Your message dated Sat, 26 Nov 2005 09:17:41 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#334113: fixed in linux-2.6 2.6.14-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 15 Oct 2005 16:13:57 +0000
>From [EMAIL PROTECTED] Sat Oct 15 09:13:57 2005
Return-path: <[EMAIL PROTECTED]>
Received: from master.debian.org [146.82.138.7]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EQofV-000056-00; Sat, 15 Oct 2005 09:13:57 -0700
Received: from p54b074d8.dip.t-dialin.net (localhost.localdomain)
[84.176.116.216]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1EQofT-0001WP-00; Sat, 15 Oct 2005 11:13:55 -0500
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Rudolf Polzer <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: linux-image-2.6.12-1-powerpc: kernel allows loadkeys to be used by any
user,
allowing for local root compromise
X-Mailer: reportbug 3.17
Date: Sat, 15 Oct 2005 18:03:31 +0200
X-Debbugs-Cc: [EMAIL PROTECTED],
Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-9.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
OUR_MTA_MSGID,X_DEBBUGS_CC autolearn=ham
version=2.60-bugs.debian.org_2005_01_02
Package: linux-image-2.6.12-1-powerpc
Version: 2.6.12-10
Severity: critical
Tags: security
Justification: root security hole
The non-suid command "loadkeys" can be used by any local user having
console access. It does not just apply to the current virtual console
but to all virtual consoles and its effect persists even after logout.
A proof of concept would be (^V, ^C etc. refer to key presses on the
console):
loadkeys
keycode 15 = F23
string F23 = "^V^C^V^Mecho hello world^V^M"
^D
Then log out and let root login (in a computer pool, you can usually get
an admin to log on as root on a console somehow). The next time he'll
press TAB to complete a file name, he instead will run the shell
command.
Of course, the shell command could be more evil, e.g. add a line to
/etc/passwd, clear the screen to make it less obvious, sync and write
stuff to /dev/mem to cause a kernel crash so that most people would not
suspect anything but a hardware fault. A demo exploit adding a line to
the password file, clearing the screen and logging out exists in form of
a shell script.
As a solution, I propose that the loadkeys command (or more exactly, the
kernel interface it uses) should be restricted to root and instead one
could add a suid wrapper for loadkeys that only allows the system-wide
keymaps to be loaded. The old behaviour could still be made selectable
using a procfs file.
If the last modification time of the manual page of loadkeys is true,
this bug exists in the Linux kernel at least since 1997. However, the
BUGS section of the manpage does not hint that the loadkeys command
can even be used as a root compromise and not just for stuff like
unbinding all keys.
Plus, it might be good to have a way to disable chvt for non-root users.
Using chvt, a malicious user could do the same thing in an X session:
remap Backspace to another key, handle Ctrl-Alt-Backspace by chvt 1;
chvt 7 (so the video mode switches) and showing a fake login manager on
the X display. If chvt were not possible for mere mortals, the admin
would be able to disable all possible video mode switching caused by X
applications (like xrandr, xvidmode, dpms) in the xorg.conf file so that
he finally knows: if Ctrl-Alt-Backspace caused video mode switching, the
resulting login screen is genuine.
Another solution would be a keymap-invariant non-remappable "zap" key
combination with the functionality of Alt-SysRq-K - but on an X screen,
it should tell the X server to exit instead of kill -9ing it so that the
video mode gets restored. And it should be able to make a kernel support
it without adding all of the other "Magic SysRq Key" features. Of
course, it should lock the keymap until the user tells the system to
unlock it again.
Or, even better: a "root login key". That is, something unremappable
that causes a new VT to be created with a login prompt for root - and
while this VT is active, the keymap should be locked to the system-wide
standard keymap. Ideally, that "root login key" should also work from X
and maybe even when the X server has crashed.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.12-1-powerpc
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages linux-image-2.6.12-1-powerpc depends on:
ii coreutils [fileutils] 5.2.1-2.1 The GNU core utilities
ii initrd-tools 0.1.82 tools to create initrd image for p
ii mkvmlinuz 15 create a kernel to boot a PowerPC
ii module-init-tools 3.2-pre9-2 tools for managing Linux kernel mo
linux-image-2.6.12-1-powerpc recommends no packages.
