 compat mode.
  * [openvz] 0328e3d pidns: update leader_pid at pidns attach.
  * [openvz] 66ec7f7 nfs: fix nfs clinet in VE (finally).
  * [openvz] 4fc3a18 cpt: bump image version to VERSION_26.
  * [openvz] 2a08380 nfs: add missed ve_nfs.h file.
  * [openvz] 4c9010e autofs4: pidns friendly oz_mode.
  * [openvz] 2c1b2f7 conntrack: Allocate/free ve_nf_conntrack_l3proto_ipv6.
  * [openvz] e29a555 ct: Move _nf_conntrack_l3proto_ipv6 to net namespace.
  * [openvz] 4355344 conntrack: fix oops in nf_ct_frag6_gather.
  * [openvz] bd5e806 Add "VE features" for sit and ipip devices.
  * [openvz] 9baf6095 Simplify call __dev_change_net_namespace() by remove
  * [openvz] 35f41f11 Adjust VE before call
  * [openvz] 83ea78e netns: fix net_generic array leak.
  * [openvz] ce67d5b iptables: setup init iptables mask before net
  * [openvz] fffc6ff net: set ve context when init/exit method is called.
    (closes: #517892, #520740)
  * [openvz] 6b9fe02 vzwdog: walk through the block devices list properly.
  * [openvz] 6b9fe02 netns: enable cross-ve Unix sockets.
  * [openvz] 1acba85 netfilter: Fix NULL dereference in nf_nat_setup_info.
  * [openvz] b405aed netfilter: Add check to the nat hooks.
  * [openvz] b8b70c7 nfs: Fix access to freed memory.
  * [openvz] 840ea01 NFS: NFS super blocks in different VEs should be
  * [openvz] 14131d2 ve: sanitize capability checks for namespaces creation.
  * [openvz] 39bb1ee nfs: Fix nfs_match_client(). (closes: #501985)
  * [openvz] 32e9103 Add do_ve_enter_hook.
  * [openvz] d4988b6 Add kthread_create_ve() and kthread_run_ve() functions.
  * [openvz] ba0ce90 nfs: use kthread_run_ve to start lockd. (closes: #505174)
  * [openvz] 672ab37 pidns: lost task debug print uses wrong prototype.
  * [openvz] d876c93 pidns: zap ve process only when killing ve's init pid-ns.
  * [openvz] 9abe1a6 bc: fix permissions on /proc/bc.
  * [openvz] Reenable NF_CONNTRACK_IPV6.

 -- dann frazier <>  Sun, 22 Mar 2009 14:09:23 -0600

linux-2.6 (2.6.26-13lenny2) stable-security; urgency=high

  * alpha, mips, sparc64: Additional fixes for CVE-2009-0029.
  * skfp: Fix inverted capabilities check logic (CVE-2009-0675)
  * ext4: initialize the new group descriptor when resizing
  * ext4: Add sanity check to make_indexed_dir (CVE-2009-0746)
  * ext4: only use i_size_high for regular files (CVE-2009-0747)
  * ext4: Add sanity checks for the superblock before mounting the filesystem

 -- dann frazier <>  Mon, 09 Mar 2009 16:15:05 -0600

linux-2.6 (2.6.26-13lenny1) stable-security; urgency=high

  [ dann frazier ]
  * sctp: fix memory overflow (CVE-2009-0065)
  * Fix sign-extend ABI issue w/ system calls on various 64-bit architectures
  * security: introduce missing kfree (CVE-2009-0031)
  * eCryptfs: check readlink result for error before use (CVE-2009-0269)
  * dell_rbu: use scnprintf instead of less secure sprintf (CVE-2009-0322)
  * Fix sensitive memory leak in SO_BSDCOMPAT gsopt (CVE-2009-0676)

