CVE-2011-1577
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
| Hardy |
Fix Released
|
Medium
|
Andy Whitcroft | ||
| Lucid |
Fix Released
|
Medium
|
Andy Whitcroft | ||
| Maverick |
Fix Released
|
Medium
|
Andy Whitcroft | ||
| Natty |
Fix Released
|
Medium
|
Andy Whitcroft | ||
| Oneiric |
Fix Released
|
Medium
|
Unassigned | ||
| Precise |
Fix Released
|
Medium
|
Unassigned | ||
| linux-ec2 (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
| Hardy |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Fix Released
|
Medium
|
Unassigned | ||
| Maverick |
Invalid
|
Medium
|
Unassigned | ||
| Natty |
Invalid
|
Medium
|
Unassigned | ||
| Oneiric |
Invalid
|
Medium
|
Unassigned | ||
| Precise |
Invalid
|
Medium
|
Unassigned | ||
| linux-fsl-imx51 (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
| Hardy |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Fix Released
|
Medium
|
Andy Whitcroft | ||
| Maverick |
Invalid
|
Medium
|
Unassigned | ||
| Natty |
Invalid
|
Medium
|
Unassigned | ||
| Oneiric |
Invalid
|
Medium
|
Unassigned | ||
| Precise |
Invalid
|
Medium
|
Unassigned | ||
| linux-lts-backport-maverick (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
| Hardy |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Fix Released
|
Medium
|
Unassigned | ||
| Maverick |
Invalid
|
Medium
|
Unassigned | ||
| Natty |
Invalid
|
Medium
|
Unassigned | ||
| Oneiric |
Invalid
|
Medium
|
Unassigned | ||
| Precise |
Invalid
|
Medium
|
Unassigned | ||
| linux-lts-backport-natty (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
| Hardy |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Fix Released
|
Medium
|
Unassigned | ||
| Maverick |
Invalid
|
Medium
|
Unassigned | ||
| Natty |
Invalid
|
Medium
|
Unassigned | ||
| Oneiric |
Invalid
|
Medium
|
Unassigned | ||
| Precise |
Invalid
|
Medium
|
Unassigned | ||
| linux-lts-backport-oneiric (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
| Hardy |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Invalid
|
Medium
|
Unassigned | ||
| Maverick |
Invalid
|
Medium
|
Unassigned | ||
| Natty |
Invalid
|
Medium
|
Unassigned | ||
| Oneiric |
Invalid
|
Medium
|
Unassigned | ||
| Precise |
Invalid
|
Medium
|
Unassigned | ||
| linux-mvl-dove (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
| Hardy |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Fix Released
|
Medium
|
Unassigned | ||
| Maverick |
Fix Released
|
Medium
|
Unassigned | ||
| Natty |
Invalid
|
Medium
|
Unassigned | ||
| Oneiric |
Invalid
|
Medium
|
Unassigned | ||
| Precise |
Invalid
|
Medium
|
Unassigned | ||
| linux-ti-omap4 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
| Hardy |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Invalid
|
Medium
|
Unassigned | ||
| Maverick |
Fix Released
|
Medium
|
Unassigned | ||
| Natty |
Fix Released
|
Medium
|
Unassigned | ||
| Oneiric |
Fix Released
|
Medium
|
Unassigned | ||
| Precise |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media.