-- no debconf information
---------------------------------------
Received: (at 334113-close) by bugs.debian.org; 26 Nov 2005 17:22:27 +0000
>From [EMAIL PROTECTED] Sat Nov 26 09:22:27 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1Eg3gD-0007c7-So; Sat, 26 Nov 2005 09:17:41 -0800
From: =?utf-8?q?Frederik_Sch=C3=BCler?= <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.60 $
Subject: Bug#334113: fixed in linux-2.6 2.6.14-4
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 26 Nov 2005 09:17:41 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2
Source: linux-2.6
Source-Version: 2.6.14-4
We believe that the bug you reported is fixed in the latest version of
linux-2.6, which is due to be installed in the Debian FTP archive:
kernel-image-2.6-386_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/kernel-image-2.6-386_2.6.14-4_i386.deb
kernel-image-2.6-686-smp_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/kernel-image-2.6-686-smp_2.6.14-4_i386.deb
kernel-image-2.6-686_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/kernel-image-2.6-686_2.6.14-4_i386.deb
kernel-image-2.6-k7-smp_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/kernel-image-2.6-k7-smp_2.6.14-4_i386.deb
kernel-image-2.6-k7_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/kernel-image-2.6-k7_2.6.14-4_i386.deb
linux-2.6_2.6.14-4.diff.gz
to pool/main/l/linux-2.6/linux-2.6_2.6.14-4.diff.gz
linux-2.6_2.6.14-4.dsc
to pool/main/l/linux-2.6/linux-2.6_2.6.14-4.dsc
linux-doc-2.6.14_2.6.14-4_all.deb
to pool/main/l/linux-2.6/linux-doc-2.6.14_2.6.14-4_all.deb
linux-headers-2.6-386_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-headers-2.6-386_2.6.14-4_i386.deb
linux-headers-2.6-686-smp_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-headers-2.6-686-smp_2.6.14-4_i386.deb
linux-headers-2.6-686_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-headers-2.6-686_2.6.14-4_i386.deb
linux-headers-2.6-k7-smp_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-headers-2.6-k7-smp_2.6.14-4_i386.deb
linux-headers-2.6-k7_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-headers-2.6-k7_2.6.14-4_i386.deb
linux-headers-2.6.14-2-386_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-headers-2.6.14-2-386_2.6.14-4_i386.deb
linux-headers-2.6.14-2-686-smp_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-headers-2.6.14-2-686-smp_2.6.14-4_i386.deb
linux-headers-2.6.14-2-686_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-headers-2.6.14-2-686_2.6.14-4_i386.deb
linux-headers-2.6.14-2-k7-smp_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-headers-2.6.14-2-k7-smp_2.6.14-4_i386.deb
linux-headers-2.6.14-2-k7_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-headers-2.6.14-2-k7_2.6.14-4_i386.deb
linux-headers-2.6.14-2_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-headers-2.6.14-2_2.6.14-4_i386.deb
linux-headers-2.6.14_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-headers-2.6.14_2.6.14-4_i386.deb
linux-image-2.6-386_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-image-2.6-386_2.6.14-4_i386.deb
