kernel-image-2.4.17-s390 (2.4.17-2.woody.5) oldstable-security; urgency=high

  * Rebuild against kernel-source-2.4.17 (2.4.17-1woody4)
    * Disabled O_DIRECT (CAN-2003-0018):
      . fs/fcntl.c
      . fs/open.c
    * Backport final ioport fix (CVE-2003-0246)
    * Made /proc/tty/driver root-only (CAN-2003-0461):
      . include/linux/proc_fs.h
      . fs/proc/generic.c
      . fs/proc/proc_tty.c
    * Fix race condition in execve env_start/env_end initialization.
      (CVE-2003-0462)
      . fs/proc/base.c
    * Fixed ptrace/proc bug in fs/proc/base.c (CAN-2003-0501).
    * [SECURITY] Make sure strncpy null terminates strings. (CAN-2003-0465)
      Fix for s390x and s390. mips and alpha are still unfixed.
      N.B. This bug appears to be minor at best
      http://marc.theaimsgroup.com/?l=linux-kernel&m=105796021120436&w=2
    * Fix unauthorized file descriptor read vulnerability.  (CAN-2003-0476)
    * Fixed bridging security issues (CAN-2003-055[012]):
      . net/bridge/br_fdb.c
      . net/bridge/br_if.c
      . net/bridge/br_input.c
      . net/bridge/br_private.h
      . net/bridge/br_stp_bpdu.c
    * Applied patch from John Byrne <john.l.byrne@hp.com> for Linux 2.4.26
      to fix local denial of service in do_fork()
      <http://marc.theaimsgroup.com/?l=linux-kernel&m=108139073506983&w=2>
      [kernel/fork.c, CAN-2004-0427]
    * Applied patch by Marcelo Tosatti <marcelo.tosatti@cyclades.com> to fix
      potential memory access to free memory in /proc handling
      [fs/proc/base.c, CAN-2005-0489]
    * Applied patch by Marcelo Tosatti <marcelo.tosatti@cyclades.com> to fix
      a possible buffer overflow in panic() [kernel/panic.c, CAN-2004-0394]
    * Applied patch by David Mosberger <davidm@napali.hpl.hp.com> to fix
      local denial of service in combination with gdb 6.x and NPTL on IA-64
      <http://marc.theaimsgroup.com/?l=linux-ia64&m=108026377907667&w=2>
      [arch/ia64/kernel/unwind.c, CAN-2004-0447]
    * Applied patch by Alexander Nyberg and Andi/Sergey to fix local denial
      of service.  <http://linuxreviews.org/news/2004-06-11_kernel_crash/>
      [include/asm-i386/i387.h, CAN-2004-0554]
    * Applied patch by Arun Sharma <arun.sharma@intel.com> to fix register
      information leak on the IA64 architecture
      <http://lia64.bkbits.net:8080/to-linus-2.5/cset@1.1726.29.7>
      [include/asm-ia64/system.h, CAN-2004-0565]
    * Backported patch by Mark Cox to fix information leak by initialising
      allocated data structures [drivers/usb/serial/io_edgeport.c,
      drivers/sound/audio.c, drivers/usb/vicam.c, CAN-2004-0685]
      <http://linux.bkbits.net:8080/linux-2.4/cset@410582380U3H9KOx8J2YZmMT0bhXQw>
    * Applied patch from Marcelo Tosatti to fix i386 SMP page fault handler
      privilege escalation [include/linux/mm.h, CAN-2005-0001]
    * Applied patch by Stefan Esser to fix missing boundary checks
      [fs/smbfs/proc.c, fs/smbfs/sock.c, CAN-2004-0883]
    * Applied patch by Stefan Esser to fix information leak
      [fs/smbfs/sock.c, CAN-2004-0949]
    * Applied patch by Herbert Xu to fix a denial of service in scm_send()
      <http://linux.bkbits.net:8080/linux-2.4/cset@41b76e94BsJKm8jhVtyDat9ZM1dXXg>,
      added patch by Marcus Meissner to fix more 64/32 bit compatibility
      code, added additional patch by Olaf Kirch and Marcus Meissner for
      type correction [arch/ia64/ia32/sys_ia32.c,
      arch/s390x/kernel/linux32.c, include/linux/socket.h, net/core/scm.c,
