security update time
Kees Cook
kees at ubuntu.com
Wed May 7 22:39:57 UTC 2008
It's that time again... I've cherry picked and backported various CVE
and related bug fixes into the ubuntu-security/* git trees. Bad news:
excepting Hardy, the dnotify patch[1] appears to be an ABI bump. Debian
avoided[1] it using methods I don't understand. However, since I also
have another minor update that is deferred waiting for an ABI bump
(CVE-2007-4571), maybe it's time to do the ABI bump. If there isn't a
way to sanely avoid the dnotify ABI bump, let me know, and I'll add the
patches for CVE-2007-4571. Currently:
dapper feisty gutsy hardy
CVE-2007-4571: deferred deferred N/A N/A
CVE-2007-5904: pending pending pending N/A
CVE-2007-6694: pending pending pending pending
CVE-2008-0007: pending pending pending N/A
CVE-2008-1294: pending pending N/A N/A
CVE-2008-1375: pending pending pending pending
CVE-2008-1669: pending pending pending pending
CVE-2008-1675: N/A N/A N/A pending
Trees:
http://kernel.ubuntu.com/git?p=ubuntu-security/ubuntu-dapper.git;a=summary
http://kernel.ubuntu.com/git?p=ubuntu-security/ubuntu-feisty.git;a=summary
http://kernel.ubuntu.com/git?p=ubuntu-security/ubuntu-gutsy.git;a=summary
http://kernel.ubuntu.com/git?p=ubuntu-security/ubuntu-hardy.git;a=summary
Thanks,
-Kees
[1] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=214b7049a7929f03bbd2786aaef04b8b79db34e2
[2] http://svn.debian.org/wsvn/kernel/dists/etch-security/linux-2.6/debian/patches/bugfix/dnotify-race-avoid-abi-change.patch?op=file&rev=0&sc=0
--
Kees Cook
Ubuntu Security Team
More information about the kernel-team
mailing list