diff options
Diffstat (limited to 'tags/2.6.18-7/00000_README')
-rw-r--r-- | tags/2.6.18-7/00000_README | 220 |
1 files changed, 220 insertions, 0 deletions
diff --git a/tags/2.6.18-7/00000_README b/tags/2.6.18-7/00000_README new file mode 100644 index 0000000..96c5473 --- /dev/null +++ b/tags/2.6.18-7/00000_README @@ -0,0 +1,220 @@ +Xen Patches README +------------------ + +These patches are intended to be stacked on top of genpatches-base. + +Many of the patches included here are swiped from various sources which +use their own four digit patch numbering scheme, so we are stuck with five +digits to indiciate the source for easier tracking and re-syncing. + +Numbering +--------- + +0xxxx Gentoo, not related to Xen. (in case we pull something from extras) +1xxxx XenSource, upstream Xen patch for 2.6.18 +2xxxx Redhat, we use their Xen patch for >=2.6.20 +3xxxx Debian, we use their security fixes for 2.6.18 +5xxxx Gentoo, Xen and other fixes for Redhat and/or Debian patches. + +Patches +------- + +10001_xen-3.1.1.patch + Upstream 3.1.1 patch + +10002_i386-fix-xen_l1_entry_update-for-highptes.patch + Fix for kernels compiled with CONFIG_HIGHPTE. + Pulled from linux-2.6.18-xen.hg, changeset e79729740288. + +30001_nfnetlink_log-null-deref.patch + [SECURITY] Fix remotely exploitable NULL pointer dereference in + nfulnl_recv_config() + See CVE-2007-1496 + +30002_nf_conntrack-set-nfctinfo.patch + [SECURITY] Fix incorrect classification of IPv6 fragments as ESTABLISHED, + which allows remote attackers to bypass certain rulesets + See CVE-2007-1497 + +30003_netlink-infinite-recursion.patch + [SECURITY] Fix infinite recursion bug in netlink + See CVE-2007-1861 + +30004_nl_fib_lookup-oops.patch + Add fix for oops bug added by previous patch + +30005_core-dump-unreadable-PT_INTERP.patch + [SECURITY] Fix a vulnerability that allows local users to read + otherwise unreadable (but executable) files by triggering a core dump. + See CVE-2007-0958 + +30006_appletalk-length-mismatch.patch + [SECURITY] Fix a remote DoS (crash) in appletalk + Depends upon bugfix/appletalk-endianness-annotations.patch + See CVE-2007-1357 + +30007_cm4040-buffer-overflow.patch + [SECURITY] Fix a buffer overflow in the Omnikey CardMan 4040 driver + See CVE-2007-0005 + +30008_ipv6_fl_socklist-no-share.patch + [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing + ipv6_fl_socklist between the listening socket and the socket created + for connection. + See CVE-2007-1592 + +30009_keys-serial-num-collision.patch + [SECURITY] Fix the key serial number collision avoidance code in + key_alloc_serial() that could lead to a local DoS (oops). + (closes: #398470) + See CVE-2007-0006 + +30010_ipv6_getsockopt_sticky-null-opt.patch + [SECURITY] Fix kernel memory leak vulnerability in + ipv6_getsockopt_sticky() which can be triggered by passing a len < 0. + See CVE-2007-1000 + +30011_ipv6_setsockopt-NULL-deref.patch + [SECURITY] Fix NULL dereference in ipv6_setsockopt that could lead + to a local DoS (oops). + See CVE-2007-1388 + +30012_ipv6-disallow-RH0-by-default.patch + [SECURITY] Avoid a remote DoS (network amplification between two routers) + by disabling type0 IPv6 route headers by default. Can be re-enabled via + a sysctl interface. Thanks to Vlad Yasevich for porting help. + +30013_listxattr-mem-corruption.patch + [SECURITY] Fix userspace corruption vulnerability caused by + incorrectly promoted return values in bad_inode_ops + This patch changes the kernel ABI. + See CVE-2006-5753 + +30014_bluetooth-l2cap-hci-info-leaks.patch + [SECURITY] Fix information leaks in setsockopt() implementations + See CVE-2007-1353 + +30015_usblcd-limit-memory-consumption.patch + [SECURITY] limit memory consumption during write in the usblcd driver + See CVE-2007-3513 + +30016_pppoe-socket-release-mem-leak.patch + [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released + after connect but before PPPIOCGCHAN ioctl is called upon it + See CVE-2007-2525 + +30017_nf_conntrack_h323-bounds-checking.patch + [SECURITY] nf_conntrack_h323: add checking