kernel-image-2.4.18-hppa (62.4) oldstable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Fix lcall DoS [arch/i386/kernel/entry.S, CVE-2002-0429]
  * Disabled O_DIRECT (CAN-2003-0018):
    . fs/fcntl.c
    . fs/open.c
  * Applied ptrace bugfix by Alan Cox to fix local root exploit
    [http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html,
    CAN-2003-0127]
  * Fixed hashing exploits in network stack (David S. Miller).
    Patch extracted from kernel-source-2.4.18 (CAN-2003-0244)
  * Fixed TIOCCONS and writing to /dev/console (CVE-2003-0247):
   . drivers/char/tty_io.c
   . include/linux/tty.h
  * Fixed hashing exploits in fragment processing (2.4.21rc7).
    (CVE-2003-0364)
  * Made /proc/tty/driver root-only (CAN-2003-0461):
    . include/linux/proc_fs.h
    . fs/proc/generic.c
    . fs/proc/proc_tty.c
  * Fix race condition in execve env_start/env_end initialization.
    (CVE-2003-0462)
    . fs/proc/base.c
  * Fixed ptrace/proc bug in fs/proc/base.c (CAN-2003-0501).
  * Applied patch from John Byrne <john.l.byrne@hp.com> for Linux 2.4.26
    to fix local denial of service in do_fork()
    <http://marc.theaimsgroup.com/?l=linux-kernel&m=108139073506983&w=2>
    [kernel/fork.c, CAN-2004-0427]
  * Applied patch by Marcelo Tosatti <marcelo.tosatti@cyclades.com> to fix
    potential memory access to free memory in /proc handling
    [fs/proc/base.c, CAN-2005-0489]
  * Applied patch by Marcelo Tosatti <marcelo.tosatti@cyclades.com> to fix
    a possible buffer overflow in panic() [kernel/panic.c, CAN-2004-0394]
  * Applied patch by David Mosberger <davidm@napali.hpl.hp.com> to fix
    local denial of service in combination with gdb 6.x and NPTL on IA-64
    <http://marc.theaimsgroup.com/?l=linux-ia64&m=108026377907667&w=2>
    [arch/ia64/kernel/unwind.c, CAN-2004-0447]
  * Applied patch by Alexander Nyberg and Andi/Sergey to fix local denial
    of service.  <http://linuxreviews.org/news/2004-06-11_kernel_crash/>
    [include/asm-i386/i387.h, CAN-2004-0554]
  * Applied patch by Arun Sharma <arun.sharma@intel.com> to fix register
    information leak on the IA64 architecture
    <http://lia64.bkbits.net:8080/to-linus-2.5/cset@1.1726.29.7>
    [include/asm-ia64/system.h, CAN-2004-0565]
  * Backported patch by Mark Cox to fix information leak by initialising
    allocated data structures [drivers/usb/serial/io_edgeport.c,
    drivers/sound/audio.c, drivers/usb/vicam.c, CAN-2004-0685]
    <http://linux.bkbits.net:8080/linux-2.4/cset@410582380U3H9KOx8J2YZmMT0bhXQw>
  * Applied patch from Marcelo Tosatti to fix i386 SMP page fault handler
    privilege escalation [include/linux/mm.h, CAN-2005-0001]
  * Applied patch by Stefan Esser to fix missing boundary checks
    [fs/smbfs/proc.c, fs/smbfs/sock.c, CAN-2004-0883]
  * Applied patch by Stefan Esser to fix information leak
    [fs/smbfs/sock.c, CAN-2004-0949]
  * Applied patch by Herbert Xu to fix a denial of service in scm_send()
    <http://linux.bkbits.net:8080/linux-2.4/cset@41b76e94BsJKm8jhVtyDat9ZM1dXXg>,
    added patch by Marcus Meissner to fix more 64/32 bit compatibility
    code, added additional patch by Olaf Kirch and Marcus Meissner for
    type correction [arch/ia64/ia32/sys_ia32.c,
    arch/s390x/kernel/linux32.c, include/linux/socket.h, net/core/scm.c,
    net/ipv4/ip_sockglue.c, net/ipv6/datagram.c, CAN-2004-1016]
  * Applied patch by Thiemo Seufer to fix local ptrace root in the MIPS
    ptrace implementation [arch/mips/kernel/scall_o32.S,
    arch/mips/tools/offset.c, arch/mips64/kernel/scall_64.S,
    arch/mips64/kernel/scall_o32.S, CAN-2004-0997]
  * Applied patch by Marcelo Tosatti to fix integer overflow in the
    vc_resize() function [drivers/char/console.c, CAN-2004-1333]
  * Applied patch by Dave Miller to fix memory leak in ip_options_get()