      net/ipv4/ip_sockglue.c, net/ipv6/datagram.c, CAN-2004-1016]
    * Applied patch by Thiemo Seufer to fix local ptrace root in the MIPS
      ptrace implementation [arch/mips/kernel/scall_o32.S,
      arch/mips/tools/offset.c, arch/mips64/kernel/scall_64.S,
      arch/mips64/kernel/scall_o32.S, CAN-2004-0997]
    * Applied patch by Marcelo Tosatti to fix integer overflow in the
      vc_resize() function [drivers/char/console.c, CAN-2004-1333]
    * Applied patch by Dave Miller to fix memory leak in ip_options_get()
      [net/ipv4/ip_options.c, CAN-2004-1335]
    * Applied patch by Greg Kroah-Hartman to fix buffer overflow and crash
      [drivers/usb/serial/io_edgeport.c, CAN-2004-1017]
    * Applied patch by Jan Harkes to fix to add bounds checking for tainted
      scalars [include/linux/coda.h, fs/coda/upcall.c, CAN-2005-0124]
    * Applied patch by Andrea Arcangeli from 2.4.24 to fix privilege
      escalation in the mremap() syscall [mm/mremap.c, CAN-2004-nnnn]
    * Applied patch by Tom Rini to fix information leak
      [drivers/char/efirtc.c, drivers/char/rtc.c, drivers/macintosh/rtc.c,
      drivers/sbus/char/rtc.c, CAN-2003-0984]
    * Applied patch by Chris Wright to fix wrong return value check while
      filling kernel buffers [fs/binfmt_elf.c, CAN-2004-1070]
    * Applied patch by Chris Wright to fix incorrect error behaviour when
      mmap() fails [fs/binfmt_elf.c, CAN-2004-1071]
    * Applied patch by Chris Wright to fix NULL termination vulnerability
      when reading an interpreter [fs/binfmt_elf.c, CAN-2004-1072]
    * Applied patch by Chris Wright to fix reading of non-readable ELF
      binaries [fs/binfmt_elf.c, CAN-2004-1073]
    * Applied patch by Chris Wright to not insert overlapping regions in
      setup_arg_pages() [fs/exec.c, associated to CAN-2004-1074]
    * Applied patch by Chris Wright to fix error handling in do_brk() when
      setting up bss in a.out [fs/binfmt_aout.c, CAN-2004-1074]
    * Applied patch by Chris Wright to denial of service in the ELF loader
      when the interpreter architecture doesn't match the current one
      <http://linux.bkbits.net:8080/linux-2.4/cset@4021346f79nBb-4X_usRikR3Iyb4Vg>
      [fs/binfmt_elf.c, CAN-2004-0138]
    * Applied patch by Dave Miller to serialize dgram read using semaphore
      [net/unix/af_unix.c, CAN-2004-1068]
    * Applied patch by Chris Wright to fix denial of service in the ELF loader
      <http://linux.bkbits.net:8080/linux-2.4/cset@4076466d_SqUm4azg4_v3FIG2-X6XQ>
      [fs/binfmt_elf.c, CAN-2004-1234]
    * Backported patch by Nanhai Zou from 2.6 to fix denial of service via
      broken executables [arch/ia64/ia32/binfmt_elf32.c,
      arch/ia64/mm/init.c, fs/exec.c, include/linux/mm.h, mm/mmap.c,
      CAN-2005-0003]
    * Backported patch by Chris Wright and Simon Heywood to fix a race
      conditions in the uselib calls for ELF and a.out formats
      [arch/mips/kernel/irixelf.c, arch/sparc64/kernel/binfmt_aout32.c,
      fs/binfmt_aout.c, fs/binfmt_elf.c, CAN-2004-1235]
    * Applied patch by Brad Spengler to fix integer overflow in the moxa
      serial driver [drivers/char/moxa.c, CAN-2005-0504]
    * Applied patch by Ben Martel and Stephen Blackheath to fix a remote
      denial of service [drivers/net/ppp_async.c, CAN-2005-0384]
    * Backported patch by Keith Owens to fix a locally induced crash on
      IA-64 machines [arch/ia64/kernel/unwind.c, CAN-2005-0135]

