Joey Hess
2005-Sep-15 16:05 UTC
[Secure-testing-commits] r2006 - data/CAN data/DTSA data/DTSA/advs website website/DTSA
Author: joeyh
Date: 2005-09-15 16:04:59 +0000 (Thu, 15 Sep 2005)
New Revision: 2006
Added:
data/DTSA/advs/16-linux-2.6.adv
website/DTSA/DTSA-16-1.html
Removed:
data/DTSA/advs/nn-kernel-source-2.6.8.adv
Modified:
data/CAN/list
data/DTSA/list
website/list.html
Log:
Put together an advisory for the linux-2.6 packages. This is not a normal
DTSA since the fix reached testing on its own steam; it seemed worth making
an announcement since users need to take special actions to install the new
linux-2.6 packages and upgrade.
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-15 15:40:40 UTC (rev 2005)
+++ data/CAN/list 2005-09-15 16:04:59 UTC (rev 2006)
@@ -4493,6 +4493,7 @@
CAN-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit
architectures ...)
- kernel-source-2.6.8 2.6.8-17
- kernel-source-2.6.8 2.6.8-16sarge1
+ TODO: check if it''s fixed in linux-2.6
CAN-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the
AMD64 ...)
- linux-2.6 2.6.12-1 (medium)
- kernel-source-2.6.8 2.6.8-17
@@ -7961,11 +7962,13 @@
- kernel-source-2.4.27 2.4.27-11
- kernel-source-2.6.8 2.6.8-17
- kernel-source-2.6.8 2.6.8-16sarge1
+ TODO: check if it''s fixed in linux-2.6
CAN-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64
...)
- kernel-source-2.4.27 2.4.27-11 (medium)
- kernel-source-2.6.8 2.6.8-17 (medium)
- kernel-source-2.6.8 2.6.8-16sarge1 (medium)
- kernel-source-2.6.11 2.6.11-7 (medium)
+ TODO: check if it''s fixed in linux-2.6
CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix
Player ...)
- helix-player 1.0.4-1
CAN-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files
without ...)
@@ -9380,6 +9383,7 @@
NOTE: According to Herbert Xu, 2.4 is not vulnerable :
http://oss.sgi.com/archives/netdev/2005-01/msg01107.html
NOTE: Seems to be stuck with the ABI bump / debian-installer problem
- kernel-source-2.6.8 (unfixed; bug #295949; high)
+ TODO: verify if it''s fixed in linux-2.6
CAN-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl
before ...)
{DSA-696-1}
- perl 5.8.4-7
Copied: data/DTSA/advs/16-linux-2.6.adv (from rev 1998,
data/DTSA/advs/nn-kernel-source-2.6.8.adv)
==================================================================---
data/DTSA/advs/nn-kernel-source-2.6.8.adv 2005-09-15 11:57:38 UTC (rev 1998)
+++ data/DTSA/advs/16-linux-2.6.adv 2005-09-15 16:04:59 UTC (rev 2006)
@@ -0,0 +1,120 @@
+source: linux-2.6
+date: September 15, 2005
+author: Joey Hess
+vuln-type: several holes
+problem-scope: remote
+debian-specifc: no
+cve: CAN-2005-2098 CAN-2005-2099 CAN-2005-2456 CAN-2005-2617 CAN-2005-1913
CAN-2005-1761 CAN-2005-2457 CAN-2005-2458 CAN-2005-2459 CAN-2005-2548
CAN-2004-2302 CAN-2005-1765 CAN-2005-1762 CAN-2005-1761 CAN-2005-2555
+testing-fix: 2.6.12-6
+sid-fix: 2.6.12-6
+upgrade: apt-get install linux-image-2.6-386; reboot
+
+Several security related problems have been found in version 2.6 of the
+linux kernel. The Common Vulnerabilities and Exposures project identifies
+the following problems:
+
+CAN-2004-2302
+
+ Race condition in the sysfs_read_file and sysfs_write_file functions in
+ Linux kernel before 2.6.10 allows local users to read kernel memory and
+ cause a denial of service (crash) via large offsets in sysfs files.
