From: Willy Tarreau <w@1wt.eu>
To: Ben Hutchings <ben@decadent.org.uk>
Cc: stable <stable@vger.kernel.org>
Subject: Re: Security fixes for 2.6.32-stable
Date: Fri, 5 Feb 2016 19:11:54 +0100 [thread overview]
Message-ID: <20160205181154.GA27707@1wt.eu> (raw)
In-Reply-To: <1454694324.20702.73.camel@decadent.org.uk>
Hi Ben,
On Fri, Feb 05, 2016 at 05:45:24PM +0000, Ben Hutchings wrote:
> Willy, here are some more security patches I've recently applied to
> Debian's 2.6.32 branch. �These are being released today in the final
> security update for Debian 6.0 "squeeze".
>
> The mapping to CVE IDs is:
>
> �* usb: serial: visor: fix crash on detecting device without
> write_urbs (CVE-2015-7566)
> �* [media] usbvision fix overflow of interfaces array (CVE-2015-7833)
> �* [media] usbvision: fix crash on detecting device with invalid
> configuration (CVE-2015-7833)
> �* sctp: Prevent soft lockup when sctp_accept() is called during a
> timeout event (CVE-2015-8767)
> �* tty: Fix unsafe ldisc reference via ioctl(TIOCGETD) (CVE-2016-0723)
> �* x86/mm: Add barriers and document switch_mm()-vs-flush
> synchronization (CVE-2016-2069)
> �* x86/mm: Improve switch_mm() barrier comments (no CVE, just
> documenting previous fix)
>
> Several recently reported CVEs were not fixed in squeeze, but you might
> want to try backporting the fixes yourself:
>
> CVE-2013-4312 (upstream commits: 712f4aad406b, 759c01142a5d)
> CVE-2015-5307 (upstream commits: 54a20552e1ea)
> CVE-2015-6526�(upstream commits: 9a5cbce421a2)
> CVE-2015-8104 (upstream commits: cbdb967af3d5)
Great, thank you very much for all this. I'll take a look at the commit
IDs to see if the backports are easy and if they're testable. I'd rather
not break the last version and let it rot that way :-)
Best regards,
willy
next prev parent reply other threads:[~2016-02-05 18:11 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-05 17:45 Security fixes for 2.6.32-stable Ben Hutchings
2016-02-05 18:11 ` Willy Tarreau [this message]
-- strict thread matches above, loose matches on Subject: below --
2016-01-17 14:30 Ben Hutchings
2016-01-17 17:28 ` Willy Tarreau
2015-12-27 20:45 Ben Hutchings
2015-12-27 20:50 ` Willy Tarreau
2015-11-16 19:47 Ben Hutchings
2015-11-16 20:08 ` Willy Tarreau
2015-07-05 21:19 Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160205181154.GA27707@1wt.eu \
--to=w@1wt.eu \
--cc=ben@decadent.org.uk \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).