 -- dann frazier <dannf@debian.org>  Wed, 17 May 2006 19:23:42 -0500

kernel-image-2.4.17-s390 (2.4.17-2.woody.4) stable-security; urgency=high

  * Rebuild against latest kernel-patch-2.4.17-s390_0.0.20020816-0.woody.3,
    which includes the follwing additional security fixes:
    - Applied patch by Petr Vandrovec <vandrove@vc.cvut.cz> to fix a
      possible roothole in ncpfs discovered by Arjan van de Ven
      <arjanv@devserv.devel.redhat.com> [fs/ncpfs/dir.c, CAN-2004-0010]
    - Applied patch by Sebastian Krahmer <krahmer@suse.de> and Ernie
      Petrides <petrides@redhat.com> to fix a local root exploit in iso9660
      [fs/isofs/rock.c, CAN-2004-0109]
    - Applied patch by Alan Cox and Thomas Biege to fix local root exploit
      in the R128 DRI code [drivers/char/drm/r128_state.c, CAN-2004-0003]
    - Applied additional patch by Ernie Petrides <petrides@redhat.com> to
      fix another intance of the same
    - Applied patch by Theodore Ts'o <tytso@mit.edu> to fix an information
      leak in ext3 journal creation [fs/jbd/journal.c, CAN-2004-0177]
    - Applied patch by Andreas Kies <andikies@t-online.de> to fix local
      denial of service in the Sound Blaster driver
      [drivers/sound/sb_audio.c, CAN-2004-0178]

 -- Arnd Bergmann <arnd@debian.org>  Sun, 11 Apr 2004 22:53:35 +0200

kernel-image-2.4.17-s390 (2.4.17-2.woody.3) stable-security; urgency=high
  * Rebuild against latest kernel-patch-2.4.17-s390_0.0.20020816-0.woody.2,
    which includes the follwing additional security fixes:
    - CAN-2003-0961: Added TASK_SIZE check to do_brk() [mm/mmap.c]
    - CAN-2003-0985: Applied patch by Andrea Arcangeli to fix local 
      privilege escalation discovered by Paul Starzetz [mm/mremap.c]
    - CAN-2004-0077: Applied patch extracted from Solar Designer's Owl 
      patched kernel to fix local privilege escalation discovered by Paul
      Starzetz [mm/mremap.c]
    - CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device
      drivers do not pad frames with null bytes, which allows remote
      attackers to obtain information from previous packets or kernel
      memory by using malformed packets
    - CAN-2003-0244: The route cache implementation in Linux 2.4, and the
      Netfilter IP conntrack module, allows remote attackers to cause a
      denial of service (CPU consumption) via packets with forged
      source addresses that cause a large number of hash table
      collisions related to the PREROUTING chain
    - CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier
      does not properly restrict privileges, which allows local users to
      gain read or write access to certain I/O ports.
    - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux
      kernels 2.4.18 and earlier on x86 systems allow local users to kill
      arbitrary processes via a a binary compatibility interface (lcall)
    - CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to
      modify CPU state registers via a malformed address.
    - CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel 2.4
      allows attackers to cause a denial of service ("kernel oops")
    - CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux
      kernel 2.4 allows remote attackers to cause a denial of service (CPU
      consumption) via certain packets that cause a large number of hash
      table collisions
  * New Maintainer

 -- Arnd Bergmann <arnd@debian.org>  Wed, 18 Feb 2003 12:15:23 +0100

kernel-image-2.4.17-s390 (2.4.17-2.woody.2.2) stable-security; urgency=high

  * NMU
  * revert accidental configuration changes

 -- Arnd Bergmann <arnd@arndb.de>  Thu, 03 Apr 2003 10:58:12 +0100

kernel-image-2.4.17-s390 (2.4.17-2.woody.2.1) stable-security; urgency=high

  * NMU
  * Use new kernel-patch with a different fix for the ptrace
    security problem, provided by Martin Schwidefsky.
  * drop all non-security fixes relative to 2.4.17-2.woody.1.1.

 -- Arnd Bergmann <arnd@arndb.de>  Fri, 28 Mar 2003 17:05:23 +0100

kernel-image-2.4.17-s390 (2.4.17-2.woody.2) stable; urgency=high

  * Integrated new kernel-patches from the IBM Developerworks
    website which fix some severe problems (released on
    2002.11.25, 2003.02.20 and 2003.03.17).
  * Integrated a patch by Allan Cox to fix a ptrace related
    security problem (backport from kernel version 2.4.20)

 -- Jochen Rhrig <jr@debian.org>  Tue, 25 Mar 2003 22:48:35 +0100

kernel-image-2.4.17-s390 (2.4.17-2.woody.1.1) stable; urgency=high

  * NMU
  * Integrated a new kernel-patch from the IBM Developerworks
    website (released on 2002.06.12).
    This patch fixes the DASD deadlock problem and some other severe
    problems.
  * Removed NMU DASD deadlock fix.
  * Integrated a new kernel-patch from the IBM Developerworks
    website (released on 2002.08.16).
    This patch fixes a problem related to the IUCV driver.

