From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from wtarreau.pck.nerim.net ([62.212.114.60]:9518 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752033AbbKPUI0 (ORCPT ); Mon, 16 Nov 2015 15:08:26 -0500 Date: Mon, 16 Nov 2015 21:08:22 +0100 From: Willy Tarreau To: Ben Hutchings Cc: stable Subject: Re: Security fixes for 2.6.32-stable Message-ID: <20151116200822.GA30245@1wt.eu> References: <1447703257.17039.138.camel@decadent.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1447703257.17039.138.camel@decadent.org.uk> Sender: stable-owner@vger.kernel.org List-ID: Hi Ben, On Mon, Nov 16, 2015 at 07:47:37PM +0000, Ben Hutchings wrote: > Willy, here are the security patches I've recently applied to Debian's > 2.6.32 branch, aside from those for CVE-2015-2925 - which we already > discussed - and for issues not yet fixed upstream. > > These have already been released without reported regressions. The > mapping to CVE IDs is: > > � * md: use kzalloc() when bitmap is disabled�(CVE-2015-5697) > � * ipv6: addrconf: validate new MTU before applying it�(CVE-2015-0272) > � * virtio-net: drop NETIF_F_FRAGLIST�(CVE-2015-5156) > � * USB: whiteheat: fix potential null-deref at probe�(CVE-2015-5257) > � * ipc/sem.c: fully initialize sem_array before making it visible > (no CVE ID, but similar issue to the following fix) > � * Initialize msg/shm IPC objects before doing ipc_addid() > (CVE-2015-7613) Much appreciated, thank you! I'll try to issue a new kernel ASAP, probably next week. Cheers, Willy