 -- dann frazier <>  Fri, 27 Feb 2009 11:19:59 -0700

linux-2.6 (2.6.26-13) unstable; urgency=high

  [ dann frazier ]
  * [hppa] disable UP-optimized flush_tlb_mm, fixing thread-related
    hangs. (closes: #478717)
  * cciss: Add PCI ids for P711m and p712m
  * Fix buffer underflow in the ib700wdt watchdog driver (CVE-2008-5702)
  * [sparc] Enable CONFIG_FB_XVR500, CONFIG_FB_XVR2500 (Closes: #508108)
  * [ia64] Add RTC class driver for EFI
  * [hppa] Fix system crash while unwinding a userspace process
  * Set a minimum timeout for SG_IO requests (CVE-2008-5700)

  [ Bastian Blank ]
  * Fix multicast in atl1e driver. (closes: #509097)

  [ Moritz Muehlenhoff ]
  * Fix speaker output on Toshiba P105 notebooks. (closes: #488063)
  * uvc: Fix incomplete frame drop when switching to a variable
    size format (closes: #508661)
  * Allow booting Mach images in KVM (Closes: #498940)
  * Add workaround for USB storage on Rockchip MP3 player (Closes: #505256)
  * Enable w9968cf driver on all i386 images (Closes: #495698)
  * Register DualPoint model found in Dell Latitude E6500 (Closes: #507958)
  * Disable link tuning in rt2500usb driver. (Closes: #510607)
  * Fix regressions in eata driver (Closes: #506835)
  * Skip incompatible fbdev logos (Closes: #508173)
  * Fix error path in PCI probing of Cyclades driver (Closes: #429011)

  [ Martin Michlmayr ]
  * V4L/DVB: Fix initialization of URB list (Thomas Reitmayr) to address
    the oops reported at
  * Add some patches from the Linux/MIPS linux-2.6.26-stable tree:
    - Fix potential DOS by untrusted user app (CVE-2008-5701)
    - o32: Fix number of arguments to splice(2).
    - 64-bit: vmsplice needs to use the compat wrapper for o32 and N32.
    - Return ENOSYS from sys32_syscall on 64bit kernels like elsewhere.
    - Use EI/DI for MIPS R2.
    - MIPS64R2: Fix buggy __arch_swab64
    - Add missing calls to plat_unmap_dma_mem.
    - Only write c0_framemask on CPUs which have this register.

 -- Bastian Blank <>  Sat, 10 Jan 2009 13:35:41 +0100

linux-2.6 (2.6.26-12) unstable; urgency=high

  [ Ian Campbell ]
  * xen: fix ACPI processor throttling for when processor id is -1. (closes: #502849)

  [ dann frazier ]
  * Make sendmsg() block during UNIX garbage collection (CVE-2008-5300)
  * Fix race conditions between inotify removal and umount (CVE-2008-5182)
  * Fix DoS when calling svc_listen twice on the same socket while reading
    /proc/net/atm/*vc (CVE-2008-5079)

  [ Bastian Blank ]
  * [openvz, vserver] Fix descriptions.
  * [sparc] Enable Sun Logical Domains support. (closes: #501684)
  * Fix coexistence of pata_marvell and ahci. (closes: #507432)
  * [sparc] Support Intergraph graphics chips. (closes: #508108)