linux-image-2.6-686-smp_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-image-2.6-686-smp_2.6.14-4_i386.deb
linux-image-2.6-686_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-image-2.6-686_2.6.14-4_i386.deb
linux-image-2.6-k7-smp_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-image-2.6-k7-smp_2.6.14-4_i386.deb
linux-image-2.6-k7_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-image-2.6-k7_2.6.14-4_i386.deb
linux-image-2.6.14-2-386_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-image-2.6.14-2-386_2.6.14-4_i386.deb
linux-image-2.6.14-2-686-smp_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-image-2.6.14-2-686-smp_2.6.14-4_i386.deb
linux-image-2.6.14-2-686_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-image-2.6.14-2-686_2.6.14-4_i386.deb
linux-image-2.6.14-2-k7-smp_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-image-2.6.14-2-k7-smp_2.6.14-4_i386.deb
linux-image-2.6.14-2-k7_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-image-2.6.14-2-k7_2.6.14-4_i386.deb
linux-image-386_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-image-386_2.6.14-4_i386.deb
linux-image-686-smp_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-image-686-smp_2.6.14-4_i386.deb
linux-image-686_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-image-686_2.6.14-4_i386.deb
linux-image-k7-smp_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-image-k7-smp_2.6.14-4_i386.deb
linux-image-k7_2.6.14-4_i386.deb
to pool/main/l/linux-2.6/linux-image-k7_2.6.14-4_i386.deb
linux-manual-2.6.14_2.6.14-4_all.deb
to pool/main/l/linux-2.6/linux-manual-2.6.14_2.6.14-4_all.deb
linux-patch-debian-2.6.14_2.6.14-4_all.deb
to pool/main/l/linux-2.6/linux-patch-debian-2.6.14_2.6.14-4_all.deb
linux-source-2.6.14_2.6.14-4_all.deb
to pool/main/l/linux-2.6/linux-source-2.6.14_2.6.14-4_all.deb
linux-tree-2.6.14_2.6.14-4_all.deb
to pool/main/l/linux-2.6/linux-tree-2.6.14_2.6.14-4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frederik Schüler <[EMAIL PROTECTED]> (supplier of updated linux-2.6 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 26 Nov 2005 13:18:41 +0100
Source: linux-2.6
Binary: linux-image-sun3 linux-headers-2.6.14-2-em64t-p4-smp
linux-image-2.6.14-2-atari linux-image-2.6-powerpc-miboot
linux-headers-2.6.14-2-atari linux-headers-2.6.14-2-386
linux-image-2.6.14-2-sun3 linux-image-2.6.14-2-em64t-p4-smp
linux-image-2.6.14-2-hp linux-image-2.6-footbridge
linux-image-2.6-amd64-generic linux-image-2.6.14-2-apus
linux-headers-2.6-64-smp kernel-image-2.6-686-smp linux-headers-2.6-atari
kernel-image-2.6-386 linux-headers-2.6-s390 linux-headers-2.6.14-2-sun3
linux-image-mvme16x linux-image-2.6.14-2-s3c2410 linux-image-itanium
linux-headers-2.6.14-2-64 linux-image-2.6-amd64-k8-smp
linux-headers-2.6.14-2-32 linux-image-2.6-rpc linux-image-2.6-s390
linux-image-q40 linux-headers-2.6-sparc64-smp linux-headers-2.6-mvme147
linux-image-footbridge kernel-image-2.6-itanium-smp
linux-headers-2.6.14-2-powerpc linux-image-2.6.14-2-amd64-k8
linux-headers-2.6.14-2-amiga linux-headers-2.6-686-smp linux-image-atari
