Re: Security fixes for 2.6.32-stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Ben,

On Mon, Nov 16, 2015 at 07:47:37PM +0000, Ben Hutchings wrote:
> Willy, here are the security patches I've recently applied to Debian's
> 2.6.32 branch, aside from those for CVE-2015-2925 - which we already
> discussed - and for issues not yet fixed upstream.
> 
> These have already been released without reported regressions. The
> mapping to CVE IDs is:
> 
>   * md: use kzalloc() when bitmap is disabled (CVE-2015-5697)
>   * ipv6: addrconf: validate new MTU before applying it (CVE-2015-0272)
>   * virtio-net: drop NETIF_F_FRAGLIST (CVE-2015-5156)
>   * USB: whiteheat: fix potential null-deref at probe (CVE-2015-5257)
>   * ipc/sem.c: fully initialize sem_array before making it visible
>     (no CVE ID, but similar issue to the following fix)
>   * Initialize msg/shm IPC objects before doing ipc_addid()
>     (CVE-2015-7613)

Much appreciated, thank you! I'll try to issue a new kernel ASAP, probably
next week.

Cheers,
Willy

--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]