 -- Bastian Blank <>  Mon, 15 Dec 2008 12:57:18 +0100

linux-2.6 (2.6.26-11) unstable; urgency=low

  [ Bastian Blank ]
  * [sparc] Reintroduce dummy PCI host controller to workaround broken
  * [sparc] Fix size checks in PCI maps.
  * Add stable release
    - netfilter: restore lost ifdef guarding defrag exception
    - netfilter: snmp nat leaks memory in case of failure
    - netfilter: xt_iprange: fix range inversion match
    - ACPI: dock: avoid check _STA method
    - ACPI: video: fix brightness allocation
    - sparc64: Fix race in arch/sparc64/kernel/trampoline.S
    - math-emu: Fix signalling of underflow and inexact while packing result.
    - tcpv6: fix option space offsets with md5
    - net: Fix netdev_run_todo dead-lock
    - scx200_i2c: Add missing class parameter
    - DVB: s5h1411: Power down s5h1411 when not in use
    - DVB: s5h1411: Perform s5h1411 soft reset after tuning
    - DVB: s5h1411: bugfix: Setting serial or parallel mode could destroy bits
    - V4L: pvrusb2: Keep MPEG PTSs from drifting away
    - ACPI: Always report a sync event after a lid state change
    - ALSA: use correct lock in snd_ctl_dev_disconnect()
    - file caps: always start with clear bprm->caps_*
    - libertas: fix buffer overrun
    - net: Fix recursive descent in __scm_destroy().
    - SCSI: qla2xxx: Skip FDMI registration on ISP21xx/22xx parts.
      (Closes: #502552)
    - edac cell: fix incorrect edac_mode
    - ext[234]: Avoid printk floods in the face of directory corruption
    - gpiolib: fix oops in gpio_get_value_cansleep()
  * Override ABI changes.
  * [xen] Update description. (closes: #505961)
  * Revert parts of to fix resume breakage. (closes: #504167)
    - clockevents: prevent multiple init/shutdown
    - clockevents: broadcast fixup possible waiters

  [ dann frazier ]
  * Fix buffer overflow in hfsplus (CVE-2008-4933)
  * Fix BUG() in hfsplus (CVE-2008-4934)
  * Fix stack corruption in hfs (CVE-2008-5025)
  * Fix oops in tvaudio when controlling bass/treble (CVE-2008-5033)

  [ Martin Michlmayr ]
  * [arm/iop32x, arm/ixp4xx, arm/orion5x] Enable support for more partition
    tables, including MAC_PARTITION (requested by BenoƮt Knecht).
  * leds-pca9532: Fix memory leak and properly handle errors (Sven Wegener)
  * leds-pca9532: Move i2c work to a workqueque (Riku Voipio). (closes:

 -- Bastian Blank <>  Wed, 26 Nov 2008 11:43:48 +0100

linux-2.6 (2.6.26-10) unstable; urgency=low

  [ dann frazier ]
  * sctp: Fix possible kernel panic in sctp_sf_abort_violation (CVE-2008-4618)

  [ Martin Michlmayr ]
  * DNS-323: add support for revision B1 machines (Matthew Palmer).
  * ext3/ext4: Add support for non-native signed/unsigned htree hash
    algorithms (Theodore Ts'o). (closes: #493957)
  * [arm/ixp4xx] Enable USB_ACM (closes: #504723).

  [ Bastian Blank ]
  * agp: Fix stolen memory counting on Intel G4X. (closes: #502606)
  * Add stable release
    - security: avoid calling a NULL function pointer in drivers/video/tvaudio.c
    - DVB: au0828: add support for another USB id for Hauppauge HVR950Q
    - drm/i915: fix ioremap of a user address for non-root (CVE-2008-3831)
    - ACPI: Ignore _BQC object when registering backlight device
    - hwmon: (it87) Prevent power-off on Shuttle SN68PT
    - Check mapped ranges on sysfs resource files
    - x86: avoid dereferencing beyond stack + THREAD_SIZE
    - PCI: disable ASPM on pre-1.1 PCIe devices
    - PCI: disable ASPM per ACPI FADT setting
    - V4L/DVB (9053): fix buffer overflow in uvc-video
    - V4L/DVB (8617): uvcvideo: don't use stack-based buffers for USB transfers.
    - V4L/DVB (8498): uvcvideo: Return sensible min and max values when querying
      a boolean control.
    - V4L: zr36067: Fix RGBR pixel format
    - V4L: bttv: Prevent NULL pointer dereference in radio_open
    - libata: fix EH action overwriting in ata_eh_reset()
    - libata: always do follow-up SRST if hardreset returned -EAGAIN
    - fbcon_set_all_vcs: fix kernel crash when switching the rotated consoles
    - modules: fix module "notes" kobject leak
    - b43legacy: Fix failure in rate-adjustment mechanism
    - CIFS: make sure we have the right resume info before calling CIFSFindNext
    - sched_rt.c: resch needed in rt_rq_enqueue() for the root rt_rq
    - tty: Termios locking - sort out real_tty confusions and lock reads
    - x86, early_ioremap: fix fencepost error
    - x86: improve UP kernel when CPU-hotplug and SMP is enabled
    - x86: Reserve FIRST_DEVICE_VECTOR in used_vectors bitmap.
  * [xen] Remove pte file workaround.