    [net/ipv4/ip_options.c, CAN-2004-1335]
  * Applied patch by Greg Kroah-Hartman to fix buffer overflow and crash
    [drivers/usb/serial/io_edgeport.c, CAN-2004-1017]
  * Applied patch by Jan Harkes to fix to add bounds checking for tainted
    scalars [include/linux/coda.h, fs/coda/upcall.c, CAN-2005-0124]
  * Applied patch by Andrea Arcangeli from 2.4.24 to fix privilege
    escalation in the mremap() syscall [mm/mremap.c, CAN-2005-0528]
  * Applied patch by Tom Rini to fix information leak
    [drivers/char/efirtc.c, drivers/char/rtc.c, drivers/macintosh/rtc.c,
    drivers/sbus/char/rtc.c, CAN-2003-0984]
  * Applied patch by Chris Wright to fix wrong return value check while
    filling kernel buffers [fs/binfmt_elf.c, CAN-2004-1070]
  * Applied patch by Chris Wright to fix incorrect error behaviour when
    mmap() fails [fs/binfmt_elf.c, CAN-2004-1071]
  * Applied patch by Chris Wright to fix NULL termination vulnerability
    when reading an interpreter [fs/binfmt_elf.c, CAN-2004-1072]
  * Applied patch by Chris Wright to fix reading of non-readable ELF
    binaries [fs/binfmt_elf.c, CAN-2004-1073]
  * Applied patch by Chris Wright to not insert overlapping regions in
    setup_arg_pages() [fs/exec.c, associated to CAN-2004-1074]
  * Applied patch by Chris Wright to fix error handling in do_brk() when
    setting up bss in a.out [fs/binfmt_aout.c, CAN-2004-1074]
  * Applied patch by Chris Wright to denial of service in the ELF loader
    when the interpreter architecture doesn't match the current one
    <http://linux.bkbits.net:8080/linux-2.4/cset@4021346f79nBb-4X_usRikR3Iyb4Vg>
    [fs/binfmt_elf.c, CAN-2004-0138]
  * Applied patch by Dave Miller to serialize dgram read using semaphore
    [net/unix/af_unix.c, CAN-2004-1068]
  * Applied patch by Chris Wright to fix denial of service in the ELF loader
    <http://linux.bkbits.net:8080/linux-2.4/cset@4076466d_SqUm4azg4_v3FIG2-X6XQ>
    [fs/binfmt_elf.c, CAN-2004-1234]
  * Backported patch by Nanhai Zou from 2.6 to fix denial of service via
    broken executables [arch/ia64/ia32/binfmt_elf32.c,
    arch/ia64/mm/init.c, fs/exec.c, include/linux/mm.h, mm/mmap.c,
    CAN-2005-0003]
  * Backported patch by Chris Wright and Simon Heywood to fix a race
    conditions in the uselib calls for ELF and a.out formats
    [arch/mips/kernel/irixelf.c, arch/sparc64/kernel/binfmt_aout32.c,
    fs/binfmt_aout.c, fs/binfmt_elf.c, CAN-2004-1235]
  * Applied patch by Brad Spengler to fix integer overflow in the moxa
    serial driver [drivers/char/moxa.c, CAN-2005-0504]
  * Applied patch by Ben Martel and Stephen Blackheath to fix a remote
    denial of service [drivers/net/ppp_async.c, CAN-2005-0384]
  * Backported patch by Keith Owens to fix a locally induced crash on
    IA-64 machines [arch/ia64/kernel/unwind.c, CAN-2005-0135]
  * Fix unauthorized file descriptor read vulnerability.  (CAN-2003-0476)
  * Fixed bridging security issues (CAN-2003-055[012]):
    . net/bridge/br_fdb.c
    . net/bridge/br_if.c
    . net/bridge/br_input.c
    . net/bridge/br_private.h
    . net/bridge/br_stp_bpdu.c

 -- dann frazier <dannf@debian.org>  Sun, 18 Dec 2005 16:15:02 -0700

kernel-image-2.4.18-hppa (62.3) unstable; urgency=low

  * Fixes for CAN-2004-0003, CAN-2004-0010, CAN-2004-0109, CAN-2004-0177,
    CAN-2004-0178.

 -- LaMont Jones <lamont@debian.org>  Sat, 10 Apr 2004 05:04:39 -0600

kernel-image-2.4.18-hppa (62.2) unstable; urgency=low

  * Fixes for CAN-2003-0961, CAN-2003-0985, CAN-2004-0077

 -- LaMont Jones <lamont@debian.org>  Wed, 24 Mar 2004 21:22:58 -0700

kernel-image-2.4.18-hppa (12.1) unstable; urgency=low

  * first cut at 2.4.18 from cvs.parisc-linux.org 

 -- Bdale Garbee <bdale@gag.com>  Sat, 30 Mar 2002 14:05:22 -0700

