Changelog
linux-2.6 (2.6.26-26lenny1) stable-security; urgency=high
* net sched: fix kernel leak in act_police (CVE-2010-3477) * aio: check for multiplication overflow in do_io_submit (CVE-2010-3067) * cxgb3: prevent reading uninitialized stack memory (CVE-2010-3296) * eql: prevent reading uninitialized stack memory (CVE-2010-3297) * rose: Fix signedness issues wrt. digi count (CVE-2010-3310) * sctp: Do not reset the packet during sctp_packet_config() (CVE-2010-3432) * Fix pktcdvd ioctl dev_minor range check (CVE-2010-3437) * ALSA: prevent heap corruption in snd_ctl_new() (CVE-2010-3442) * thinkpad-acpi: lock down video output state access (CVE-2010-3448) * sctp: Fix out-of-bounds reading in sctp_asoc_get_hmac() (CVE-2010-3705) * setup_arg_pages: diagnose excessive argument size (CVE-2010-3858) * X.25: memory corruption in X.25 facilities parsing (CVE-2010-3873) * sys_semctl: fix kernel stack leakage (CVE-2010-4083) * ALSA: rme9652: prevent reading uninitialized stack memory (CVE-2010-4080, CVE-2010-4081) * V4L/DVB: ivtvfb: prevent reading uninitialized stack memory (CVE-2010-4079) * video/sis: prevent reading uninitialized stack memory (CVE-2010-4078) * X.25: Prevent crashing when parsing bad X.25 facilities (CVE-2010-4164) * v4l1: fix 32-bit compat microcode loading translation (CVE-2010-2963) * net: Mitigate overflow issues - Truncate recvfrom and sendto length to INT_MAX. - Limit socket I/O iovec total length to INT_MAX. - Resolves kernel heap overflow in the TIPC protcol (CVE-2010-3859) * net: ax25: fix information leak to userland (CVE-2010-3875) * can-bcm: fix minor heap overflow (CVE-2010-3874) * net: packet: fix information leak to userland (CVE-2010-3876) * net: tipc: fix information leak to userland (CVE-2010-3877) * inet_diag: Make sure we actually run the same bytecode we audited (CVE-2010-3880) * ipc: shm: fix information leak to userland (CVE-2010-4072) * ipc: initialize structure memory to zero for compat functions (CVE-2010-4073) * USB: serial/mos*: prevent reading uninitialized stack memory (CVE-2010-4074) * [SCSI] gdth: integer overflow in ioctl (CVE-2010-4157) * econet: Avoid stack overflow w/ large msgiovlen (CVE-2010-3848) * econet: disallow NULL remote addr for sendmsg() (CVE-2010-3849) * econet: Add mising CAP_NET_ADMIN check in SIOCSIFADDR (CVE-2010-3850) -- dann frazier <email address hidden> Wed, 24 Nov 2010 17:46:00 -0700