Break-Fix: - 3eb8e74ec72736b
CVE References
- 2010-3296
- 2010-3297
- 2010-3698
- 2010-3858
- 2010-3859
- 2010-3865
- 2010-3875
- 2010-3876
- 2010-3877
- 2010-3880
- 2010-4073
- 2010-4076
- 2010-4077
- 2010-4079
- 2010-4080
- 2010-4081
- 2010-4082
- 2010-4083
- 2010-4157
- 2010-4158
- 2010-4162
- 2010-4163
- 2010-4169
- 2010-4175
- 2010-4242
- 2010-4243
- 2010-4247
- 2010-4248
- 2010-4251
- 2010-4256
- 2010-4526
- 2010-4529
- 2010-4565
- 2010-4649
- 2010-4805
- 2011-0463
- 2011-0695
- 2011-0711
- 2011-0726
- 2011-1010
- 2011-1012
- 2011-1013
- 2011-1016
- 2011-1017
- 2011-1019
- 2011-1020
- 2011-1078
- 2011-1079
- 2011-1080
- 2011-1082
- 2011-1090
- 2011-1093
- 2011-1160
- 2011-1163
- 2011-1169
- 2011-1170
- 2011-1171
- 2011-1172
- 2011-1173
- 2011-1180
- 2011-1478
- 2011-1493
- 2011-1494
- 2011-1577
- 2011-1581
- 2011-1598
- 2011-1746
- 2011-1748
- 2011-1770
- 2011-1833
- 2011-2484
- 2011-2492
- 2011-2493
- 2011-2534
- 2011-2689
- 2011-2699
- 2011-2918
CVE-2011-1577
This bug was fixed in the package linux - 2.6.24-29.91
---------------
linux (2.6.24-29.91) hardy-proposed; urgency=low
[Steve Conklin]
* Release Tracking Bug
- LP: #801636
[Andy Whitcroft]
* custom binaries need VERSION_SIGNATURE updated during prepare
- LP: #794698
[Stefan Bader]
* (config) Disable COMPAT_VDSO for i386 Xen kernels
- LP: #794715
* XEN: Add yield points to blktap and blkback
- LP: #791212
- CVE-2010-4247
* xen: Fix memory corruption caused by double free
- LP: #705562
[Upstream Kernel Changes]
* agp: fix arbitrary kernel memory writes, CVE-1011-2022
- LP: #788684
- CVE-1011-2022
* agp: fix OOM and buffer overflow
- LP: #791918
- CVE-2011-1746
* tty: icount changeover for other main devices, CVE-2010-4076,
CVE-2010-4077
- LP: #794034
- CVE-2010-4077
* fs/partitions/
oops
- LP: #795418
- CVE-2011-1577
* Fix corrupted OSF partition table parsing
- LP: #796606
- CVE-2011-1163
* proc: avoid information leaks to non-privileged processes
- LP: #799906
- CVE-2011-0726
* proc: protect mm start_code/end_code in /proc/pid/stat
- LP: #799906
- CVE-2011-0726
* sctp: Fix a race between ICMP protocol unreachable and connect()
- LP: #799828
- CVE-2010-4526
* xen: blkback, blktap: Fix potential resource leak
- LP: #800254
-- Steve Conklin <email address hidden> 2011年6月24日 10:59:11 -0500
This bug was fixed in the package linux - 2.6.35-30.56
---------------
linux (2.6.35-30.56) maverick-proposed; urgency=low
[Herton R. Krzesinski]
* Release Tracking Bug
- LP: #808934
[ Herton Ronaldo Krzesinski ]
* Revert "SAUCE: mmc: Enable MMC card reader for RICOH [1180:e823]"
[ Upstream Kernel Changes ]
* Revert "x86: Flush TLB if PGD entry is changed in i386 PAE mode"
- LP: #805209
linux (2.6.35-30.55) maverick-proposed; urgency=low
[Steve Conklin]
* Release Tracking Bug
- LP: #801690
[ Jeremy Kerr ]
* SAUCE: cx23885: Fix argument to videobuf_dma_unmap
- LP: #800527
[ Manoj Iyer ]
* SAUCE: mmc: Enable MMC card reader for RICOH [1180:e823]
- LP: #790754
[ Upstream Kernel Changes ]
* agp: fix OOM and buffer overflow
- LP: #791918
- CVE-2011-1746
* tty: icount changeover for other main devices, CVE-2010-4076,
CVE-2010-4077
- LP: #720189
- CVE-2010-4077
* fs/partitions/
oops
- LP: #795418
- CVE-2011-1577
* Fix corrupted OSF partition table parsing
- LP: #796606
- CVE-2011-1163
* can: Add missing socket check in can/bcm release.