linux-image-2.6.14-2-32 linux-headers-2.6.14-2-s390 linux-image-2.6-q40
linux-manual-2.6.14 kernel-image-2.6-k7-smp linux-headers-2.6.14-2-mvme147
linux-headers-2.6-powerpc-miboot linux-headers-2.6-apus linux-image-s390
linux-image-apus linux-image-2.6.14-2-mvme16x
linux-headers-2.6.14-2-alpha-generic linux-patch-debian-2.6.14
linux-headers-2.6.14-2-s390x linux-image-2.6-itanium linux-image-amd64-k8-smp
linux-image-2.6.14-2-mac linux-image-2.6.14-2-k7-smp
linux-image-2.6.14-2-itanium linux-image-2.6.14-2-k7
linux-headers-2.6-amd64-generic linux-image-2.6-mckinley-smp linux-image-amiga
linux-image-2.6-k7 linux-headers-2.6.14-2-32-smp linux-image-2.6.14-2-64-smp
linux-headers-2.6.14-2-mckinley linux-image-mckinley-smp
linux-image-2.6.14-2-amd64-k8-smp linux-image-em64t-p4-smp
linux-image-2.6-powerpc linux-headers-2.6-s3c2410 linux-image-2.6-hp
linux-image-2.6.14-2-itanium-smp linux-image-sparc64-smp
linux-headers-2.6.14-2-amd64-k8 kernel-image-2.6-mckinley
linux-image-powerpc-smp linux-headers-2.6-itanium-smp kernel-image-2.6-power3
linux-image-2.6-64-smp kernel-image-2.6-powerpc linux-headers-2.6-32
linux-tree-2.6.14 kernel-image-2.6-generic linux-headers-2.6-mvme16x
linux-headers-2.6.14-2-mac linux-image-2.6.14-2-386
linux-headers-2.6.14-2-powerpc64 linux-image-2.6-alpha-generic
linux-headers-2.6-amd64-k8-smp linux-image-2.6-em64t-p4 linux-image-32
linux-headers-2.6.14-2-sparc64-smp linux-headers-2.6.14-2-itanium
linux-headers-2.6.14-2-em64t-p4 linux-headers-2.6-powerpc linux-image-hp
linux-headers-2.6-em64t-p4-smp kernel-image-powerpc-smp
linux-headers-2.6-sparc64 linux-image-powerpc64 linux-headers-2.6-hp
linux-headers-2.6.14-2-mckinley-smp linux-image-2.6.14-2-686-smp
linux-headers-2.6.14 linux-headers-2.6-powerpc64 linux-image-2.6-apus
linux-headers-2.6.14-2-apus linux-image-2.6.14-2-64
linux-image-2.6.14-2-alpha-generic linux-headers-2.6-mac
linux-headers-2.6-32-smp linux-image-2.6.14-2-sparc64
linux-headers-2.6-em64t-p4 linux-headers-2.6-rpc linux-image-2.6-mckinley
linux-headers-2.6.14-2-sparc64 linux-headers-2.6-alpha-generic
linux-image-2.6.14-2-amiga linux-headers-2.6-bvme6000
linux-image-2.6.14-2-alpha-smp kernel-image-2.6-sparc64-smp
kernel-image-powerpc linux-image-bvme6000 linux-headers-2.6-alpha-smp
linux-headers-2.6.14-2-k7 linux-headers-2.6.14-2-footbridge
linux-image-2.6.14-2-q40 linux-image-2.6-atari linux-image-64
linux-image-s3c2410 linux-headers-2.6-386 linux-doc-2.6.14
linux-headers-2.6-sun3 linux-headers-2.6-mckinley-smp
kernel-image-2.6-power4-smp linux-image-k7-smp linux-image-386
linux-source-2.6.14 linux-image-2.6.14-2-footbridge
linux-image-2.6.14-2-mckinley-smp kernel-image-power3-smp
linux-image-2.6.14-2-32-smp linux-image-2.6.14-2-bvme6000
linux-image-2.6-bvme6000 linux-image-mckinley linux-headers-2.6.14-2-686-smp
linux-image-itanium-smp linux-image-2.6-sparc64-smp linux-headers-2.6-s390x
linux-image-2.6.14-2-powerpc-smp linux-image-2.6-ixp4xx linux-headers-2.6-q40
linux-headers-2.6.14-2-alpha-smp kernel-image-2.6-k7 linux-image-ixp4xx
linux-image-rpc linux-image-2.6.14-2-mckinley linux-image-2.6-mac