of out-of-range on choices' + index values + See CVE-2007-3642 + +30018_dn_fib-out-of-bounds.patch + [SECURITY] Fix out of bounds condition in dn_fib_props[] + See CVE-2007-2172 + +30019_random-fix-seeding-with-zero-entropy.patch, +30020_random-fix-error-in-entropy-extraction.patch + [SECURITY] Avoid seeding with the same values at boot time when a + system has no entropy source and fix a casting error in entropy + extraction that resulted in slightly less random numbers. + See CVE-2007-2453 + +30021_nf_conntrack_sctp-null-deref.patch + [SECURITY] Fix remotely triggerable NULL pointer dereference + by sending an unknown chunk type. + See CVE-2007-2876 + +30022_i965-secure-batchbuffer.patch + [SECURITY] Fix i965 secured batchbuffer usage + See CVE-2007-3851 + +30023_appletalk-endianness-annotations.patch + Dependency for 30006_appletalk-length-mismatch.patch. + +30024_drm-i965.patch + Dependency for 30022_i965-secure-batchbuffer.patch + +30025_ipv4-fib_props-out-of-bounds.patch + [SECURITY] Fix a typo which caused fib_props[] to be of the wrong size + and check for out of bounds condition in index provided by userspace + See CVE-2007-2172 + +30026_cifs-fix-sign-settings.patch + [SECURITY] Fix overriding the server to force signing on caused by + checking the wrong gloal variable. + See CVE-2007-3843 + +30027_cpuset_tasks-underflow.patch + [SECURITY] Fix integer underflow in /dev/cpuset/tasks which could allow + local attackers to read sensitive kernel memory if the cpuset filesystem + is mounted. + See CVE-2007-2875 + +30028_random-bound-check-ordering.patch + [SECURITY] Fix stack-based buffer overflow in the random number + generator + See CVE-2007-3105 + +30030_aacraid-ioctl-perm-check.patch + [SECURITY] Require admin capabilities to issue ioctls to aacraid devices + See CVE-2007-4308 + +30031_ptrace-handle-bogus-selector.patch, +30032_fixup-trace_irq-breakage.patch + [SECURITY] Handle an invalid LDT segment selector %cs (the xcs field) + during ptrace single-step operations that can be used to trigger a + NULL-pointer dereference causing an Oops. + See CVE-2007-3731 + +30033_prevent-stack-growth-into-hugetlb-region.patch + [SECURITY] Prevent OOPS during stack expansion when the VMA crosses + into address space reserved for hugetlb pages. + See CVE-2007-3739 + +30034_cifs-honor-umask.patch + [SECURITY] Make CIFS honor a process' umask + See CVE-2007-3740 + +30035_amd64-zero-extend-32bit-ptrace.patch + [SECURITY] Zero extend all registers after ptrace in 32-bit entry path. + See CVE-2007-4573 + +30036_jffs2-ACL-vs-mode-handling.patch + [SECURITY] Write correct legacy modes to the medium on inode creation to + prevent incorrect permissions upon remount. + See CVE-2007-4849 + +30038_don-t-leak-nt-bit-into-next-task-xen.patch + [SECURITY] Don't leak NT bit into next task (Xen). + See CVE-2006-5755 + +30039_hugetlb-prio_tree-unit-fix.patch + [SECURITY] Fix misconversion of hugetlb_vmtruncate_list to prio_tree + which could be used to trigger a BUG_ON() call in exit_mmap. + See CVE-2007-4133 + +30040_usb-pwc-disconnect-block.patch + [SECURITY] Fix issue with unplugging webcams that use the pwc driver. + If userspace still has the device open it can result, the driver would + wait for the device to close, blocking the USB subsystem. + See CVE-2007-5093 + +30041_ipv6-disallow-RH0-by-default-2.patch + Fix ipv6 rfc conformance issue introduced in 2.6.18.dfsg.1-13 by the + fix for CVE-2007-2242. Thanks to Brian Haley for the patch. + (closes: Debian #440127) + +30042_reset-pdeathsig-on-suid-upstream.patch + Update fix for CVE-2007-3848 with the patch accepted upstream + (formerly 30013_reset-pdeathsig-on-suid.patch) + +50001_make-install.patch + Handle make install in a semi-sane way that plays nice with + split domU/dom0 kernels. + +50002_always-enable-xen-genapic.patch + Compile fix for non-SMP (UP) kernels. Since UP support is broken in + upstream Xen I'm not sure if I trust it or not. :-P + +50009_gentooify-tls-warning.patch + Change tls warning instructions to apply directly to Gentoo. |