[kernel-sec-discuss] r988 - active
jmm at alioth.debian.org
jmm at alioth.debian.org
Wed Oct 3 16:38:35 UTC 2007
Author: jmm
Date: 2007-10-03 16:38:35 +0000 (Wed, 03 Oct 2007)
New Revision: 988
Modified:
active/CVE-2006-5755
active/CVE-2007-4133
active/CVE-2007-4573
active/CVE-2007-5093
Log:
fixes from latest DSA
Modified: active/CVE-2006-5755
===================================================================
--- active/CVE-2006-5755 2007-10-03 16:34:16 UTC (rev 987)
+++ active/CVE-2006-5755 2007-10-03 16:38:35 UTC (rev 988)
@@ -18,10 +18,11 @@
jmm> http://www.mail-archive.com/kgdb-bugreport@lists.sourceforge.net/msg00559.html
dannf> marking sarge/2.4 N/A since we released no sarge/2.4/amd64 kernel
dannf> ignoring for sarge7 because backport is non-trivial
+ jmm> Affects xen
Bugs:
upstream: released (2.6.18)
linux-2.6: released (2.6.18-1)
-2.6.18-etch-security: N/A
+2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4)
2.6.8-sarge-security: ignored (2.6.8-16sarge7)
2.4.27-sarge-security: N/A
2.6.12-breezy-security: released (2.6.12-10.43)
Modified: active/CVE-2007-4133
===================================================================
--- active/CVE-2007-4133 2007-10-03 16:34:16 UTC (rev 987)
+++ active/CVE-2007-4133 2007-10-03 16:38:35 UTC (rev 988)
@@ -8,7 +8,7 @@
Bugs:
upstream:
linux-2.6:
-2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch4) [bugfix/hugetlb-prio_tree-unit-fix.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4) [bugfix/hugetlb-prio_tree-unit-fix.patch]
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.15-dapper-security:
Modified: active/CVE-2007-4573
===================================================================
--- active/CVE-2007-4573 2007-10-03 16:34:16 UTC (rev 987)
+++ active/CVE-2007-4573 2007-10-03 16:38:35 UTC (rev 988)
@@ -7,10 +7,11 @@
emulation in x86_64 kernels did not correctly clear the high bits of
registers. Local attackers could exploit this to gain root privileges.
Notes:
+ jmm> Fix in etch3 didn't fix the problem for Xen guests
Bugs:
upstream: released (2.6.22.7)
linux-2.6:
-2.6.18-etch-security: released (2.6.18.dfsg.1-13etch3) [bugfix/amd64-zero-extend-32bit-ptrace.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4) [bugfix/amd64-zero-extend-32bit-ptrace.patch]
2.6.8-sarge-security:
2.4.27-sarge-security: N/A
2.6.15-dapper-security: released (2.6.15-29.59)
Modified: active/CVE-2007-5093
===================================================================
--- active/CVE-2007-5093 2007-10-03 16:34:16 UTC (rev 987)
+++ active/CVE-2007-5093 2007-10-03 16:38:35 UTC (rev 988)
@@ -19,7 +19,7 @@
Bugs:
upstream:
linux-2.6:
-2.6.18-etch-security: pending (2.6.18.dfsg.1-13etch4) [bugfix/usb-pwc-disconnect-block.patch]
+2.6.18-etch-security: released (2.6.18.dfsg.1-13etch4) [bugfix/usb-pwc-disconnect-block.patch]
2.6.8-sarge-security:
2.4.27-sarge-security:
2.6.15-dapper-security:
More information about the kernel-sec-discuss
mailing list