Security fixes for 2.6.32-stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Willy, here are some more security patches I've recently applied to
Debian's 2.6.32 branch.  These are being released today in the final
security update for Debian 6.0 "squeeze".

The mapping to CVE IDs is:

 * usb: serial: visor: fix crash on detecting device without
   write_urbs (CVE-2015-7566)
 * [media] usbvision fix overflow of interfaces array (CVE-2015-7833)
 * [media] usbvision: fix crash on detecting device with invalid
   configuration (CVE-2015-7833)
 * sctp: Prevent soft lockup when sctp_accept() is called during a
   timeout event (CVE-2015-8767)
 * tty: Fix unsafe ldisc reference via ioctl(TIOCGETD) (CVE-2016-0723)
 * x86/mm: Add barriers and document switch_mm()-vs-flush
   synchronization (CVE-2016-2069)
 * x86/mm: Improve switch_mm() barrier comments (no CVE, just
   documenting previous fix)

Several recently reported CVEs were not fixed in squeeze, but you might
want to try backporting the fixes yourself:

CVE-2013-4312 (upstream commits: 712f4aad406b, 759c01142a5d)
CVE-2015-5307 (upstream commits: 54a20552e1ea)
CVE-2015-6526 (upstream commits: 9a5cbce421a2)
CVE-2015-8104 (upstream commits: cbdb967af3d5)

Ben.

-- 
Ben Hutchings
It is a miracle that curiosity survives formal education. - Albert Einstein

Attachment: security-2.6.32.mbox
Description: application/mbox

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]