+
+CAN-2005-1761
+
+ Vulnerability in the Linux kernel allows local users to cause a
+ denial of service (kernel crash) via ptrace.
+
+CAN-2005-1762
+
+ The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64
+ platform allows local users to cause a denial of service (kernel crash) via
+ a "non-canonical" address.
+
+CAN-2005-1765
+
+ syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when
+ running in 32-bit compatibility mode, allows local users to cause a denial
+ of service (kernel hang) via crafted arguments.
+
+CAN-2005-1913
+
+ When a non group-leader thread called exec() to execute a different program
+ while an itimer was pending, the timer expiry would signal the old group
+ leader task, which did not exist any more. This caused a kernel panic.
+
+CAN-2005-2098
+
+ The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before
+ 2.6.12.5 contains an error path that does not properly release the session
+ management semaphore, which allows local users or remote attackers to cause
+ a denial of service (semaphore hang) via a new session keyring (1) with an
+ empty name string, (2) with a long name string, (3) with the key quota
+ reached, or (4) ENOMEM.
+
+CAN-2005-2099
+
+ The Linux kernel before 2.6.12.5 does not properly destroy a keyring that
+ is not instantiated properly, which allows local users or remote attackers
+ to cause a denial of service (kernel oops) via a keyring with a payload
+ that is not empty, which causes the creation to fail, leading to a null
+ dereference in the keyring destructor.
+
+CAN-2005-2456
+
+ Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c
+ in Linux kernel 2.6 allows local users to cause a denial of service (oops
+ or deadlock) and possibly execute arbitrary code via a p->dir value that
is
+ larger than XFRM_POLICY_OUT, which is used as an index in the
+ sock->sk_policy array.
+
+CAN-2005-2457
+
+ The driver for compressed ISO file systems (zisofs) in the Linux kernel
+ before 2.6.12.5 allows local users and remote attackers to cause a denial
+ of service (kernel crash) via a crafted compressed ISO file system.
+
+CAN-2005-2458
+
+ inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows
+ remote attackers to cause a denial of service (kernel crash) via a
+ compressed file with "improper tables".
+
+CAN-2005-2459
+
+ The huft_build function in inflate.c in the zlib routines in the Linux
+ kernel before 2.6.12.5 returns the wrong value, which allows remote
+ attackers to cause a denial of service (kernel crash) via a certain
+ compressed file that leads to a null pointer dereference, a different
+ vulnerbility than CAN-2005-2458.
+
+CAN-2005-2548
+
+ vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a denial
+ of service (kernel oops from null dereference) via certain UDP packets that
+ lead to a function call with the wrong argument, as demonstrated using
+ snmpwalk on snmpd.
+
+CAN-2005-2555
+
+ Linux kernel 2.6.x does not properly restrict socket policy access to users
+ with the CAP_NET_ADMIN capability, which could allow local users to conduct
+ unauthorized activities via (1) ipv4/ip_sockglue.c and (2)
+ ipv6/ipv6_sockglue.c.
+
+CAN-2005-2617
+
+ The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12
+ and later, on the amd64 architecture, does not check the return value of
+ the insert_vm_struct function, which allows local users to trigger a memory
+ leak via a 32-bit application with crafted ELF headers.
+
+In addition this update fixes some security issues that have not been
+assigned CVE ids:
+
+ - Fix DST leak in icmp_push_reply(). Possible remote DoS?
+
+ - NPTL signal delivery deadlock fix; possible local DoS.
+
+ - fix a memory leak in devices seq_file implementation; local DoS.
+
+ - Fix SKB leak in ip6_input_finish(); local DoS.