  [ Ian Campbell ]
  * [xen] Disable usage of PAT. (closes: #503821)

 -- Bastian Blank <>  Sat, 08 Nov 2008 10:50:58 +0100

linux-2.6 (2.6.26-9) unstable; urgency=low

  [ Bastian Blank ]
  * Add stable release
    - mm owner: fix race between swapoff and exit
    - rtc: fix kernel panic on second use of SIGIO nofitication
    - fbcon: fix monochrome color value calculation
    - ALSA: snd-powermac: HP detection for 1st iMac G3 SL
    - ALSA: snd-powermac: mixers for PowerMac G4 AGP
    - sparc64: Fix missing devices due to PCI bridge test in
    - sparc64: Fix disappearing PCI devices on e3500.
    - sparc64: Fix OOPS in psycho_pcierr_intr_other().
    - sparc64: Fix interrupt register calculations on Psycho and Sabre.
    - sparc64: Fix PCI error interrupt registry on PSYCHO.
    - udp: Fix rcv socket locking
    - sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH
    - sctp: do not enable peer features if we can't do them.
    - ipsec: Fix pskb_expand_head corruption in xfrm_state_check_space
    - netlink: fix overrun in attribute iteration
    - niu: panic on reset
    - ipv6: Fix OOPS in ip6_dst_lookup_tail().
    - XFRM,IPv6: initialize ip6_dst_blackhole_ops.kmem_cachep
    - af_key: Free dumping state on socket close
    - pcmcia: Fix broken abuse of dev->driver_data
    - clockevents: remove WARN_ON which was used to gather information
    - ntp: fix calculation of the next jiffie to trigger RTC sync
    - x86: HPET: read back compare register before reading counter
    - x86: HPET fix moronic 32/64bit thinko
    - clockevents: broadcast fixup possible waiters
    - HPET: make minimum reprogramming delta useful
    - clockevents: prevent endless loop lockup
    - clockevents: prevent multiple init/shutdown
    - clockevents: enforce reprogram in oneshot setup
    - clockevents: prevent endless loop in periodic broadcast handler
    - clockevents: prevent clockevent event_handler ending up handler_noop
    - x86: fix memmap=exactmap boot argument
    - x86: add io delay quirk for Presario F700
    - ACPI: Avoid bogus EC timeout when EC is in Polling mode
    - x86: fix SMP alternatives: use mutex instead of spinlock, text_poke is
    - rtc: fix deadlock
    - mm: dirty page tracking race fix
    - x86-64: fix overlap of modules and fixmap areas
    - x86: PAT proper tracking of set_memory_uc and friends
    - x86: fix oprofile + hibernation badness
    - x86: fdiv bug detection fix
    - rt2x00: Use ieee80211_hw->workqueue again
    - x86: Fix 27-rc crash on vsmp due to paravirt during module load
    - sg: disable interrupts inside sg_copy_buffer
    - ocfs2: Increment the reference count of an already-active stack.
    - APIC routing fix
    - sched: fix process time monotonicity
    - block: submit_bh() inadvertently discards barrier flag on a sync write
    - x64, fpu: fix possible FPU leakage in error conditions
    - x86-64: Clean up save/restore_i387() usage
    - KVM: SVM: fix guest global tlb flushes with NPT
    - KVM: SVM: fix random segfaults with NPT enabled
    - ALSA: remove unneeded power_mutex lock in snd_pcm_drop
    - ALSA: fix locking in snd_pcm_open*() and snd_rawmidi_open*()
    - ALSA: oxygen: fix distorted output on AK4396-based cards
    - ALSA: hda - Fix model for Dell Inspiron 1525
    - SCSI: qla2xxx: Defer enablement of RISC interrupts until ISP
      initialization completes.
    - USB: fix hcd interrupt disabling
    - smb.h: do not include linux/time.h in userspace
    - pxa2xx_spi: fix build breakage
    - pxa2xx_spi: chipselect bugfixes
    - pxa2xx_spi: dma bugfixes
    - mm: mark the correct zone as full when scanning zonelists
    - async_tx: fix the bug in async_tx_run_dependencies
    - drivers/mmc/card/block.c: fix refcount leak in mmc_block_open()
    - ixgbe: initialize interrupt throttle rate
    - i2c-dev: Return correct error code on class_create() failure
    - x86-32: AMD c1e force timer broadcast late
  * [x86] Update patch to detect not properly announced cmos RTC devices.
  * [xen] Overtake hvc console by default.