linux-headers-2.6.14-2-powerpc-miboot linux-headers-2.6-64
kernel-image-2.6-power3-smp linux-image-2.6-s390x linux-image-2.6.14-2-em64t-p4
kernel-image-2.6-smp linux-headers-2.6.14-2-hp linux-image-2.6.14-2-rpc
linux-image-alpha-smp linux-headers-2.6.14-2-amd64-k8-smp
linux-headers-2.6.14-2-mvme16x linux-image-2.6-amd64-k8
linux-headers-2.6-footbridge linux-image-2.6-sparc64 linux-image-amd64-k8
kernel-image-power4 linux-image-2.6.14-2-686 linux-image-2.6.14-2-sparc64-smp
linux-image-2.6-s3c2410 linux-headers-2.6.14-2-powerpc-smp
linux-headers-2.6.14-2-686 linux-headers-2.6-k7-smp
linux-headers-2.6.14-2-k7-smp linux-image-2.6.14-2-powerpc64
linux-headers-2.6-mckinley linux-image-em64t-p4 linux-image-2.6-686-smp
linux-image-2.6-mvme147 linux-headers-2.6-ixp4xx linux-image-2.6-32-smp
linux-image-powerpc-miboot linux-image-mvme147 linux-image-686-smp
linux-image-2.6.14-2-powerpc linux-image-2.6-alpha-smp
linux-headers-2.6.14-2-64-smp linux-headers-2.6.14-2-s3c2410 linux-image-686
linux-headers-2.6.14-2 linux-headers-2.6-k7 linux-image-k7
linux-image-2.6-powerpc-smp linux-image-alpha-generic linux-image-s390x
linux-image-2.6-32 linux-headers-2.6-686 linux-headers-2.6.14-2-ixp4xx
linux-image-64-smp linux-image-2.6-itanium-smp kernel-image-2.6-powerpc-smp
linux-image-2.6.14-2-powerpc-miboot linux-image-2.6-amiga
linux-headers-2.6.14-2-itanium-smp linux-image-2.6-mvme16x
linux-headers-2.6-amiga linux-image-2.6-sun3 kernel-image-2.6-s390x
linux-image-powerpc kernel-image-2.6-mckinley-smp kernel-image-power3
linux-image-2.6-powerpc64 linux-headers-2.6-amd64-k8 linux-image-32-smp
kernel-image-power4-smp linux-image-mac linux-image-2.6-386
kernel-image-2.6-sparc64 kernel-image-2.6-power4
linux-headers-2.6.14-2-amd64-generic linux-image-amd64-generic
kernel-image-2.6-itanium linux-headers-2.6.14-2-q40
linux-headers-2.6.14-2-bvme6000 linux-image-2.6.14-2-ixp4xx linux-image-2.6-64
linux-image-sparc64 linux-image-2.6.14-2-mvme147 linux-headers-2.6.14-2-rpc
linux-image-2.6-em64t-p4-smp linux-image-2.6.14-2-s390x
linux-headers-2.6-itanium linux-headers-2.6-powerpc-smp
linux-image-2.6.14-2-amd64-generic linux-image-2.6-k7-smp linux-image-2.6-686
linux-image-2.6.14-2-s390 kernel-image-2.6-s390 kernel-image-2.6-686
Architecture: source i386 all
Version: 2.6.14-4
Distribution: unstable
Urgency: low
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Frederik Schüler <[EMAIL PROTECTED]>
Description:
kernel-image-2.6-386 - Linux kernel 2.6.12 image on 386-class machines -
transition pack
kernel-image-2.6-686 - Linux kernel 2.6 image on PPro/Celeron/PII/PIII/P4
machines - tra
kernel-image-2.6-686-smp - Linux kernel 2.6 image on PPro/Celeron/PII/PIII/P4
SMP machines -
kernel-image-2.6-k7 - Linux kernel 2.6 image on AMD K7 machines - transition
package
kernel-image-2.6-k7-smp - Linux kernel 2.6 image on AMD K7 SMP machines -
transition packag
linux-doc-2.6.14 - Linux kernel specific documentation for version 2.6.14
linux-headers-2.6-386 - Architecture-specific header files for Linux kernel
2.6 on 386-cl