- LP: #796502
- CVE-2011-1598
* nfs4: Ensure that ACL pages sent over NFS were not allocated from the
slab (v3) CVE-2011-1090
- LP: #800775
- CVE-2011-1090
-- Herton Ronaldo Krzesinski <email address hidden> 2011年7月11日 15:17:32 -0300
This bug was fixed in the package linux-lts-
---------------
linux-lts-
[Herton R. Krzesinski]
* Release Tracking Bug
- LP: #811215
[ Herton Ronaldo Krzesinski ]
* Revert "SAUCE: mmc: Enable MMC card reader for RICOH [1180:e823]"
[ Upstream Kernel Changes ]
* Revert "x86: Flush TLB if PGD entry is changed in i386 PAE mode"
- LP: #805209
linux (2.6.35-30.55) maverick-proposed; urgency=low
[Steve Conklin]
* Release Tracking Bug
- LP: #801690
[ Jeremy Kerr ]
* SAUCE: cx23885: Fix argument to videobuf_dma_unmap
- LP: #800527
[ Manoj Iyer ]
* SAUCE: mmc: Enable MMC card reader for RICOH [1180:e823]
- LP: #790754
[ Upstream Kernel Changes ]
* agp: fix OOM and buffer overflow
- LP: #791918
- CVE-2011-1746
* tty: icount changeover for other main devices, CVE-2010-4076,
CVE-2010-4077
- LP: #720189
- CVE-2010-4077
* fs/partitions/
oops
- LP: #795418
- CVE-2011-1577
* Fix corrupted OSF partition table parsing
- LP: #796606
- CVE-2011-1163
* can: Add missing socket check in can/bcm release.
- LP: #796502
- CVE-2011-1598
* nfs4: Ensure that ACL pages sent over NFS were not allocated from the
slab (v3) CVE-2011-1090
- LP: #800775
- CVE-2011-1090
linux (2.6.35-30.54) maverick-proposed; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #794114
[ Upstream Kernel Changes ]
* Revert "xhci: Fix full speed bInterval encoding."
* Revert "USB: xhci - also free streams when resetting devices"
* Revert "USB: xhci - fix math in xhci_get_
* Revert "USB: xhci - fix unsafe macro definitions"
linux (2.6.35-30.53) maverick-proposed; urgency=low
[ Upstream Kernel Changes ]
* xhci: Fix full speed bInterval encoding.
- LP: #792959
linux (2.6.35-30.52) maverick-proposed; urgency=low
[ Herton R. Krzesinski ]
* Release Tracking Bug
- LP: #790653
[ Stefan Bader ]
* Include nls_iso8859-1 for virtual images
- LP: #732046
[ Thomas Schlichter ]
* SAUCE: vesafb: mtrr module parameter is uint, not bool
- LP: #778043
[ Tim Gardner ]
* [Config] Add cachefiles.ko to virtual flavour
- LP: #770430
[ Upstream Kernel Changes ]
* Revert "intel_idle: PCI quirk to prevent Lenovo Ideapad s10-3 boot
hang"
- LP: #772560
* Revert "TPM: Long default timeout fix"
- LP: #772560
* Revert "tpm_tis: Use timeouts returned from TPM"
- LP: #772560
* Revert "xen: set max_pfn_mapped to the last pfn mapped"
* CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565
- LP: #765007
- CVE-2010-4565
* xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1,
CVE-2011-0711
- LP: #767740
- CVE-2011-0711
* Treat writes as new when holes span across page boundaries,
CVE-2011-0463
- LP: #770483
- CVE-2011-0463
* fs/partitions/
CVE-2011-1017
- LP: #771382
- CVE-2011-1017
* qla2xxx:...
This bug was fixed in the package linux - 2.6.38-11.48
---------------
linux (2.6.38-11.48) natty-proposed; urgency=low
[Herton R. Krzesinski]
* Release Tracking Bug
- LP: #818175
[ Upstream Kernel Changes ]
* Revert "HID: magicmouse: ignore 'ivalid report id' while switching
modes"
- LP: #814250
linux (2.6.38-11.47) natty-proposed; urgency=low
[Steve Conklin]
* Release Tracking Bug
- LP: #811180
[ Keng-Yu Lin ]
* SAUCE: Revert: "dell-laptop: Toggle the unsupported hardware
killswitch"
- LP: #775281
[ Ming Lei ]
* SAUCE: fix yama_ptracer_del lockdep warning
- LP: #791019
[ Stefan Bader ]
* SAUCE: Re-enable RODATA for i386 virtual
- LP: #809838
[ Tim Gardner ]
* [Config] Add grub-efi as a recommended bootloader for server and
generic
- LP: #800910
* SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
- LP: #805494
[ Upstream Kernel Changes ]
* Revert "bridge: Forward reserved group addresses if !STP"
- LP: #793702
* Fix up ABI directory
* bonding: Incorrect TX queue offset, CVE-2011-1581
- LP: #792312
- CVE-2011-1581
* fs/partitions/
oops
- LP: #795418
- CVE-2011-1577
* usbnet/cdc_ncm: add missing .reset_resume hook
- LP: #793892
* ath5k: Disable fast channel switching by default
- LP: #767192
* mm: vmscan: correctly check if reclaimer should schedule during
shrink_slab
- LP: #755066
* mm: vmscan: correct use of pgdat_balanced in sleeping_
- LP: #755066
* ALSA: hda - Use LPIB for ATI/AMD chipsets as default
- LP: #741825
* ALSA: hda - Enable snoop bit for AMD controllers
- LP: #741825
* ALSA: hda - Enable sync_write workaround for AMD generically
- LP: #741825
* cpuidle: menu: fixed wrapping timers at 4.294 seconds
- LP: #774947
* drm/i915: Fix gen6 (SNB) missed BLT ring interrupts.
