Diffstat (limited to 'tags/2.6.18-5/00000_README')
1 files changed, 222 insertions, 0 deletions
diff --git a/tags/2.6.18-5/00000_README b/tags/2.6.18-5/00000_README
new file mode 100644
@@ -0,0 +1,222 @@
+Xen Patches README
+These patches are intended to be stacked on top of genpatches-base.
+Many of the patches included here are swiped from various sources which
+use their own four digit patch numbering scheme, so we are stuck with five
+digits to indiciate the source for easier tracking and re-syncing.
+0xxxx Gentoo, not related to Xen. (in case we pull something from extras)
+1xxxx XenSource, upstream Xen patch for 2.6.18
+2xxxx Redhat, we use their Xen patch for >=2.6.20
+3xxxx Debian, we use their security fixes for 2.6.18
+5xxxx Gentoo, Xen and other fixes for Redhat and/or Debian patches.
+ Upstream 3.1.0 patch
+ [SECURITY] Fix remotely exploitable NULL pointer dereference in
+ See CVE-2007-1496
+ [SECURITY] Fix incorrect classification of IPv6 fragments as ESTABLISHED,
+ which allows remote attackers to bypass certain rulesets
+ See CVE-2007-1497
+ [SECURITY] Fix infinite recursion bug in netlink
+ See CVE-2007-1861
+ Add fix for oops bug added by previous patch
+ [SECURITY] Fix a vulnerability that allows local users to read
+ otherwise unreadable (but executable) files by triggering a core dump.
+ See CVE-2007-0958
+ [SECURITY] Fix a remote DoS (crash) in appletalk
+ Depends upon bugfix/appletalk-endianness-annotations.patch
+ See CVE-2007-1357
+ [SECURITY] Fix a buffer overflow in the Omnikey CardMan 4040 driver
+ See CVE-2007-0005
+ [SECURITY] Fix local DoS vulnerability caused by inadvertently sharing
+ ipv6_fl_socklist between the listening socket and the socket created
+ for connection.
+ See CVE-2007-1592
+ [SECURITY] Fix the key serial number collision avoidance code in
+ key_alloc_serial() that could lead to a local DoS (oops).
+ (closes: #398470)
+ See CVE-2007-0006
+ [SECURITY] Fix kernel memory leak vulnerability in
+ ipv6_getsockopt_sticky() which can be triggered by passing a len < 0.
+ See CVE-2007-1000
+ [SECURITY] Fix NULL dereference in ipv6_setsockopt that could lead
+ to a local DoS (oops).
+ See CVE-2007-1388
+ [SECURITY] Avoid a remote DoS (network amplification between two routers)
+ by disabling type0 IPv6 route headers by default. Can be re-enabled via
+ a sysctl interface. Thanks to Vlad Yasevich for porting help.
+ [SECURITY] Fix userspace corruption vulnerability caused by
+ incorrectly promoted return values in bad_inode_ops
+ This patch changes the kernel ABI.
+ See CVE-2006-5753
+ [SECURITY] Fix information leaks in setsockopt() implementations
+ See CVE-2007-1353
+ [SECURITY] limit memory consumption during write in the usblcd driver
+ See CVE-2007-3513
+ [SECURITY] fix unpriveleged memory leak when a PPPoE socket is released
+ after connect but before PPPIOCGCHAN ioctl is called upon it
+ See CVE-2007-2525
+ [SECURITY] nf_conntrack_h323: add checking of out-of-range on choices'
+ index values
+ See CVE-2007-3642
+ [SECURITY] Fix out of bounds condition in dn_fib_props
+ See CVE-2007-2172
+ [SECURITY] Avoid seeding with the same values at boot time when a
+ system has no entropy source and fix a casting error in entropy
+ extraction that resulted in slightly less random numbers.
+ See CVE-2007-2453
+ [SECURITY] Fix remotely triggerable NULL pointer dereference
+ by sending an unknown chunk type.
+ See CVE-2007-2876
+ [SECURITY] Fix i965 secured batchbuffer usage
+ See CVE-2007-3851
+ Dependency for 30006_appletalk-length-mismatch.patch.
+ Dependency for 30022_i965-secure-batchbuffer.patch
+ [SECURITY] Fix a typo which caused fib_props to be of the wrong size
+ and check for out of bounds condition in index provided by userspace
+ See CVE-2007-2172
+ [SECURITY] Fix overriding the server to force signing on caused by
+ checking the wrong gloal variable.
+ See CVE-2007-3843
+ [SECURITY] Fix integer underflow in /dev/cpuset/tasks which could allow
+ local attackers to read sensitive kernel memory if the cpuset filesystem
+ is mounted.
+ See CVE-2007-2875
+ [SECURITY] Fix stack-based buffer overflow in the random number
+ See CVE-2007-3105
+ [SECURITY] Require admin capabilities to issue ioctls to aacraid devices
+ See CVE-2007-4308
+ [SECURITY] Handle an invalid LDT segment selector %cs (the xcs field)
+ during ptrace single-step operations that can be used to trigger a
+ NULL-pointer dereference causing an Oops.
+ See CVE-2007-3731
+ [SECURITY] Prevent OOPS during stack expansion when the VMA crosses
+ into address space reserved for hugetlb pages.
+ See CVE-2007-3739
+ [SECURITY] Make CIFS honor a process' umask
+ See CVE-2007-3740
+ [SECURITY] Zero extend all registers after ptrace in 32-bit entry path.
+ See CVE-2007-4573
+ [SECURITY] Write correct legacy modes to the medium on inode creation to
+ prevent incorrect permissions upon remount.
+ See CVE-2007-4849
+ [SECURITY] Zero extend all registers after ptrace in 32-bit entry path
+ See CVE-2007-4573
+ [SECURITY] Don't leak NT bit into next task (Xen).
+ See CVE-2006-5755
+ [SECURITY] Fix misconversion of hugetlb_vmtruncate_list to prio_tree
+ which could be used to trigger a BUG_ON() call in exit_mmap.
+ See CVE-2007-4133
+ [SECURITY] Fix issue with unplugging webcams that use the pwc driver.
+ If userspace still has the device open it can result, the driver would
+ wait for the device to close, blocking the USB subsystem.
+ See CVE-2007-5093
+ Fix ipv6 rfc conformance issue introduced in 2.6.18.dfsg.1-13 by the
+ fix for CVE-2007-2242. Thanks to Brian Haley for the patch.
+ (closes: Debian #440127)
+ Update fix for CVE-2007-3848 with the patch accepted upstream
+ (formerly 30013_reset-pdeathsig-on-suid.patch)
+ Handle make install in a semi-sane way that plays nice with
+ split domU/dom0 kernels.
+ Compile fix for non-SMP (UP) kernels. Since UP support is broken in
+ upstream Xen I'm not sure if I trust it or not. :-P
+ CONFIG_HIGHPTE can cause serious problems so lets save people's
+ sanity, avoid killing kittens, and end all war by disabling it.