  [ maximilian attems ]
  * [openvz] ip: NULL pointer dereferrence in tcp_v(4|6)_send_ack
    (closes: #500472)
  * [openvz] unset NF_CONNTRACK_IPV6 for now until abi bump.

  [ Stephen R. Marenka ]
  * [m68k] add patches to fix atari ethernec per Michael Schmitz:
    atari-ethernec-IRQF_SHARED.diff and atari-ethernec-fixes.diff.
  * [m68k] add mac-esp-fix-for-quadras-with-two-esp-chips.diff to fix macs
    with dual scsi busses and a problem with xorg, per Finn Thain.
  * [m68k] add atari-atari_keyb_init-operator-precedence.diff per
    Michael Schmitz.
  * [m68k] more mac patches, per Finn Thain.

  [ Martin Michlmayr ]
  * [arm/ixp4xx] Enable USB_ATM and USB_SPEEDTOUCH (closes: #502182).
  * [arm/iop32x, arm/orion5x] Likewise.
  * DNS-323: read MAC address from flash (Matthew Palmer).

  [ dann frazier ]
  * Restrict access to the DRM_I915_HWS_ADDR ioctl (CVE-2008-3831)
  * Don't allow splicing to files opened with O_APPEND (CVE-2008-4554)

 -- Bastian Blank <>  Sat, 18 Oct 2008 12:14:22 +0200

linux-2.6 (2.6.26-8) unstable; urgency=medium

  [ dann frazier ]
  * [x86] Fix broken LDT access in VMI (CVE-2008-4410)
  * ata: Fix off-by-one-error that causes errors when reading a
    block on the LBA28-LBA48 boundary
  * [s390] prevent ptrace padding area read/write in 31-bit mode

  [ Bastian Blank ]
  * Fix generation of i386 Xen image information.
  * [i386] Restrict the usage of long NOPs. (closes: #464962)
  * Fix access to uninitialized user keyring. (closes: #500279)
  * [x86] Fix detection of non-PNP RTC devices. (closes: #499230)

 -- Bastian Blank <>  Thu, 09 Oct 2008 12:07:21 +0200

linux-2.6 (2.6.26-7) unstable; urgency=low

  [ Bastian Blank ]
  * [xen] Add SuSE Xen patch. (closes: #495895)
  * Only register notifiers in braille console if used, fixes Insert key.
    (closes: #494374)
  * Fix ACPI EC GPE storm detection. (closes: #494546)
  * Disable useless support for ISP1760 USB host controller.
    (closes: #498304)
  * rt61pci: Add a sleep after firmware upload. (closes: #498828)

  [ Stephen R. Marenka ]
  * [m68k] Set CONFIG_ATARI_ETHERNEC=m for atari, since it only works
    in modular form.
  * [m68k] Enable CONFIG_ADB_PMU68K=y for mac.
  * [m68k] Add atari-aranym-nf-wrappers.diff patch to fix atari LBD
    problems, set CONFIG_LBD=y for atari.

  [ Martin Michlmayr ]
  * [arm/orion5x] Enable CONFIG_ATALK (requested by Ben Schwarz).
  * [arm/versatile] Enable CONFIG_VFP. (closes: #499463)
  * ath5k: Fix bad udelay calls on AR5210 code (Nick Kossifidis).
  * [arm] No longer disable ATH5K.

