Non-maintainer upload by the Squeeze LTS and Kernel Teams.
New upstream stable release 2.6.32.65, see
<http://lkml.org/lkml/2014/12/13/81> for more information.
The stable release 2.6.32.65 includes the following new commits compared
to the previous 2.6.32-48squeeze9 package:
- USB: whiteheat: Added bounds checking for bulk command response
(CVE-2014-3185)
- net: sctp: fix panic on duplicate ASCONF chunks (CVE-2014-3687)
- net: sctp: fix remote memory pressure from excessive queueing
(CVE-2014-3688)
- udf: Avoid infinite loop when processing indirect ICBs (CVE-2014-6410)
- net: sctp: fix NULL pointer dereference in af->from_addr_param on
malformed packet (CVE-2014-7841)
- mac80211: fix fragmentation code, particularly for encryption
(CVE-2014-8709)
- ttusb-dec: buffer overflow in ioctl (CVE-2014-8884)
We recommend that you upgrade your linux-2.6 packages.
We apologize for a minor cosmetic glitch:
The following commits were already included in 2.6.32-48squeeze9 despite
claims in debian/changelog they were only fixed in 2.6.32-48squeez10:
- vlan: Don’t propagate flag changes on down interfaces.
- sctp: Fix double-free introduced by bad backport in 2.6.32.62
- md/raid6: Fix misapplied backport in 2.6.32.64
- block: add missing blk_queue_dead() checks
- block: Fix blk_execute_rq_nowait() dead queue handling
- proc connector: Delete spurious memset in proc_exit_connector()