Jump to content
Compatible Support Forums
Sign in to follow this  
news

[SECURITY] [DLA 118-1] linux-2.6 security update

Recommended Posts

Package : linux-2.6

Version : 2.6.32-48squeeze10

CVE ID : CVE-2014-3185 CVE-2014-3687 CVE-2014-3688 CVE-2014-6410

CVE-2014-7841 CVE-2014-8709 CVE-2014-8884

 

Non-maintainer upload by the Squeeze LTS and Kernel Teams.

 

New upstream stable release 2.6.32.65, see

http://lkml.org/lkml/2014/12/13/81 for more information.

 

The stable release 2.6.32.65 includes the following new commits compared

to the previous 2.6.32-48squeeze9 package:

 

- USB: whiteheat: Added bounds checking for bulk command response

(CVE-2014-3185)

- net: sctp: fix panic on duplicate ASCONF chunks (CVE-2014-3687)

- net: sctp: fix remote memory pressure from excessive queueing

(CVE-2014-3688)

- udf: Avoid infinite loop when processing indirect ICBs (CVE-2014-6410)

- net: sctp: fix NULL pointer dereference in af->from_addr_param on

malformed packet (CVE-2014-7841)

- mac80211: fix fragmentation code, particularly for encryption

(CVE-2014-8709)

- ttusb-dec: buffer overflow in ioctl (CVE-2014-8884)

 

We recommend that you upgrade your linux-2.6 packages.

 

 

 

We apologize for a minor cosmetic glitch:

 

The following commits were already included in 2.6.32-48squeeze9 despite

claims in debian/changelog they were only fixed in 2.6.32-48squeez10:

 

- vlan: Don't propagate flag changes on down interfaces.

- sctp: Fix double-free introduced by bad backport in 2.6.32.62

- md/raid6: Fix misapplied backport in 2.6.32.64

- block: add missing blk_queue_dead() checks

- block: Fix blk_execute_rq_nowait() dead queue handling

- proc connector: Delete spurious memset in proc_exit_connector()

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×