  [ dann frazier ]
  * Add missing capability checks in sbni_ioctl (CVE-2008-3525)

 -- Bastian Blank <>  Wed, 01 Oct 2008 09:02:30 +0200

linux-2.6 (2.6.26-6) unstable; urgency=low

  [ maximilian attems ]
  * [openvz] Enable checkpointing. (closes: #497292)

  [ Bastian Blank ]
  * Allow forced module loading again. (closes: #494144)
  * Set IEEE 802.11 (wireless) regulatory domain default to EU.
    (closes: #497971)
  * [i386] Enable IDE ACPI support. Override ABI changes. (closes: #470528)
  * [i386/686-bigmem] Promote to generic subarch. (closes: #476120)

  [ Martin Michlmayr ]
  * Fix dead 21041 ethernet after ifconfig down (Thomas Bogendoerfer).

  [ dann frazier ]
  * [hppa] Enable the FPU before using it, fixes booting on A500s
    with our CONFIG_PRINTK_TIME=y setting. (closes: #499458)

 -- Bastian Blank <>  Wed, 24 Sep 2008 12:06:47 +0200

linux-2.6 (2.6.26-5) unstable; urgency=low

  [ Martin Michlmayr ]
  * Backport power-off method for Kurobox Pro.
  * [arm/versatile] Really enable CONFIG_RTC_DRV_PL031 (closes: #484432).

  [ Stephen R. Marenka ]
  * [m68k] Set CONFIG_LBD=n for atari, since it conflicts with nfblock.

  [ Bastian Blank ]
  * Reenable SiS SATA support. (closes: #496603)
  * [amd64,i386] Disable new-style SiS PATA support.
  * Add stable release
    - sata_mv: don't issue two DMA commands concurrently
    - KVM: MMU: Fix torn shadow pte
    - x86: work around MTRR mask setting, v2
    - nfsd: fix buffer overrun decoding NFSv4 acl (CVE-2008-3915)
    - sunrpc: fix possible overrun on read of /proc/sys/sunrpc/transports
    - r8169: balance pci_map / pci_unmap pair
    - tg3: Fix firmware event timeouts
    - crypto: authenc - Avoid using clobbered request pointer
    - sparc64: Fix cmdline_memory_size handling bugs.
    - sparc64: Fix overshoot in nid_range().
    - ipsec: Fix deadlock in xfrm_state management. (closes: #497796)
    - sctp: fix random memory dereference with SCTP_HMAC_IDENT option.
    - sctp: correct bounds check in sctp_setsockopt_auth_key
    - sch_prio: Fix nla_parse_nested_compat() regression
    - sctp: add verification checks to SCTP_AUTH_KEY option
    - sctp: fix potential panics in the SCTP-AUTH API.
    - udp: Drop socket lock for encapsulated packets
    - pkt_sched: Fix actions referencing
    - pkt_sched: Fix return value corruption in HTB and TBF.
    - netns: Add network namespace argument to rt6_fill_node() and
    - ipv6: Fix OOPS, ip -f inet6 route get fec0::1, linux-2.6.26,
      ip6_route_output, rt6_fill_node+0x175 (CVE-2008-3686)
    - AX.25: Fix sysctl registration if !CONFIG_AX25_DAMA_SLAVE
    - mm: make setup_zone_migrate_reserve() aware of overlapping nodes
    - 8250: improve workaround for UARTs that don't re-assert THRE correctly
    - rtc_time_to_tm: fix signed/unsigned arithmetic
    - drivers/char/random.c: fix a race which can lead to a bogus BUG()
    - cifs: fix O_APPEND on directio mounts
    - atl1: disable TSO by default
    - forcedeth: fix checksum flag
    - bio: fix bio_copy_kern() handling of bio->bv_len
    - bio: fix __bio_copy_iov() handling of bio->bv_len
    - ALSA: oxygen: prevent muting of nonexistent AC97 controls
    - S390 dasd: fix data size for PSF/PRSSD command
    - x86: fix "kernel won't boot on a Cyrix MediaGXm (Geode)"
    - x86: work around MTRR mask setting
    - USB: cdc-acm: don't unlock acm->mutex on error path
    - binfmt_misc: fix false -ENOEXEC when coupled with other binary handlers
    - fbdefio: add set_page_dirty handler to deferred IO FB
    - eeepc-laptop: fix use after free
    - PCI: fix reference leak in pci_get_dev_by_id()
    - cramfs: fix named-pipe handling
  * Override ABI changes.
  * [hppa] Disable new-style RTC support. Override ABI changes.