linux-headers-2.6-686 - Architecture-specific header files for Linux kernel
2.6 on PPro/C
linux-headers-2.6-686-smp - Architecture-specific header files for Linux
kernel 2.6 on PPro/C
linux-headers-2.6-k7 - Architecture-specific header files for Linux kernel 2.6
on AMD K7
linux-headers-2.6-k7-smp - Architecture-specific header files for Linux kernel
2.6 on AMD K7
linux-headers-2.6.14 - All header files for Linux kernel 2.6.14
linux-headers-2.6.14-2 - Common header files for Linux kernel 2.6.14
linux-headers-2.6.14-2-386 - Header files for Linux kernel 2.6.14 on 386-class
machines
linux-headers-2.6.14-2-686 - Header files for Linux kernel 2.6.14 on
PPro/Celeron/PII/PIII/P4
linux-headers-2.6.14-2-686-smp - Header files for Linux kernel 2.6.14 on
PPro/Celeron/PII/PIII/P4
linux-headers-2.6.14-2-k7 - Header files for Linux kernel 2.6.14 on AMD K7
machines
linux-headers-2.6.14-2-k7-smp - Header files for Linux kernel 2.6.14 on AMD K7
SMP machines
linux-image-2.6-386 - Linux kernel 2.6 image on 386-class machines
linux-image-2.6-686 - Linux kernel 2.6 image on PPro/Celeron/PII/PIII/P4
machines
linux-image-2.6-686-smp - Linux kernel 2.6 image on PPro/Celeron/PII/PIII/P4
SMP machines
linux-image-2.6-k7 - Linux kernel 2.6 image on AMD K7 machines
linux-image-2.6-k7-smp - Linux kernel 2.6 image on AMD K7 SMP machines
linux-image-2.6.14-2-386 - Linux kernel 2.6.14 image on 386-class machines
linux-image-2.6.14-2-686 - Linux kernel 2.6.14 image on
PPro/Celeron/PII/PIII/P4 machines
linux-image-2.6.14-2-686-smp - Linux kernel 2.6.14 image on
PPro/Celeron/PII/PIII/P4 SMP machine
linux-image-2.6.14-2-k7 - Linux kernel 2.6.14 image on AMD K7 machines
linux-image-2.6.14-2-k7-smp - Linux kernel 2.6.14 image on AMD K7 SMP machines
linux-image-386 - Linux kernel image on 386-class machines
linux-image-686 - Linux kernel image on PPro/Celeron/PII/PIII/P4 machines
linux-image-686-smp - Linux kernel image on PPro/Celeron/PII/PIII/P4 SMP
machines
linux-image-k7 - Linux kernel image on AMD K7 machines
linux-image-k7-smp - Linux kernel image on AMD K7 SMP machines
linux-manual-2.6.14 - Linux kernel API manual pages for version 2.6.14
linux-patch-debian-2.6.14 - Debian patches to version 2.6.14 of the Linux
kernel
linux-source-2.6.14 - Linux kernel source for version 2.6.14 with Debian
patches
linux-tree-2.6.14 - Linux kernel source tree for building Debian kernel images
Closes: 334113 340215 340571
Changes:
linux-2.6 (2.6.14-4) unstable; urgency=low
.
[ dann frazier ]
* setkeys-needs-root-1.patch, setkeys-needs-root-2.patch:
[SECURITY] Require root privilege to write the current
function key string entry of other user's terminals.
See CVE-2005-3257 (Closes: #334113)
.
[ Simon Horman ]
* Enable MKISS globally (closes: #340215)
* mm-invalidate_inode_pages2-overflow.patch
[SECURITY] 32bit integer overflow in invalidate_inode_pages2() (local DoS)
* ctnetlink-check-if-protoinfo-is-present.patch
[SECURITY] ctnetlink: check if protoinfo is present (local DoS)
* ctnetlink-fix-oops-when-no-icmp-id-info-in-message.patch
[SECURITY] ctnetlink: Fix oops when no ICMP ID info in message (local DoS)
.