Deleted: data/DTSA/advs/nn-kernel-source-2.6.8.adv
==================================================================---
data/DTSA/advs/nn-kernel-source-2.6.8.adv 2005-09-15 15:40:40 UTC (rev 2005)
+++ data/DTSA/advs/nn-kernel-source-2.6.8.adv 2005-09-15 16:04:59 UTC (rev 2006)
@@ -1,21 +0,0 @@
-source: kernel-source-2.6.8
-date: September 10, 2005
-author: Micah Anderson
-vuln-type: various
-problem-scope: remote
-debian-specifc: no
-cve: CAN-2005-1763, CAN-2005-1762, CAN-2005-0756, CAN-2005-1265, CAN-2005-0757,
-CAN-2005-1765, CAN-2005-1761, CAN-2005-2456, CAN-2005-2548, CAN-2004-2302,
-CAN-2005-1767, CAN-2005-2458, CAN-2005-2459
-vendor-advisory:
-testing-fix: linux-2.6
-sid-fix: linux-2.6
-upgrade: apt-get install xxx
-
-xxx multiline description here
-
-TODO:
- upgrade instructions
- descriptions
- what about security fixes that don''t have CANs?
-
Modified: data/DTSA/list
==================================================================---
data/DTSA/list 2005-09-15 15:40:40 UTC (rev 2005)
+++ data/DTSA/list 2005-09-15 16:04:59 UTC (rev 2006)
@@ -42,3 +42,6 @@
[September 13th, 2005] DTSA-15-1 php4 - several vulnerabilities
{CAN-2005-1751 CAN-2005-1921 CAN-2005-2498 }
- php4 4:4.3.10-16etch1
+[September 15, 2005] DTSA-16-1 linux-2.6 - various
+ {CAN-2005-2098 CAN-2005-2099 CAN-2005-2456 CAN-2005-2617 CAN-2005-1913
CAN-2005-1761 CAN-2005-2457 CAN-2005-2458 CAN-2005-2459 CAN-2005-2548
CAN-2004-2302 CAN-2005-1765 CAN-2005-1762 CAN-2005-1761 CAN-2005-2555 }
+ - linux-2.6 2.6.12-6
Added: website/DTSA/DTSA-16-1.html
==================================================================---
website/DTSA/DTSA-16-1.html 2005-09-15 15:40:40 UTC (rev 2005)
+++ website/DTSA/DTSA-16-1.html 2005-09-15 16:04:59 UTC (rev 2006)
@@ -0,0 +1,320 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+ <html><head><meta http-equiv="Content-Type"
content="text/html; charset=iso8859-1">
+ <title>Debian testing security team - Advisory</title>
+ <link type="text/css" rel="stylesheet"
href="../style.css">
+ <link rel="shortcut icon"
href="http://www.debian.org/favicon.ico">
+ </head>
+ <body>
+ <div align="center">
+ <a href="http://www.debian.org/">
+
+ <img src="http://www.debian.org/logos/openlogo-nd-50.png"
border="0" hspace="0" vspace="0"
alt=""></a>
+ <a href="http://www.debian.org/">
+ <img src="http://www.debian.org/Pics/debian.png"
border="0" hspace="0" vspace="0" alt="Debian
Project"></a>
+ </div>
+ <br />
+ <table class="reddy" width="100%">
+ <tr>
+ <td class="reddy">
+ <img src="http://www.debian.org/Pics/red-upperleft.png"
align="left" border="0" hspace="0"
vspace="0"
+ alt="" width="15" height="16"></td>
+
+ <td rowspan="2" class="reddy">Debian testing
security team - Advisory</td>
+ <td class="reddy">
+ <img src="http://www.debian.org/Pics/red-upperright.png"
align="right" border="0" hspace="0"
vspace="0"
+ alt="" width="16" height="16"></td>
+ </tr>
+ <tr>
+ <td class="reddy">
+ <img src="http://www.debian.org/Pics/red-lowerleft.png"
align="left" border="0" hspace="0"
vspace="0"
+ alt="" width="16" height="16"></td>
+ <td class="reddy">
+
+ <img src="http://www.debian.org/Pics/red-lowerright.png"
align="right" border="0" hspace="0"
vspace="0"
+ alt="" width="15" height="16"></td>
+ </tr>
+ </table>
+
+<!-- header -->
+<h2>DTSA-16-1</h2>
+<dl>
+<dt>Date Reported:</dt>
+<dd>September 15, 2005</dd>
+<dt>Affected Package:</dt>
+<dd><a
href=''http://packages.debian.org/src:linux-2.6''>linux-2.6</a></dd>
+<dt>Vulnerability:</dt>
+<dd>several holes</dd>
+<dt>Problem-Scope:</dt>
+<dd>remote</dd>
+<dt>Debian-specific:</dt>
+<dd>No<br></dd>
+<dt>CVE:</dt>
+<dd>
+<a
href=''http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2098''>CAN-2005-2098</a>
+<a
href=''http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2099''>CAN-2005-2099</a>
+<a
href=''http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2456''>CAN-2005-2456</a>
+<a
