Re: Security fixes for 2.6.32-stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Ben,

On Fri, Feb 05, 2016 at 05:45:24PM +0000, Ben Hutchings wrote:
> Willy, here are some more security patches I've recently applied to
> Debian's 2.6.32 branch.  These are being released today in the final
> security update for Debian 6.0 "squeeze".
> 
> The mapping to CVE IDs is:
> 
>  * usb: serial: visor: fix crash on detecting device without
>    write_urbs (CVE-2015-7566)
>  * [media] usbvision fix overflow of interfaces array (CVE-2015-7833)
>  * [media] usbvision: fix crash on detecting device with invalid
>    configuration (CVE-2015-7833)
>  * sctp: Prevent soft lockup when sctp_accept() is called during a
>    timeout event (CVE-2015-8767)
>  * tty: Fix unsafe ldisc reference via ioctl(TIOCGETD) (CVE-2016-0723)
>  * x86/mm: Add barriers and document switch_mm()-vs-flush
>    synchronization (CVE-2016-2069)
>  * x86/mm: Improve switch_mm() barrier comments (no CVE, just
>    documenting previous fix)
> 
> Several recently reported CVEs were not fixed in squeeze, but you might
> want to try backporting the fixes yourself:
> 
> CVE-2013-4312 (upstream commits: 712f4aad406b, 759c01142a5d)
> CVE-2015-5307 (upstream commits: 54a20552e1ea)
> CVE-2015-6526 (upstream commits: 9a5cbce421a2)
> CVE-2015-8104 (upstream commits: cbdb967af3d5)

Great, thank you very much for all this. I'll take a look at the commit
IDs to see if the backports are easy and if they're testable. I'd rather
not break the last version and let it rot that way :-)

Best regards,
willy

--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]