- LP: #761065
* USB: ehci: remove structure packing from ehci_def
- LP: #791552
* drm/i915: disable PCH ports if needed when disabling a CRTC
- LP: #791752
* kmemleak: Do not return a pointer to an object that kmemleak did not
get
- LP: #793702
* kmemleak: Initialise kmemleak after debug_objects_
- LP: #793702
* Fix _OSC UUID in pcc-cpufreq
- LP: #793702
* CPU hotplug, re-create sysfs directory and symlinks
- LP: #793702
* Fix memory leak in cpufreq_stat
- LP: #793702
* net: recvmmsg: Strip MSG_WAITFORONE when calling recvmsg
- LP: #793702
* ftrace: Only update the function code on write to filter files
- LP: #793702
* qla2xxx: Fix hang during driver unload when vport is active.
- LP: #793702
* qla2xxx: Fix virtual port failing to login after chip reset.
- LP: #793702
* qla2xxx: Fix vport delete hang when logins are outstanding.
- LP: #793702
* powerpc/kdump64: Don't reference freed memory as pacas
- LP: #793702
* powerpc/kexec: Fix memory corruption from unallocated slaves
- LP: #793702
* x86, cpufeature: Fix cpuid leaf 7 feature detection
- LP: #793702
* ath9k_hw: do noise floor calibration only on required chain...
This bug was fixed in the package linux-fsl-imx51 - 2.6.31-610.28
---------------
linux-fsl-imx51 (2.6.31-610.28) lucid-proposed; urgency=low
* Release tracking bug
- LP: #837802
[ Upstream Kernel Changes ]
* ipv6: make fragment identifications less predictable, CVE-2011-2699
- LP: #827685
- CVE-2011-2699
* perf: Fix software event overflow, CVE-2011-2918
- LP: #834121
- CVE-2011-2918
* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
linux-fsl-imx51 (2.6.31-610.27) lucid-proposed; urgency=low
* Release tracking bug
- LP: #829160
[ Upstream Kernel Changes ]
* fs/partitions/
oops
- LP: #795418
- CVE-2011-1577
* Fix corrupted OSF partition table parsing
- LP: #796606
- CVE-2011-1163
* can: Add missing socket check in can/bcm release.
- LP: #796502
- CVE-2011-1598
* proc: protect mm start_code/end_code in /proc/pid/stat
- LP: #799906
- CVE-2011-0726
* sctp: Fix a race between ICMP protocol unreachable and connect()
* tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
- LP: #794034
- CVE-2010-4077
* filter: make sure filters dont read uninitialized memory CVE-2010-4158
- LP: #721282
- CVE-2010-4158
* bio: take care not overflow page count when mapping/copying user data
CVE-2010-4162
- LP: #721441
- CVE-2010-4162
* block: check for proper length of iov entries in blk_rq_
- LP: #721504
- CVE-2010-4163
* block: check for proper length of iov entries earlier in
blk_
- LP: #721504
- CVE-2010-4163
* rds: Integer overflow in RDS cmsg handling, CVE-2010-4175
- LP: #721455
- CVE-2010-4175
* bluetooth: Fix missing NULL check CVE-2010-4242
- LP: #714846
- CVE-2010-4242
* IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649
- LP: #800121
- CVE-2010-4649
* epoll: prevent creating circular epoll structures CVE-2011-1082
- LP: #800758
- CVE-2011-1082
* nfs4: Ensure that ACL pages sent over NFS were not allocated from the
slab (v3) CVE-2011-1090
- LP: #800775
* ldm: corrupted partition table can cause kernel oops CVE-2011-1012
- LP: #801083
- CVE-2011-1012
* netfilter: ipt_CLUSTERIP: fix buffer overflow CVE-2011-2534
- LP: #801473
- CVE-2011-2534
* netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170
- LP: #801480
- CVE-2011-1170
* netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171
- LP: #801482
- CVE-2011-1171
* ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172
- LP: #801483
- CVE-2011-1172
* econet: 4 byte infoleak to the network CVE-2011-1173
- LP: #801484
- CVE-2011-1173
* net: Limit socket I/O iovec total length to INT_MAX.