href=''http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2617''>CAN-2005-2617</a>
+<a
href=''http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1913''>CAN-2005-1913</a>
+<a
href=''http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1761''>CAN-2005-1761</a>
+<a
href=''http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2457''>CAN-2005-2457</a>
+<a
href=''http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2458''>CAN-2005-2458</a>
+<a
href=''http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2459''>CAN-2005-2459</a>
+<a
href=''http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2548''>CAN-2005-2548</a>
+<a
href=''http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2302''>CAN-2004-2302</a>
+<a
href=''http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1765''>CAN-2005-1765</a>
+<a
href=''http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1762''>CAN-2005-1762</a>
+<a
href=''http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1761''>CAN-2005-1761</a>
+<a
href=''http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2555''>CAN-2005-2555</a>
+<br></dd>
+<br><dt>More information:</dt>
+<dd>Several security related problems have been found in version 2.6 of
the <br>
+linux kernel. The Common Vulnerabilities and Exposures project
identifies <br>
+the following problems: <br>
+ <br>
+CAN-2004-2302 <br>
+ <br>
+ Race condition in the sysfs_read_file and sysfs_write_file functions
in <br>
+ Linux kernel before 2.6.10 allows local users to read kernel memory
and <br>
+ cause a denial of service (crash) via large offsets in sysfs
files. <br>
+ <br>
+CAN-2005-1761 <br>
+ <br>
+ Vulnerability in the Linux kernel allows local users to cause
a <br>
+ denial of service (kernel crash) via ptrace. <br>
+ <br>
+CAN-2005-1762 <br>
+ <br>
+ The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the
AMD64 <br>
+ platform allows local users to cause a denial of service (kernel crash)
via <br>
+ a "non-canonical" address. <br>
+ <br>
+CAN-2005-1765 <br>
+ <br>
+ syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform,
when <br>
+ running in 32-bit compatibility mode, allows local users to cause a
denial <br>
+ of service (kernel hang) via crafted arguments. <br>
+ <br>
+CAN-2005-1913 <br>
+ <br>
+ When a non group-leader thread called exec() to execute a different
program <br>
+ while an itimer was pending, the timer expiry would signal the old
group <br>
+ leader task, which did not exist any more. This caused a kernel
panic. <br>
+ <br>
+CAN-2005-2098 <br>
+ <br>
+ The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel
before <br>
+ 2.6.12.5 contains an error path that does not properly release the
session <br>
+ management semaphore, which allows local users or remote attackers to
cause <br>
+ a denial of service (semaphore hang) via a new session keyring (1) with
an <br>
+ empty name string, (2) with a long name string, (3) with the key
quota <br>
+ reached, or (4) ENOMEM. <br>
+ <br>
+CAN-2005-2099 <br>
+ <br>
+ The Linux kernel before 2.6.12.5 does not properly destroy a keyring
that <br>
+ is not instantiated properly, which allows local users or remote
attackers <br>
+ to cause a denial of service (kernel oops) via a keyring with a
payload <br>
+ that is not empty, which causes the creation to fail, leading to a
null <br>
+ dereference in the keyring destructor. <br>
+ <br>
+CAN-2005-2456 <br>
+ <br>
+ Array index overflow in the xfrm_sk_policy_insert function in
xfrm_user.c <br>
+ in Linux kernel 2.6 allows local users to cause a denial of service
(oops <br>
+ or deadlock) and possibly execute arbitrary code via a p->dir value that
is <br>
+ larger than XFRM_POLICY_OUT, which is used as an index in
the <br>
+ sock->sk_policy array. <br>
+ <br>
+CAN-2005-2457 <br>
+ <br>
+ The driver for compressed ISO file systems (zisofs) in the Linux
kernel <br>
+ before 2.6.12.5 allows local users and remote attackers to cause a
denial <br>
