security update of stable kernels
Kees Cook
kees at ubuntu.com
Wed Jan 16 20:26:27 UTC 2008
Hello!
I need to have builds/tests of security updates for Dapper through Gutsy
for a number of updates.
I've already merged fixes for the following CVEs:
* CVE-2007-3107 - e f -
* CVE-2007-5966 - e f g
* CVE-2007-6063 d e f g
* CVE-2007-6151 d e f g
* CVE-2007-6206 d e f g
* CVE-2007-6417 d e f g
* CVE-2008-0001 d e f g
And incorporated fixes from the NFSv4 regression (bug 164231) needed in
Feisty and Gutsy. They are in the security git trees:
* git://kernel.ubuntu.com/kees/ubuntu-dapper-security.git
* git://kernel.ubuntu.com/kees/ubuntu-edgy-security.git
* git://kernel.ubuntu.com/kees/ubuntu-feisty-security.git
* git://kernel.ubuntu.com/kees/ubuntu-gutsy-security.git
The following CVE needs more attention from the kernel team, as it did
not merge cleanly:
* CVE-2007-5904
It is fixed with upstream commits:
* a761ac579b89bc1f00212a42401398108deba65c
* 133672efbc1085f9af990bdc145e1822ea93bcf3
I would also ask that Dapper's update be regenerated to include all the
outstanding updates in 2.6.15-51.65 (which hasn't been released yet,
pending the 6.06.2 publication, which just happened). When doing the
upload to jackass, all packages tied to the Dapper kernel ABI need to be
version-bumped as well, and uploaded to jackass so that people only
using -updates will have a sane view of what to install.
These updates are rather urgent (due to CVE-2008-0001).
Let me know if I can help further, I want to make sure this gets
published before the Distro Sprint.
Thanks,
-Kees
--
Kees Cook
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20080116/b8571bcc/attachment.sig>
More information about the kernel-team
mailing list