kernel-image-2.4.18-i386bf (2.4.18-5woody8) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Strengthen build dependency against kernel-source-2.4.18-2.4.18-14.3
  * Built against kernel-source-2.4.18-2.4.18-14.3 which includes
    * Applied patch by Petr Vandrovec <vandrove@vc.cvut.cz> to fix a
      possible roothole in ncpfs discovered by Arjan van de Ven
      <arjanv@devserv.devel.redhat.com> [fs/ncpfs/dir.c, CAN-2004-0010]
    * Applied patch by Sebastian Krahmer <krahmer@suse.de> and Ernie
      Petrides <petrides@redhat.com> to fix a local root exploit in iso9660
      [fs/isofs/rock.c, CAN-2004-0109]
    * Applied patch by Alan Cox and Thomas Biege to fix local root exploit
      in the R128 DRI code [drivers/char/drm/r128_state.c, CAN-2004-0003,
      drivers/char/drm-4.0/r128_state.c]
    * Applied additional patch by Ernie Petrides <petrides@redhat.com> to
      fix another intance of the same
    * Applied patch by Theodore Ts'o <tytso@mit.edu> to fix an information
      leak in ext3 journal creation [fs/jbd/journal.c, CAN-2004-0177]
    * Applied patch by Andreas Kies <andikies@t-online.de> to fix local
      denial of service in the Sound Blaster driver
      [drivers/sound/sb_audio.c, CAN-2004-0178]

 -- Martin Schulze <joey@debian.org>  Mon, 12 Apr 2004 10:27:03 +0200

kernel-image-2.4.18-i386bf (2.4.18-5woody7) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Built against kernel-source-2.4.18-2.4.18-14.2 which includes a patch
    extracted from Solar Designer's Owl patched kernel to fix local
    privilege escalation discovered by Paul Starzetz (CAN-2004-0077)

 -- Martin Schulze <joey@infodrom.org>  Sat, 31 Jan 2004 17:29:31 +0100

kernel-image-2.4.18-i386bf (2.4.18-5woody6) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Built against kernel kernel-source-2.4.18-2.4.18-14.1
    - Applied patch by Andrea Arcangeli to fix local privilege escalation
      discovered by Paul Starzetz (CAN-2003-0985)

 -- Martin Schulze <joey@infodrom.org>  Tue,  6 Jan 2004 10:18:20 +0100

kernel-image-2.4.18-i386bf (2.4.18-5woody5) stable-security; urgency=high

  * Security update
  * Build against kernel-source-2.4.18 2.4.18-14:
    - Added TASK_SIZE check to do_brk in mm/mmap.c (DSA-403-1)

 -- Eduard Bloch <blade@debian.org>  Tue,  2 Dec 2003 10:50:50 +0000

kernel-image-2.4.18-i386bf (2.4.18-5woody4) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Build against kernel-source-2.4.18 2.4.18-13:
    - Fixed steal_locks race introduced in 2.4.18-10:
      . fs/binfmt_elf.c
      . fs/exec.c

 -- Matt Zimmerman <mdz@debian.org>  Tue, 12 Aug 2003 22:24:12 -0400

kernel-image-2.4.18-i386bf (2.4.18-5woody3) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Build against kernel-source-2.4.18 2.4.18-12:
    - Fixed is_dumpable crash in include/linux/sched.h.
      This was introduced back in 2.4.18-7 but was exacerbated by 2.4.18-10.

 -- Matt Zimmerman <mdz@debian.org>  Sun,  3 Aug 2003 03:32:48 -0400

kernel-image-2.4.18-i386bf (2.4.18-5woody2) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Build against kernel-source-2.4.18 2.4.18-11, fixing several
    security vulnerabilities:
    - Made /proc/tty/driver root-only (CAN-2003-0461):
      . include/linux/proc_fs.h
      . fs/proc/generic.c
      . fs/proc/proc_tty.c
    - Fixed exec file handling semantics (CAN-2003-0462, CAN-2003-0476):
      . fs/binfmt_elf.c
      . fs/exec.c
      . fs/locks.c
      . include/linux/fs.h
      . kernel/fork.c
    - Fixed unchecked copy_to_user in fs/proc/proc_misc.c.
    - Fixed ptrace/proc bug in fs/proc/base.c (CAN-2003-0501).
    - Fixed bridging security issues (CAN-2003-055[012]):
      . net/bridge/br_fdb.c
      . net/bridge/br_if.c
      . net/bridge/br_input.c
      . net/bridge/br_private.h
      . net/bridge/br_stp_bpdu.c
    - Fixed boundary check in net/core/filter.c (Patrick McHardy).
    - Disabled O_DIRECT (CAN-2003-0018):
      . fs/fcntl.c
      . fs/open.c
    - Fixed user space copying bugs in drivers/sound/cmpci.c (bk).
    - Fixed signed comparison in fs/nfsd/nfs3xdr.c (2.4.21) (CAN-2003-0619)