[ Sven Luther ]
* Re-added powerpc/apus patch, now that Roman Zippel merged it in.
* Let's create asm-(ppc|ppc64) -> asm-powerpc symlink farm. (Closes:
#340571)
.
[ maximilian attems ]
* Add 2.6.14.3 patch - features changelog:
- isdn/hardware/eicon/os_4bri.c: correct the xdiLoadFile() signature
- x86_64/i386: Compute correct MTRR mask on early Noconas
- PPTP helper: Fix endianness bug in GRE key / CallID NAT
- nf_queue: Fix Ooops when no queue handler registered
- ctnetlink: check if protoinfo is present
- ip_conntrack: fix ftp/irc/tftp helpers on ports >= 32768
- VFS: Fix memory leak with file leases
- hwmon: Fix lm78 VID conversion
- hwmon: Fix missing it87 fan div init
- ppc64 memory model depends on NUMA
- Generic HDLC WAN drivers - disable netif_carrier_off()
- ctnetlink: Fix oops when no ICMP ID info in message
- Don't auto-reap traced children
- packet writing oops fix
- PPTP helper: fix PNS-PAC expectation call id
- NAT: Fix module refcount dropping too far
- Fix soft lockup with ALSA rtc-timer
- Fix calculation of AH length during filling ancillary data.
- ip_conntrack TCP: Accept SYN+PUSH like SYN
- refcount leak of proto when ctnetlink dumping tuple
- Fix memory management error during setting up new advapi sockopts.
- Fix sending extension headers before and including routing header.
- hwmon: Fix missing boundary check when setting W83627THF in0 limits
* Remove ctnetlink-check-if-protoinfo-is-present.patch,
net-nf_queue-oops.patch - already included in 2.6.14.3.
.
[ Frederik Schüler ]
* Make CONFIG_PACKET, PACKET_MM and UNIX builtin on all architectures:
statically linked has better performance then modules due to TLB issue.
* Add myself to uploaders.
Files:
f0739f0706c4d009db45ce8ea6c008b8 7625 devel optional linux-2.6_2.6.14-4.dsc
1d30a542931685ad4d17b31580b82a1e 424541 devel optional
linux-2.6_2.6.14-4.diff.gz
f150bbec280fdd62b95fcc1f3f9a82bf 3889112 doc optional
linux-doc-2.6.14_2.6.14-4_all.deb
beacf10dea8ac618daeee11c9d635543 788366 doc optional
linux-manual-2.6.14_2.6.14-4_all.deb
01b0fa56b41fd77a8ed0b3f0b6772046 305062 devel optional
linux-patch-debian-2.6.14_2.6.14-4_all.deb
1622b4539acd62063dba248171873890 38272284 devel optional
linux-source-2.6.14_2.6.14-4_all.deb
6d558efd6c6e71c53ff3a35e837e6c7c 14084 devel optional
linux-tree-2.6.14_2.6.14-4_all.deb
bb0178618ebe39d155d63c3474af166d 116668 devel optional
linux-headers-2.6.14_2.6.14-4_i386.deb
25ae1e1bed719319b0516ca351f45b4d 3038570 devel optional
linux-headers-2.6.14-2_2.6.14-4_i386.deb
790137a37b344404cfc3755ae3c2332a 517016 devel optional
linux-headers-2.6.14-2-386_2.6.14-4_i386.deb
bcf85e036ee24e573de85f87f83643f3 16816816 base optional
linux-image-2.6.14-2-386_2.6.14-4_i386.deb
0acc34adb1b48b297cc7d5c3c16e59e8 13640 base optional