- LP: #708839
* fs/partitions: Validate map_count in Mac partition tables -
CVE-2011-1010
- LP: #804225
- CVE-2011-1010
* drm: fix unsigned vs signed comparison issue in modeset ctl ioctl,
CVE-2011-1013
- LP: #804229
- CVE-2011-1013
...
This bug was fixed in the package linux-mvl-dove - 2.6.32-218.36
---------------
linux-mvl-dove (2.6.32-218.36) lucid-proposed; urgency=low
* Release tracking bug
- LP: #837803
[ Paolo Pisati ]
* Rebased to 2.6.32-34.76
[ Ubuntu: 2.6.32-34.76 ]
* Release Tracking Bug
- LP: #836914
* Revert "drm/nv50-nvc0: work around an evo channel hang that some people
see"
* Revert "eCryptfs: Handle failed metadata read in lookup"
* Revert "tunnels: fix netns vs proto registration ordering"
[ Ubuntu: 2.6.32-34.75 ]
* Release Tracking Bug
- LP: #832332
* drm/i915: Remove BUG_ON from i915_gem_
- LP: #828550
linux-mvl-dove (2.6.32-218.35) lucid-proposed; urgency=low
[ Paolo Pisati ]
* Release Tracking Bug
- LP: #829161
* Rebased to 2.6.32-34.74
[ Ubuntu: 2.6.32-34.74 ]
* Release Tracking Bug
- LP: #828375
* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
[ Ubuntu: 2.6.32-34.73 ]
* Release Tracking Bug
- LP: #824148
* SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
- LP: #805494
* [Config] Add enic/fnic to udebs
- LP: #801610
* tty: icount changeover for other main devices, CVE-2010-4076,
CVE-2010-4077
- LP: #720189
- CVE-2010-4077
* fs/partitions/
oops
- LP: #795418
- CVE-2011-1577
* ftrace: Only update the function code on write to filter files
- LP: #802383
* kmemleak: Do not return a pointer to an object that kmemleak did not
get
- LP: #802383
* CPU hotplug, re-create sysfs directory and symlinks
- LP: #802383
* Fix memory leak in cpufreq_stat
- LP: #802383
* powerpc/kexec: Fix memory corruption from unallocated slaves
- LP: #802383
* powerpc/oprofile: Handle events that raise an exception without
overflowing
- LP: #802383
* mtd: mtdconcat: fix NAND OOB write
- LP: #802383
* x86, 64-bit: Fix copy_[to/
limit
- LP: #802383
* ext3: Fix fs corruption when make_indexed_dir() fails
- LP: #802383
* jbd: Fix forever sleeping process in do_get_
- LP: #802383
* jbd: fix fsync() tid wraparound bug
- LP: #802383
* ext4: release page cache in ext4_mb_load_buddy error path
- LP: #802383
* Fix Ultrastor asm snippet
- LP: #802383
* x86, amd: Do not enable ARAT feature on AMD processors below family
0x12
- LP: #802383
* x86, amd: Use _safe() msr access for GartTlbWlk disable code
- LP: #802383
* rcu: Fix unpaired rcu_irq_enter() from locking selftests
- LP: #802383
* staging: usbip: fix wrong endian conversion
- LP: #802383
* Fix for buffer overflow in ldm_frag_add not sufficient
- LP: #802383
* seqlock: Don't smp_rmb in seqlock reader spin loop
- LP: #802383
* ALSA: HDA: Use one dmic only for Dell Studio 1558
- LP: #731706, #802383
* ASoC: Ensure output PGA is enabled for line outputs in wm_hubs
- LP: #802383
* ASoC: Add some missing volume update bit sets for wm_hubs devices
- LP: #802383
* mm/page_alloc.c: prevent u...
