commit e95907f256676ca48ae66d071ca0c9c066cb79ab Author: Chris Wright Date: Thu Jun 7 14:27:31 2007 -0700 Linux 2.6.21.4 commit 8c640bd0c68201dd0d71b78a07bb224973580ad3 Author: Patrick McHardy Date: Tue Jun 5 14:14:22 2007 +0200 [PATCH] NETFILTER: {ip, nf}_conntrack_sctp: fix remotely triggerable NULL ptr dereference (CVE-2007-2876) When creating a new connection by sending an unknown chunk type, we don't transition to a valid state, causing a NULL pointer dereference in sctp_packet when accessing sctp_timeouts[SCTP_CONNTRACK_NONE]. Fix by don't creating new conntrack entry if initial state is invalid. Noticed by Vilmos Nebehaj CC: Kiran Kumar Immidi Cc: David Miller Signed-off-by: Patrick McHardy Signed-off-by: Greg Kroah-Hartman Signed-off-by: Chris Wright commit c23e7e4c94647c2c47d2c835b21cc7d745f62d05 Author: Chris Wright Date: Thu Jun 7 14:25:31 2007 -0700 [PATCH] cpuset: prevent information leak in cpuset_tasks_read (CVE-2007-2875) Use simple_read_from_buffer to avoid possible underflow in cpuset_tasks_read which could allow user to read kernel memory. Note: This is fixed upstream in 85badbdf5120d246ce2bb3f1a7689a805f9c9006 Signed-off-by: Chris Wright commit 7bd369b1346bf7f15bba42ddf369fb79fe759b50 Author: Matt Mackall Date: Tue May 29 21:58:10 2007 -0500 [PATCH] random: fix seeding with zero entropy (CVE-2007-2453 2 of 2) Add data from zero-entropy random_writes directly to output pools to avoid accounting difficulties on machines without entropy sources. Tested on lguest with all entropy sources disabled. Signed-off-by: Matt Mackall Acked-by: "Theodore Ts'o" Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright commit 374f167dfb97c1785515a0c41e32a66b414859a8 Author: Matt Mackall Date: Tue May 29 21:54:27 2007 -0500 [PATCH] random: fix error in entropy extraction (CVE-2007-2453 1 of 2) Fix cast error in entropy extraction. Add comments explaining the magic 16. Remove extra confusing loop variable. Signed-off-by: Matt Mackall Acked-by: "Theodore Ts'o" Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright