Willy, here are some more security patches I've recently applied to Debian's 2.6.32 branch. These are being released today in the final security update for Debian 6.0 "squeeze". The mapping to CVE IDs is: * usb: serial: visor: fix crash on detecting device without write_urbs (CVE-2015-7566) * [media] usbvision fix overflow of interfaces array (CVE-2015-7833) * [media] usbvision: fix crash on detecting device with invalid configuration (CVE-2015-7833) * sctp: Prevent soft lockup when sctp_accept() is called during a timeout event (CVE-2015-8767) * tty: Fix unsafe ldisc reference via ioctl(TIOCGETD) (CVE-2016-0723) * x86/mm: Add barriers and document switch_mm()-vs-flush synchronization (CVE-2016-2069) * x86/mm: Improve switch_mm() barrier comments (no CVE, just documenting previous fix) Several recently reported CVEs were not fixed in squeeze, but you might want to try backporting the fixes yourself: CVE-2013-4312 (upstream commits: 712f4aad406b, 759c01142a5d) CVE-2015-5307 (upstream commits: 54a20552e1ea) CVE-2015-6526 (upstream commits: 9a5cbce421a2) CVE-2015-8104 (upstream commits: cbdb967af3d5) Ben. -- Ben Hutchings It is a miracle that curiosity survives formal education. - Albert Einstein
Attachment:
security-2.6.32.mbox
Description: application/mbox
Attachment:
signature.asc
Description: This is a digitally signed message part