This bug was fixed in the package linux-ti-omap4 - 2.6.35-903.24
---------------
linux-ti-omap4 (2.6.35-903.24) maverick-proposed; urgency=low
* Release tracking bug
- LP: #838037
[ Upstream Kernel Changes ]
* ipv6: make fragment identifications less predictable, CVE-2011-2699
- LP: #827685
- CVE-2011-2699
* perf: Fix software event overflow, CVE-2011-2918
- LP: #834121
- CVE-2011-2918
* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
linux-ti-omap4 (2.6.35-903.23) maverick-proposed; urgency=low
* Release tracking bug
- LP: #829655
[ Upstream Kernel Changes ]
* drm/radeon/kms: check AA resolve registers on r300, CVE-2011-1016
- LP: #745686
- CVE-2011-1016
* drm/radeon: fix regression with AA resolve checking, CVE-2011-1016
- LP: #745686
- CVE-2011-1016
* can-bcm: fix minor heap overflow
- LP: #690730
* CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565
- LP: #765007
- CVE-2010-4565
* av7110: check for negative array offset
- LP: #747520
* xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1,
CVE-2011-0711
- LP: #767740
- CVE-2011-0711
* ALSA: caiaq - Fix possible string-buffer overflow
- LP: #747520
* IB/cm: Bump reference count on cm_id before invoking callback,
CVE-2011-0695
- LP: #770369
- CVE-2011-0695
* RDMA/cma: Fix crash in request handlers, CVE-2011-0695
- LP: #770369
- CVE-2011-0695
* Treat writes as new when holes span across page boundaries,
CVE-2011-0463
- LP: #770483
- CVE-2011-0463
* net: clear heap allocations for privileged ethtool actions
- LP: #686158
* usb: iowarrior: don't trust report_size for buffer size
- LP: #747520
* fs/partitions/
CVE-2011-1017
- LP: #771382
- CVE-2011-1017
* Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal
code
- LP: #747520
* Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
- LP: #747520
* exec: make argv/envp memory visible to oom-killer
- LP: #690730
* next_pidmap: fix overflow condition
- LP: #772560
* proc: do proper range check on readdir offset
- LP: #772560
* ALSA: sound/pci/asihpi: check adapter index in hpi_ioctl, CVE-2011-1169
- LP: #785331
- CVE-2011-1169
* mpt2sas: prevent heap overflows and unchecked reads, CVE-2011-1494
- LP: #787145
- CVE-2011-1494
* agp: fix arbitrary kernel memory writes, CVE-1011-2022
- LP: #788684
- CVE-1011-2022
* can: add missing socket check in can/raw release, CVE-2011-1748
- LP: #788694
- CVE-2011-1748
* agp: fix OOM and buffer overflow
- LP: #788700
* drivers/
memory - CVE-2010-3296
- CVE-2010-3296
* drivers/net/eql.c: prevent reading uninitialized stack memory -
CVE-2010-3297
- CVE-2010-3297
* inet_diag: Make sure we actually run the same bytecode we audited,
CVE-2010-3880
- LP: #711865
- CVE-2010-3880
* setup_arg_pages: diagnose excessive argume...
This bug was fixed in the package linux-ti-omap4 - 2.6.38-1209.15
---------------
linux-ti-omap4 (2.6.38-1209.15) natty-proposed; urgency=low
* Release tracking bug
- LP: #837761
[ Paolo Pisati ]
* [Config] Turn on CONFIG_USER_NS and DEVPTS_
- LP: #787749
[ Tim Gardner ]
* [Config] Add enic/fnic to nic-modules udeb, CVE-2011-1020
- LP: #801610
[ Upstream Kernel Changes ]
* mpt2sas: prevent heap overflows and unchecked reads
- LP: #780546
* agp: fix arbitrary kernel memory writes
- LP: #775809
* can: add missing socket check in can/raw release
- LP: #780546
* agp: fix OOM and buffer overflow
- LP: #775809
* bonding: Incorrect TX queue offset, CVE-2011-1581
- LP: #792312
- CVE-2011-1581
* fs/partitions/
oops
- LP: #795418
- CVE-2011-1577
* can: Add missing socket check in can/bcm release.