+ of service (kernel crash) via a crafted compressed ISO file
system. <br>
+ <br>
+CAN-2005-2458 <br>
+ <br>
+ inflate.c in the zlib routines in the Linux kernel before 2.6.12.5
allows <br>
+ remote attackers to cause a denial of service (kernel crash) via
a <br>
+ compressed file with "improper tables". <br>
+ <br>
+CAN-2005-2459 <br>
+ <br>
+ The huft_build function in inflate.c in the zlib routines in the
Linux <br>
+ kernel before 2.6.12.5 returns the wrong value, which allows
remote <br>
+ attackers to cause a denial of service (kernel crash) via a
certain <br>
+ compressed file that leads to a null pointer dereference, a
different <br>
+ vulnerbility than CAN-2005-2458. <br>
+ <br>
+CAN-2005-2548 <br>
+ <br>
+ vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a
denial <br>
+ of service (kernel oops from null dereference) via certain UDP packets
that <br>
+ lead to a function call with the wrong argument, as demonstrated
using <br>
+ snmpwalk on snmpd. <br>
+ <br>
+CAN-2005-2555 <br>
+ <br>
+ Linux kernel 2.6.x does not properly restrict socket policy access to
users <br>
+ with the CAP_NET_ADMIN capability, which could allow local users to
conduct <br>
+ unauthorized activities via (1) ipv4/ip_sockglue.c and
(2) <br>
+ ipv6/ipv6_sockglue.c. <br>
+ <br>
+CAN-2005-2617 <br>
+ <br>
+ The syscall32_setup_pages function in syscall32.c for Linux kernel
2.6.12 <br>
+ and later, on the amd64 architecture, does not check the return value
of <br>
+ the insert_vm_struct function, which allows local users to trigger a
memory <br>
+ leak via a 32-bit application with crafted ELF headers. <br>
+ <br>
+In addition this update fixes some security issues that have not
been <br>
+assigned CVE ids: <br>
+ <br>
+ - Fix DST leak in icmp_push_reply(). Possible remote
DoS? <br>
+ <br>
+ - NPTL signal delivery deadlock fix; possible local DoS. <br>
+ <br>
+ - fix a memory leak in devices seq_file implementation; local
DoS. <br>
+ <br>
+ - Fix SKB leak in ip6_input_finish(); local DoS. <br>
+</dd>
+<br><dt>For the testing distribution (etch) this is fixed in
version 2.6.12-6</dt>
+<dt>For the unstable distribution (sid) this is fixed in version
2.6.12-6</dt>
+</dl>
+<p>
+The Debian testing security team does not track security issues for the
+stable (sarge) and oldstable (woody) distributions. If stable is vulnerable,
+the Debian security team will make an announcement once a fix is ready.
+</p>
+<p>
+Your system does not need to be configured to use the Debian testing security
+archive to install this update. The fixed kernel packages are available
+in the regular Debian testing archive.
+</p>
+<p>
+To install the update, first run this command as root:
+</p>
+<p>
+ apt-get update
+</p>
+<p>
+Next, install an appropriate kernel package for your architecture and
+machine. The following kernel will work for all i386 machines:
+</p>
+<p>
+ apt-get install linux-image-2.6-386
+</p>
+<p>
+However, you may prefer to install an optimised kernel for your machine:
+</p>
+<p>
+ apt-get install linux-image-2.6-686<br>
+ apt-get install linux-image-2.6-686-smp<br>
+ apt-get install linux-image-2.6-k7<br>
+ apt-get install linux-image-2.6-k7-smp<br>
+</p>
+<p>
+For the amd64 architecture, chose one of these kernels:
+</p>
+<p>
+ apt-get install linux-image-2.6-amd64-generic<br>
+ apt-get install linux-image-2.6-amd64-k8<br>
+ apt-get install linux-image-2.6-amd64-k8-smp<br>
+</p>
+<p>
+For the powerpc architecture, choose one of these kernels:
+</p>
+<p>
+ apt-get install linux-image-2.6-powerpc<br>
+ apt-get install linux-image-2.6-powerpc-smp<br>
+ apt-get install linux-image-2.6-powerpc64<br>
+</p>
+<p>
+For the sparc architecture, choose one of these kernels:
+</p>
+<p>
+ apt-get install linux-image-2.6-sparc64<br>
+ apt-get install linux-image-2.6-sparc64-smp<br>
+</p>
+<p>
+ (Note that users of 32 bit sparc systems are no longer supported by the
+ 2.6 kernel.)