 -- Gerhard Tonn <gt@debian.org>  Fri, 08 Nov 2002 21:37:40 +0100

kernel-image-2.4.17-s390 (2.4.17-2.1) unstable; urgency=high

  * NMU
  * Rebuilt with kernel-patch-2.4.17-s390 0.0.20020415-1.1 which
    fixes a possible DASD deadlock

 -- Stefan Gybas <sgybas@debian.org>  Mon, 29 Apr 2002 21:15:18 +0200

kernel-image-2.4.17-s390 (2.4.17-2) unstable; urgency=high

  * Integrated a new kernel-patch from the IBM Developerworks
    website (released on 2002.04.15).
  * Added cpint-patch by Neale Ferguson which allows to invoke CP commands
    from Linux.
  * Added cmsfs-patch by Rick Troth <rtroth@bmc.com> which enables read
    only access to CMS disks.

 -- Jochen Rhrig <jr@debian.org>  Tue, 16 Apr 2002 20:14:50 +0200

kernel-image-2.4.17-s390 (2.4.17-1) unstable; urgency=low

  * New upstream release.
  * Use kernel-patch-2.4.17-s390.
  * First kernel-image package including the freshly open sourced lcs
    network driver module which was only available from the IBM
    Developerworks website as object code only module so far. 

 -- Jochen Rhrig <jr@debian.org>  Wed,  6 Mar 2002 21:25:25 +0100

kernel-image-2.4.16-s390 (2.4.16-2) unstable; urgency=low

  * Integrated a patch by Gerhard Tonn <gt@debian.org> which fixes
    compile problems for some packages that use the kernel-headers.
  * Use new kernel-package which generates /etc/zipl.conf correctly
    in the kernel-image-postinstall-script. 

 -- Jochen Rhrig <jr@debian.org>  Wed, 13 Feb 2002 22:25:16 +0100 

kernel-image-2.4.16-s390 (2.4.16-1) unstable; urgency=low

  * New upstream release.
  * Use kernel-patch-2.4.16-s390.
  * Enable CONFIG_EXT3_FS.

 -- Jochen Rhrig <jr@debian.org>  Fri, 21 Dec 2001 01:04:09 +0100

kernel-image-2.4.7-s390 (2.4.7-5) unstable; urgency=low

  * Integrated a new kernel-patch from the IBM Developerworks
    website (released on 2001.11.23).
  * Updated the patch by Gerhard Ton <gt@debian.org> which adds
    support for a second initrd (needed by the s390 boot-floppies).
  * Enable CONFIG_FILTER and CRAMFS.

 -- Jochen Rhrig <jr@debian.org>  Tue, 11 Dec 2001 22:28:02 +0100

kernel-image-2.4.7-s390 (2.4.7-4) unstable; urgency=low

  * Integrated a new kernel-patch from the IBM Developerworks
    website (released on 2001.11.09).
  * Integrated a patch by Gerhard Ton <gt@debian.org> which adds
    support for a second initrd (needed by the s390 boot-floppies).

 -- Jochen Rhrig <jr@debian.org>  Tue, 13 Nov 2001 22:05:01 +0100

kernel-image-2.4.7-s390 (2.4.7-3) unstable; urgency=low

  * Integrated the current kernel-patches from the IBM Developerworks
    website.
  * Renamed kernel-headers-deb and fixed problem with version-info in
    include/linux/version.h
  * Install System.map and config in /boot/ of s390-tape-udeb.

 -- Jochen Rhrig <jr@debian.org>  Fri, 26 Oct 2001 00:45:08 +0200

kernel-image-2.4.7-s390 (2.4.7-2) unstable; urgency=low

  * Compile NFS support as module.
  * Corrected some dependencies.
  * Changed section to devel.

 -- Jochen Rhrig <jr@debian.org>  Thu,  6 Sep 2001 20:36:32 +0200

kernel-image-2.4.7-s390 (2.4.7-1) unstable; urgency=low

  * New upstream release.
  * Build s390-tape binary package as udeb.

 -- Jochen Rhrig <jr@debian.org>  Wed, 22 Aug 2001 00:43:24 +0200

kernel-image-2.4.5-s390 (2.4.5-1) unstable; urgency=low

  * Initial release, based on the kernel-image-2.4.7-i386 package

 -- Stefan Gybas <sgybas@debian.org>  Wed,  1 Aug 2001 09:03:24 +0200
