-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 29 Jan 2011 19:35:42 -0600 Source: user-mode-linux Binary: user-mode-linux Architecture: source amd64 Version: 2.6.26-1um-2+26lenny2 Distribution: stable-security Urgency: high Maintainer: User Mode Linux Maintainers Changed-By: dann frazier Description: user-mode-linux - User-mode Linux (kernel) Changes: user-mode-linux (2.6.26-1um-2+26lenny2) stable-security; urgency=high . * Rebuild against linux-source-2.6.26 (2.6.26-26lenny2): * filter: make sure filters dont read uninitialized memory (CVE-2010-4158) * bio: take care not overflow page count when mapping/copying user data (CVE-2010-4162) * block: check for proper length of iov entries in blk_rq_map_user_iov() (CVE-2010-4163) * bluetooth: Fix missing NULL check (CVE-2010-4242) * posix-cpu-timers: workaround to suppress the problems with mt exec (CVE-2010-4248) * KVM: VMX: fix vmx null pointer dereference on debug register access (CVE-2010-0435) * exec: make argv/envp memory visible to oom-killer (CVE-2010-4243) * af_unix: limit unix_tot_inflight (CVE-2010-4249) * do_exit(): make sure that we run with get_fs() == USER_DS (CVE-2010-4258) * econet: Disable auto-loading as mitigation against local exploits. This module has been shown to be broken, so this risk of this affecting real users is insignificant. * econet: Fix crash in aun_incoming() (CVE-2010-4342) * install_special_mapping skips security_file_mmap check (CVE-2010-4346) * CAN: Use inode instead of kernel address for /proc file (CVE-2010-4565) * IB/uverbs: Handle large number of entries in poll CQ (CVE-2010-4649) * block: check for proper length of iov entries earlier in blk_rq_map_user_iov() (CVE-2010-4668) * av7110: check for negative array offset (CVE-2011-0521) * usb: iowarrior: don't trust report_size for buffer size (CVE-2010-4656) * blkback/blktap/netback: Fix CVE-2010-3699 * sctp: Fix a race between ICMP protocol unreachable and connect() (CVE-2010-4526) * sound: Prevent buffer overflow in OSS load_mixer_volumes (CVE-2010-4527) * irda: prevent integer underflow in IRLMP_ENUMDEVICES (CVE-2010-4529) Checksums-Sha1: 8338033a60ebab65473fd8cbf849b313ad4f1c20 1921 user-mode-linux_2.6.26-1um-2+26lenny2.dsc d41d73b7b436eb1e9e98d4e63b959639d52dccdd 21165 user-mode-linux_2.6.26-1um-2+26lenny2.diff.gz 5712b85fbdd15b20bbdcf045a82763b152fd42d0 5845972 user-mode-linux_2.6.26-1um-2+26lenny2_amd64.deb Checksums-Sha256: 6cb74a64c5a20c35fb5d8e85cbf7d5ceed7703f9b58cbe566defad93729c8de8 1921 user-mode-linux_2.6.26-1um-2+26lenny2.dsc 6b2aa7275a63ab25e2c1055feb317f801868883319405f81d5d06701a1e9fa44 21165 user-mode-linux_2.6.26-1um-2+26lenny2.diff.gz fd61ef6d3724be0dbb3d7cf73be703a2ccbebd227b11e34800f464f11be92f92 5845972 user-mode-linux_2.6.26-1um-2+26lenny2_amd64.deb Files: 61e6ec6e9a0ee447102031507d5db2c9 1921 misc extra user-mode-linux_2.6.26-1um-2+26lenny2.dsc 8528b529ae10ae656bd8f0f7a7cc7496 21165 misc extra user-mode-linux_2.6.26-1um-2+26lenny2.diff.gz bd41061b60c984a547628baa73cf2330 5845972 misc extra user-mode-linux_2.6.26-1um-2+26lenny2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJNRPRPAAoJEBv4PF5U/IZA3bQP/jOB3a48oqhUTDl1k9jyJQqz na5U+G/NibUISINTJafW2J/8DJfXc/OPDKrXs4zizlBSV7PeVNK8ot8ecXfJ4bUS fArUfkE8NxPfabeICs2jzWeLRTi3vh2o0tuyiCPSdz/n+ymwfYFn3KbkDK+jaiIP tJwscTsspD5r+mvCdReVCb8QXW9dM/GTzZUuyaD9ZI+mzprPEhSY3IbtWtGjI2Q8 B/65hMxO9l/6siOj7Vm7wKix+XS3IeOANZABYerla02jNCBmFXdqT7ldo9/jDBpU Z08Q/lPQnjg38H3v0juL34ncePwwFLYE9MiUJ6IRkN9i4OXJqk8ib2FpaI+C59xm lbJcNfxvIW7UiHuQedYrZ1M9VtILos3BQXjaSkf7gX5/FMPcuOCwrRhY0BmQTstL vTgfzYtxq3uXKN030mVyLQm4WYi36G/vZvilBi30T3Cyyxb7nX0PYMqvFrV1bITk dMBChhXw2jvlXPHF0AZngYuvEVpH+OOv19SrLcwpQD0AvSoCUy2B1Ic2VUSPcJvd mH701zWw3kyMOQ2jFJxbGMsybu6GRljNp9flSaR+rYXQGKs2+zkE8f104Wye/pdi Xwv7b5tPouO80FoLEkM+0k2OV1Xa0OnlYGjELHPZT7dUlfZJ2YMGTob+Oy+cA+by Dbl9hxs9Yo17SbFv3lVD =0btj -----END PGP SIGNATURE-----