 -- Matt Zimmerman <mdz@debian.org>  Wed, 30 Jul 2003 22:38:23 -0400

kernel-image-2.4.18-i386bf (2.4.18-5woody1) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Build against kernel-source-2.4.18 2.4.18-9, fixing several
    security vulnerabilities:
    - CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device
      drivers do not pad frames with null bytes, which allows remote
      attackers to obtain information from previous packets or kernel
      memory by using malformed packets
    - CAN-2003-0127: The kernel module loader allows local users to gain
      root privileges by using ptrace to attach to a child process that
      is spawned by the kernel
    - CAN-2003-0244: The route cache implementation in Linux 2.4, and the
      Netfilter IP conntrack module, allows remote attackers to cause a
      denial of service (CPU consumption) via packets with forged
      source addresses that cause a large number of hash table
      collisions related to the PREROUTING chain
    - CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and earlier
      does not properly restrict privileges, which allows local users to
      gain read or write access to certain I/O ports.
    - CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for Linux
      kernels 2.4.18 and earlier on x86 systems allow local users to kill
      arbitrary processes via a a binary compatibility interface (lcall)
    - CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers to
      modify CPU state registers via a malformed address.
    - CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel 2.4
      allows attackers to cause a denial of service ("kernel oops")
    - CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux
      kernel 2.4 allows remote attackers to cause a denial of service (CPU
      consumption) via certain packets that cause a large number of hash
      table collisions

 -- Matt Zimmerman <mdz@debian.org>  Wed,  4 Jun 2003 21:56:28 -0400

kernel-image-2.4.18-i386bf (2.4.18-5) unstable; urgency=low

  * compiled against kernel-source-2.4.18 (2.4.18-5)
  * removed my patches that has been adopted in Herbert's source
  * reenabled local-APIC support. Some people need it, others with suffering
    machines can specify the noapic option.

 -- Eduard Bloch <blade@debian.org>  Sun, 14 Apr 2002 08:47:42 +0200

kernel-image-2.4.18-i386bf (2.4.18-4) unstable; urgency=medium

  * New patches:
    - PLIP bugfix, extracted from 2.4.19-pre
    - Decoding root=*ataraid* correctly
    - "keytimer" option to skip the keypress on floppy change
  * Dropped non-installation-essential stuff to make space:
    - exotic joysticks
    - exotic radio cards
    - exotic USB devices
  * New, modules:
    - via rhine
    - 3com Boomerang
    - non-standard serial support (N_HDLC...)
  * New, built-in:
    - i2o-scsi

 -- Eduard Bloch <blade@debian.org>  Wed, 27 Mar 2002 22:32:36 +0100

kernel-image-2.4.18-i386bf (2.4.18-3) unstable; urgency=high

  * compiled against kernel-source-2.4.18 (2.4.18-3), really fixes the zlib bug
  * applied my patch to recognise ATARAIDs as root devices

 -- Eduard Bloch <blade@debian.org>  Sat, 23 Mar 2002 18:18:39 +0100

kernel-image-2.4.18-i386bf (2.4.18-2) unstable; urgency=high

  * compiled against kernel-source-2.4.18 (2.4.18-3), fixes the zlib bug
  * compiled eepro100 as module due to a new size problem on BFs
  * removed local APIC support, broke on DELL laptops

 -- Eduard Bloch <blade@debian.org>  Tue, 12 Mar 2002 20:38:13 +0100

kernel-image-2.4.18-i386bf (2.4.18-1) unstable; urgency=medium

  * new upstream release
  * kernel is larger now, SCSI verbosity and exotic UDMA drivers had to go
  * no more usage of ext3 errata patch

 -- Eduard Bloch <blade@debian.org>  Tue,  5 Mar 2002 07:17:12 +0100

kernel-image-2.4.17-i386bf (2.4.17-4) unstable; urgency=medium

  * removed forgotten dependency on initrd-tools
  * nfs driver built-in, USB completely modularized now
  * RAID and LVM modules, maybe quite usefull for installs on LVM volumes
  * added drivers for CISS and DAC960 harddisk arrays

 -- Eduard Bloch <blade@debian.org>  Sat, 16 Feb 2002 00:32:18 +0100

kernel-image-2.4.17-i386bf (2.4.17-3) unstable; urgency=medium

  * recompiled with pure gcc-2.95, fixes pcmcia incompatibilites
  * all USB stuff is modularised now. There was too much trouble and
    hocus-pocus on trying to make it work as built-in driver. Since kernel 2.4
    seems not to reset the legacy keyboard emulation, this problem is SEP
  * more Ethernet drivers built-in

 -- Eduard Bloch <blade@debian.org>  Sat,  2 Feb 2002 22:10:10 +0100

kernel-image-2.4.17-i386bf (2.4.17-2) unstable; urgency=medium

  * Cleanup
  * applying recent ext3 bugfix patch from kernel-patch-ext3-2.4 package
  * disabled IDEDMA/MULTIWORD on boot, to dangerous for installation kernel
  * isapnp is module now, ide-floppy built-in
  * cramfs built-in, reduces frustration on upgrading from Xu's kernels
  * dropped SMP (confused APM), MTD support, no realmode poweroff
  * enabled more multimedia devices instead

 -- Eduard Bloch <blade@debian.org>  Sat, 19 Jan 2002 01:23:07 +0100

kernel-image-2.4.17-i386bf (2.4.17-1) unstable; urgency=low

  * Initial release
  * Configured to be a mostly statically linked kernel image for boot floppies
  * Tried to enabled essential drivers which are new in 2.4 generation
  * Because of space reasons dropped support for:
    - old, seldom SCSI cards
    - MCA/ESDI/XT hardware
  * Enabled new drivers for IDE controllers and chipsets, including DMA and
    multi-word by default

 -- Eduard Bloch <blade@debian.org>  Mon, 14 Jan 2002 09:57:55 +0100