- LP: #796502
- CVE-2011-1598
* USB: ehci: remove structure packing from ehci_def
- LP: #791552
* taskstats: don't allow duplicate entries in listener mode,
CVE-2011-2484
- LP: #806390
- CVE-2011-2484
* ext4: init timer earlier to avoid a kernel panic in __save_error_info,
CVE-2011-2493
- LP: #806929
- CVE-2011-2493
* dccp: handle invalid feature options length, CVE-2011-1770
- LP: #806375
- CVE-2011-1770
* pagemap: close races with suid execve, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* report errors in /proc/*/*map* sanely, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* close race in /proc/*/environ, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* auxv: require the target to be tracable (or yourself), CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
- LP: #816550
- CVE-2011-1493
* GFS2: make sure fallocate bytes is a multiple of blksize, CVE-2011-2689
- LP: #819572
- CVE-2011-2689
* Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
- LP: #819569
- CVE-2011-2492
* Add mount option to check uid of device being mounted = expect uid,
CVE-2011-1833
- LP: #732628
- CVE-2011-1833
* ipv6: make fragment identifications less predictable, CVE-2011-2699
- LP: #827685
- CVE-2011-2699
* perf: Fix software event overflow, CVE-2011-2918
- LP: #834121
- CVE-2011-2918
* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
linux-ti-omap4 (2.6.38-1209.13) natty; urgency=low
[ Tim Gardner ]
* Release Tracking Bug
- LP: #772381
[ Brad Figg ]
* Ubuntu-2.6.38-9.43
[ Bryan Wu ]
* merge Ubuntu-2.6.38-9.43
* cherry-pick 6 patches from u2 of 'for-ubuntu' branch
* [Config] Sync up configs for 2.6.38.4
[ Herton Ronaldo Krzesinski ]
* SAUCE: Revert "x86, hibernate: Initialize mmu_cr4_features during boot"
- LP: #764758
[ Leann Ogasawara ]
* [Config] updateconfigs for 2.6.38.4
[ Paolo Pisati ]
* [Conf...
This bug was fixed in the package linux-ec2 - 2.6.32-318.38
---------------
linux-ec2 (2.6.32-318.38) lucid-proposed; urgency=low
[ Stefan Bader ]
* Rebased to 2.6.32-34.76
* Release Tracking Bug
- LP: #837804
[ Ubuntu: 2.6.32-34.76 ]
* Revert "drm/nv50-nvc0: work around an evo channel hang that some people
see"
* Revert "eCryptfs: Handle failed metadata read in lookup"
* Revert "tunnels: fix netns vs proto registration ordering"
[ Ubuntu: 2.6.32-34.75 ]
* drm/i915: Remove BUG_ON from i915_gem_
- LP: #828550
linux-ec2 (2.6.32-318.37) lucid-proposed; urgency=low
[ Stefan Bader ]
* Release Tracking Bug
- LP: #829162
* XEN: exec: delay address limit change until point of no return
- LP: #802383
* Rebased to 2.6.32-34.74
[ Ubuntu: 2.6.32-34.74 ]
* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
[ Ubuntu: 2.6.32-34.73 ]
* SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
- LP: #805494
* [Config] Add enic/fnic to udebs
- LP: #801610
* tty: icount changeover for other main devices, CVE-2010-4076,
CVE-2010-4077
- LP: #720189
- CVE-2010-4077
* fs/partitions/
oops
- LP: #795418
- CVE-2011-1577
* ftrace: Only update the function code on write to filter files
- LP: #802383
* kmemleak: Do not return a pointer to an object that kmemleak did not
get
- LP: #802383
* CPU hotplug, re-create sysfs directory and symlinks
- LP: #802383
* Fix memory leak in cpufreq_stat
- LP: #802383
* powerpc/kexec: Fix memory corruption from unallocated slaves
- LP: #802383
* powerpc/oprofile: Handle events that raise an exception without
overflowing
- LP: #802383
* mtd: mtdconcat: fix NAND OOB write
- LP: #802383
* x86, 64-bit: Fix copy_[to/
limit
- LP: #802383
* ext3: Fix fs corruption when make_indexed_dir() fails
- LP: #802383
* jbd: Fix forever sleeping process in do_get_
- LP: #802383
* jbd: fix fsync() tid wraparound bug
- LP: #802383
* ext4: release page cache in ext4_mb_load_buddy error path
- LP: #802383
* Fix Ultrastor asm snippet
- LP: #802383
* x86, amd: Do not enable ARAT feature on AMD processors below family
0x12
- LP: #802383
* x86, amd: Use _safe() msr access for GartTlbWlk disable code
- LP: #802383
* rcu: Fix unpaired rcu_irq_enter() from locking selftests
- LP: #802383
* staging: usbip: fix wrong endian conversion
- LP: #802383
* Fix for buffer overflow in ldm_frag_add not sufficient
- LP: #802383
* seqlock: Don't smp_rmb in seqlock reader spin loop
- LP: #802383
* ALSA: HDA: Use one dmic only for Dell Studio 1558
- LP: #731706, #802383
* ASoC: Ensure output PGA is enabled for line outputs in wm_hubs
- LP: #802383
* ASoC: Add some missing volume update bit sets for wm_hubs devices
- LP: #802383
* mm/page_alloc.c: prevent unending loop in __alloc_
- LP: #802383
* loop: limit 'max_part' module param to D...