+</p>
+<p>
+For the alpha architecture, choose one of these kernels:
+</p>
+<p>
+ apt-get install linux-image-2.6-alpha-generic<br>
+ apt-get install linux-image-2.6-alpha-smp<br>
+</p>
+<p>
+For the ia64 architecture, choose one of these kernels:
+</p>
+<p>
+ apt-get install linux-image-2.6-itanium<br>
+ apt-get install linux-image-2.6-itanium-smp<br>
+ apt-get install linux-image-2.6-mckinley<br>
+ apt-get install linux-image-2.6-mckinley-smp<br>
+</p>
+<p>
+For the hppa architecture, choose one of these kernels:
+</p>
+<p>
+ apt-get install linux-image-2.6-parisc<br>
+ apt-get install linux-image-2.6-parisc-smp<br>
+ apt-get install linux-image-2.6-parisc64<br>
+ apt-get install linux-image-2.6-parisc64-smp<br>
+</p>
+<p>
+For the s390 architecture, choose one of these kernels:
+</p>
+<p>
+ apt-get install linux-image-2.6-s390<br>
+ apt-get install linux-image-2.6-s390x<br>
+</p>
+<p>
+For the arm architecture, choose one of these kernels:
+</p>
+<p>
+ apt-get install linux-image-2.6-footbridge<br>
+ apt-get install linux-image-2.6-ixp4xx<br>
+ apt-get install linux-image-2.6-rpc<br>
+ apt-get install linux-image-2.6-s3c2410<br>
+</p>
+<p>
+For the m68k architecture, choose one of these kernels:
+</p>
+<p>
+ apt-get install linux-image-2.6-amiga<br>
+ apt-get install linux-image-2.6-atari<br>
+ apt-get install linux-image-2.6-bvme6000<br>
+ apt-get install linux-image-2.6-hp<br>
+ apt-get install linux-image-2.6-mac<br>
+ apt-get install linux-image-2.6-mvme147<br>
+ apt-get install linux-image-2.6-mvme16x<br>
+ apt-get install linux-image-2.6-q40<br>
+ apt-get install linux-image-2.6-sun3<br>
+</p>
+<p>
+Updated kernels are not yet available for the mips and mipsel
+architectures.
+</p>
+<p>
+Note that you may also need to upgrade third-party modules that are not
+included in the kernel package.
+</p>
+<p>
+Finally, reboot the system, taking care to boot the new 2.6.12 kernel with
+your bootloader.
+<br>
+
+<!-- footer -->
+<hr>
+<a href="http://validator.w3.org/check?uri=referer">
+ <img border="0"
src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML
4.01!" height="31" width="88"></a>
+ <a href="http://jigsaw.w3.org/css-validator/check/referer">
+ <img border="0"
src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid
CSS!"
+ height="31" width="88"></a>
+
+
+</body></html>
+
Modified: website/list.html
==================================================================---
website/list.html 2005-09-15 15:40:40 UTC (rev 2005)
+++ website/list.html 2005-09-15 16:04:59 UTC (rev 2006)
@@ -67,6 +67,8 @@
<dd>several</dd>
<dt>[September 13th, 2005] <a
href=''DTSA/DTSA-15-1.html''>DTSA-15-1
php4</a></dt>
<dd>several vulnerabilities</dd>
+<dt>[September 15, 2005] <a
href=''DTSA/DTSA-16-1.html''>DTSA-16-1
linux-2.6</a></dt>
+<dd>various</dd>
</dl>
<!-- footer -->
<hr>