[Hardy] Fix memory corruption in console selection
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Fix Released
|
Medium
|
Stefan Bader | ||
| Hardy |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
SRU justification:
Impact: Selection on a UTF-8 console can lead to memory corruption. This fix came down through 2.6.27.15 but I think it is simple ad important enough to add to Hardy as a SRU.
Fix: Change memory calculation to add the additional character before multiplying.
Testcase: When memory redzones are enabled, a redzone corruption is reported.
When they are not enabled, trashing of random memory occurs.
marking this as fixed for jaunty; please reopen (and provide a fixed kernel in jaunty :) if I'm mistaken.
Accepted into hardy-proposed; please test and give feedback here. Please see https:/
This bug was fixed in the package linux - 2.6.24-24.53
---------------
linux (2.6.24-24.53) hardy-proposed; urgency=low
[Stefan Bader]
* Rebuild of 2.6.24-24.51 with 2.6.24-23.52 security patches applied.
linux (2.6.24-24.51) hardy-proposed; urgency=low
[Alessio Igor Bogani]
* rt: Updated PREEMPT_RT support to rt27
- LP: #324275
[Steve Beattie]
* fix apparmor memory leak on deleted file ops
- LP: #329489
[Upstream Kernel Changes]
* KVM: MMU: Add locking around kvm_mmu_
- LP: #335097, #333409
* serial: 8250: fix shared interrupts issues with SMP and RT kernels
- LP: #280821
* 8250.c: port.lock is irq-safe
- LP: #280821
* ACPI: Clear WAK_STS on resume
- LP: #251338
linux (2.6.24-24.50) hardy-proposed; urgency=low
[Alok Kataria]
* x86: add X86_FEATURE_
- LP: #319945
* x86: add a synthetic TSC_RELIABLE feature bit
- LP: #319945
* x86: vmware: look for DMI string in the product serial key
- LP: #319945
* x86: Hypervisor detection and get tsc_freq from hypervisor
- LP: #319945
* x86: Use the synthetic TSC_RELIABLE bit to workaround virtualization
anomalies.
- LP: #319945
* x86: Skip verification by the watchdog for TSC clocksource.
- LP: #319945
* x86: Mark TSC synchronized on VMware.
- LP: #319945
[Colin Ian King]
* SAUCE: Bluetooth USB: fix kernel panic during suspend while streaming
audio to bluetooth headset
- LP: #331106
[James Troup]
* XEN: Enable architecture specific get_unmapped_
- LP: #237724
[Stefan Bader]
* Xen: Fix FTBS after Vmware TSC updates.
- LP: #319945
[Upstream Kernel Changes]
* r8169: fix RxMissed register access
- LP: #324760
* r8169: Tx performance tweak helper
- LP: #326891
* r8169: use pci_find_capability for the PCI-E features
- LP: #326891
* r8169: add 8168/8101 registers description
- LP: #326891
* r8169: add hw start helpers for the 8168 and the 8101
- LP: #326891
* r8169: additional 8101 and 8102 support
- LP: #326891
* Fix memory corruption in console selection
- LP: #329007
linux (2.6.24-23.52) hardy-security; urgency=low
[Stefan Bader]
* rt: Fix FTBS caused by shm changes
- CVE-2009-0859
[Steve Beattie]
* fix apparmor memory leak on deleted file ops
- LP: #329489
[Upstream Kernel Changes]
* NFS: Remove the buggy lock-if-signalled case from do_setlk()
- CVE-2008-4307
* sctp: Avoid memory overflow while FWD-TSN chunk is received with bad
stream ID
- CVE-2009-0065
* net: 4 bytes kernel memory disclosure in SO_BSDCOMPAT gsopt try #2
- CVE-2009-0676
* sparc: Fix mremap address range validation.
- CVE-2008-6107
* copy_process: fix CLONE_PARENT && parent_exec_id interaction
- CVE-2009-0028
* security: introduce missing kfree
- CVE-2009-0031
* eCryptfs: check readlink result was not an error before using it
- CVE-2009-0269
* dell_rbu: use scnprintf() instead of less secure sprintf()
- CVE-2009-0322
* drivers/net/skfp: if !capable(
- CVE-2009-0675
* Ext4: Fix online res...