linux-image-386_2.6.14-4_i386.deb
1ff1fdd43f27d9b23aadf7df5f6fabaa 13648 base optional
linux-image-2.6-386_2.6.14-4_i386.deb
aaf888abe0eb7b8f1bfaf1c1c2a7cb41 13676 devel optional
linux-headers-2.6-386_2.6.14-4_i386.deb
c2f6a96fff613b84a648fe9d62cf6c56 514360 devel optional
linux-headers-2.6.14-2-686_2.6.14-4_i386.deb
900515ba87414163bab3e0c6ae3e89d6 17727594 base optional
linux-image-2.6.14-2-686_2.6.14-4_i386.deb
9f7a6aa8ea0d0e79523622dc3081bdab 13666 base optional
linux-image-686_2.6.14-4_i386.deb
32544b6102b68f062e50db0565e69520 13674 base optional
linux-image-2.6-686_2.6.14-4_i386.deb
5b858f8577e58e17ef6fb4195320ffba 13710 devel optional
linux-headers-2.6-686_2.6.14-4_i386.deb
57ad17eb6af7730540046766098a615c 512346 devel optional
linux-headers-2.6.14-2-686-smp_2.6.14-4_i386.deb
8d31c01f02ab203a04ad73b42c625769 17610890 base optional
linux-image-2.6.14-2-686-smp_2.6.14-4_i386.deb
c530089d13390a8a91d23cf0a08f3d43 13686 base optional
linux-image-686-smp_2.6.14-4_i386.deb
1aace47be4d01867e2220e7107851554 13694 base optional
linux-image-2.6-686-smp_2.6.14-4_i386.deb
827f73f9e8539507befc28e12d08aa2e 13726 devel optional
linux-headers-2.6-686-smp_2.6.14-4_i386.deb
7b286f0d1ea777c1ea8119f1fae424b0 525100 devel optional
linux-headers-2.6.14-2-k7_2.6.14-4_i386.deb
493f5d78d830294a1b93f6a5f724108f 17497772 base optional
linux-image-2.6.14-2-k7_2.6.14-4_i386.deb
0b11cef2a3973de98509561ea54038eb 13656 base optional
linux-image-k7_2.6.14-4_i386.deb
2a65eb85aa1ca41f1facde06dc057d3c 13666 base optional
linux-image-2.6-k7_2.6.14-4_i386.deb
e5ab368360edb98e26cc2ce87f2b85e6 13690 devel optional
linux-headers-2.6-k7_2.6.14-4_i386.deb
646edad1e9756f72c863e91275fb4873 512262 devel optional
linux-headers-2.6.14-2-k7-smp_2.6.14-4_i386.deb
a70dcf211a431c68533ede016ab83b96 17435974 base optional
linux-image-2.6.14-2-k7-smp_2.6.14-4_i386.deb
c3ef1bc3d9154325ba9e5aef0d0461bf 13684 base optional
linux-image-k7-smp_2.6.14-4_i386.deb
d5bed92a2fd05b8e03964f2262625457 13692 base optional
linux-image-2.6-k7-smp_2.6.14-4_i386.deb
ac3b691ae88c6b90387c4215c49c9aaf 13722 devel optional
linux-headers-2.6-k7-smp_2.6.14-4_i386.deb
e6ab181b6510111c2d633c93e102a678 13640 base extra
kernel-image-2.6-386_2.6.14-4_i386.deb
f5a2b5981c203fde47926fb02b6f05f3 13656 base extra
kernel-image-2.6-686_2.6.14-4_i386.deb
9454df287fe4d9f67b76545aa30c55b3 13668 base extra
kernel-image-2.6-686-smp_2.6.14-4_i386.deb
dc2fd5ae255808a53b8af7fc304e949a 13646 base extra
kernel-image-2.6-k7_2.6.14-4_i386.deb
779d347f2c75b24145b0f2265cb03acc 13660 base extra
kernel-image-2.6-k7-smp_2.6.14-4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDiI+b6n7So0GVSSARAtjXAJ4jCQTw15WHqWgfDhPZGa4N3tThHACcCUop
pBIZZYx3u5fYnphDNxVivQU=
=+2gU
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