This bug was fixed in the package linux - 2.6.32-34.77
---------------
linux (2.6.32-34.77) lucid-proposed; urgency=low
[Steve Conklin]
* Release Tracking Bug
- LP: #849228
[ Upstream Kernel Changes ]
* Revert "drm/i915: Remove BUG_ON from i915_gem_
* Revert "drm/i915: Periodically flush the active lists and requests"
* Revert "drm/i915/evict: Ensure we completely cleanup on failure"
* Revert "drm/i915: Maintain LRU order of inactive objects upon access by
CPU (v2)"
* Revert "drm/i915: Implement fair lru eviction across both rings. (v2)"
* Revert "drm/i915: Move the eviction logic to its own file."
* Revert "drm/i915: prepare for fair lru eviction"
linux (2.6.32-34.76) lucid-proposed; urgency=low
[Steve Conklin]
* Release Tracking Bug
- LP: #836914
[ Upstream Kernel Changes ]
* Revert "drm/nv50-nvc0: work around an evo channel hang that some people
see"
* Revert "eCryptfs: Handle failed metadata read in lookup"
* Revert "tunnels: fix netns vs proto registration ordering"
linux (2.6.32-34.75) lucid-proposed; urgency=low
[Herton R. Krzesinski]
* Release Tracking Bug
- LP: #832332
[ Upstream Kernel Changes ]
* drm/i915: Remove BUG_ON from i915_gem_
- LP: #828550
linux (2.6.32-34.74) lucid-proposed; urgency=low
[Herton R. Krzesinski]
* Release Tracking Bug
- LP: #828375
[ Upstream Kernel Changes ]
* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
linux (2.6.32-34.73) lucid-proposed; urgency=low
[Herton R. Krzesinski]
* Release Tracking Bug
- LP: #824148
[ Tim Gardner ]
* SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
- LP: #805494
* [Config] Add enic/fnic to udebs
- LP: #801610
[ Upstream Kernel Changes ]
* tty: icount changeover for other main devices, CVE-2010-4076,
CVE-2010-4077
- LP: #720189
- CVE-2010-4077
* fs/partitions/
oops
- LP: #795418
- CVE-2011-1577
* ftrace: Only update the function code on write to filter files
- LP: #802383
* kmemleak: Do not return a pointer to an object that kmemleak did not
get
- LP: #802383
* CPU hotplug, re-create sysfs directory and symlinks
- LP: #802383
* Fix memory leak in cpufreq_stat
- LP: #802383
* powerpc/kexec: Fix memory corruption from unallocated slaves
- LP: #802383
* powerpc/oprofile: Handle events that raise an exception without
overflowing
- LP: #802383
* mtd: mtdconcat: fix NAND OOB write
- LP: #802383
* x86, 64-bit: Fix copy_[to/
limit
- LP: #802383
* ext3: Fix fs corruption when make_indexed_dir() fails
- LP: #802383
* jbd: Fix forever sleeping process in do_get_
- LP: #802383
* jbd: fix fsync() tid wraparound bug
- LP: #802383
* ext4: release page cache in ext4_mb_load_buddy error path
- LP: #802383
* Fix Ultrastor asm snippet
- LP: #802383
* x86, amd: Do not enable ARAT feature on AMD processors below family
0x12
- LP: #802383
* x86, ...