  [ maximilian attems ]
  * openvz: Add upstream fixes up to 24cebf40278cb071ff8b. (closes: #497528)

 -- Bastian Blank <>  Wed, 10 Sep 2008 12:55:16 +0200

linux-2.6 (2.6.26-4) unstable; urgency=low

  [ maximilian attems ]
  * x86: Reset ACPI_PROCFS_POWER for Lenny as buggy apps depend on it.
    (closes: #495541)
  * x86: ACPI: Fix thermal shutdowns
  * openvz: Add upstream fixes up to 0f14912e3d2251aff. (closes: #494384)
  * Add stable release
    - USB: fix interface unregistration logic
    - usb-storage: unusual_devs entries for iRiver T10 and Datafab CF+SM reader
    - usb-serial: don't release unregistered minors
    - usb-storage: revert DMA-alignment change for Wireless USB
    - usb-storage: automatically recognize bad residues
    - USB: ftdi_sio: Add USB Product Id for ELV HS485
    - qla2xxx: Set an rport's dev_loss_tmo value in a consistent manner.
    - dccp: change L/R must have at least one byte in the dccpsf_val field
    - KVM: Avoid instruction emulation when event delivery is pending
    - cs5520: add enablebits checking
    - acer-wmi: Fix wireless and bluetooth on early AMW0 v2 laptops
    - USB: usb-storage: quirk around v1.11 firmware on Nikon D4
    - radeonfb: fix accel engine hangs
    - radeon: misc corrections
    - sparc64: Fix global reg snapshotting on self-cpu.
    - sparc64: Do not clobber %g7 in setcontext() trap.
    - sparc64: Fix end-of-stack checking in save_stack_trace().
    - sparc64: Fix recursion in stack overflow detection handling.
    - sparc64: Make global reg dumping even more useful.
    - sparc64: Implement IRQ stacks.
    - sparc64: Handle stack trace attempts before irqstacks are setup.
    - PCI: Limit VPD length for Broadcom 5708S
    - ide: it821x in pass-through mode segfaults in 2.6.26-stable
    - syncookies: Make sure ECN is disabled
    - USB: ftdi_sio: add support for Luminance Stellaris Evaluation/Development
    - i2c: Fix NULL pointer dereference in i2c_new_probed_device
    - SCSI: hptiop: add more PCI device IDs
    - SCSI: ses: fix VPD inquiry overrun
    - SCSI: scsi_transport_spi: fix oops in revalidate
    - CIFS: Fix compiler warning on 64-bit
    - x86: fix spin_is_contended()
    - matrox maven: fix a broken error path
    - i2c: Let users select algorithm drivers manually again
    - CIFS: properly account for new user= field in SPNEGO upcall string
    - x86: fix setup code crashes on my old 486 box
    - KVM: ia64: Fix irq disabling leak in error handling code
    - mlock() fix return values
    - rtl8187: Fix lockups due to concurrent access to config routine
    - KVM: task switch: segment base is linear address
    - KVM: task switch: use seg regs provided by subarch instead of reading
      from GDT
    - KVM: task switch: translate guest segment limit to virt-extension byte
      granular field
    - r8169: avoid thrashing PCI conf space above RTL_GIGA_MAC_VER_06
    - sparc64: FUTEX_OP_ANDN fix
    - posix-timers: do_schedule_next_timer: fix the setting of ->si_overrun
    - posix-timers: fix
Results 1 - 1 of 1
Help - FTP Sites List - Software Dir.
Search over 15 billion files
© 1997-2017