Kernel SRU Workflow

linux-fsl-imx51: 2.6.31-609.26 -proposed tracker

  1. Series security-signoff
  2. Bug #795219
Bug #795219 reported by Tim Gardner
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Kernel SRU Workflow
Fix Released
Undecided
Unassigned
Certification-testing
Invalid
Undecided
Canonical Hardware Certification
Prepare-package
Fix Released
Undecided
Brad Figg
Promote-to-proposed
Fix Released
Undecided
Ubuntu Stable Release Updates Team
Promote-to-security
Fix Released
Undecided
Ubuntu Stable Release Updates Team
Promote-to-updates
Fix Released
Undecided
Ubuntu Stable Release Updates Team
Regression-testing
Fix Released
Undecided
Registry Administrators
Security-signoff
Fix Released
Undecided
Kees Cook
Verification-testing
Fix Released
Undecided
Canonical Kernel Team
linux-fsl-imx51 (Ubuntu)
Invalid
Medium
Unassigned
Lucid
Fix Released
Undecided
Unassigned

Bug Description

This bug is for tracking the 2.6.31-609.26 upload package. This bug will contain status and testing results releated to that upload.

For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

Tim Gardner (timg-tpi)
tags: added: kernel-release-tracking-bug
Changed in linux-fsl-imx51 (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
Changed in kernel-sru-workflow:
status: New → In Progress
Tim Gardner (timg-tpi)
Changed in linux-fsl-imx51 (Ubuntu):
status: In Progress → Invalid
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → In Progress
Herton R. Krzesinski (herton)
tags: added: armel
Revision history for this message
Tobin Davis (gruemaster) wrote :

Passed verification.

Revision history for this message
Kees Cook (kees) wrote :

The commits for CVE-2010-4076 and CVE-2010-4077 seems a bit confused. This version seems to have half of them, so I'm ignoring those CVEs in the changelog for the future publication. The rest looks fine.

Tobin Davis (gruemaster)
tags: added: qa-testing-passed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.2 KiB)

This bug was fixed in the package linux-fsl-imx51 - 2.6.31-609.26

---------------
linux-fsl-imx51 (2.6.31-609.26) lucid; urgency=low

  [ Paolo Pisati ]

  * Tracking bug
    - LP: #795219
  * [Config] Disable parport_pc on fsl-imx51
    - LP: #601226

  [ Upstream Kernel Changes ]

  * ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory
    - LP: #712723, #712737
  * can-bcm: fix minor heap overflow
    - LP: #710680
  * drivers/video/via/ioctl.c: prevent reading uninitialized stack memory
    - LP: #712744
  * gdth: integer overflow in ioctl
    - LP: #711797
  * inet_diag: Make sure we actually run the same bytecode we audited, CVE-2010-3880
    - LP: #711865
    - CVE-2010-3880
  * net: fix rds_iovec page count overflow, CVE-2010-3865
    - LP: #709153
    - CVE-2010-3865
  * net: packet: fix information leak to userland, CVE-2010-3876
    - LP: #711045
    - CVE-2010-3876
  * net: tipc: fix information leak to userland, CVE-2010-3877
    - LP: #711291
    - CVE-2010-3877
  * net: Truncate recvfrom and sendto length to INT_MAX.
    - LP: #708839
  * posix-cpu-timers: workaround to suppress the problems with mt exec
    - LP: #712609
  * sys_semctl: fix kernel stack leakage
    - LP: #712749
  * x25: Patch to fix bug 15678 - x25 accesses fields beyond end of packet.
    - LP: #709372
  * memory corruption in X.25 facilities parsing
    - LP: #709372
  * net: ax25: fix information leak to userland, CVE-2010-3875
    - LP: #710714
    - CVE-2010-3875
  * net: ax25: fix information leak to userland harder, CVE-2010-3875
    - LP: #710714
    - CVE-2010-3875
  * fs/partitions/ldm.c: fix oops caused by corrupted partition table, CVE-2011-1017
    - LP: #771382
    - CVE-2011-1017
  * net: clear heap allocations for privileged ethtool actions
    - LP: #771445
  * Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code
    - LP: #772543
  * Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
    - LP: #772543
  * exec: make argv/envp memory visible to oom-killer
    - LP: #768408
  * next_pidmap: fix overflow condition
    - LP: #784727
  * proc: do proper range check on readdir offset
    - LP: #784727
  * mpt2sas: prevent heap overflows and unchecked reads
    - LP: #787145
  * agp: fix arbitrary kernel memory writes
    - LP: #788684
  * can: add missing socket check in can/raw release
    - LP: #788694
  * agp: fix OOM and buffer overflow
    - LP: #788700
  * do_exit(): make sure that we run with get_fs() == USER_DS - CVE-2010-4258
    - LP: #723945
    - CVE-2010-4258
  * x25: Prevent crashing when parsing bad X.25 facilities - CVE-2010-4164
    - LP: #731199
    - CVE-2010-4164
  * install_special_mapping skips security_file_mmap check - CVE-2010-4346
    - LP: #731971
    - CVE-2010-4346
  * econet: Fix crash in aun_incoming() - CVE-2010-4342
    - LP: #736394
    - CVE-2010-4342
  * sound: Prevent buffer overflow in OSS load_mixer_volumes - CVE-2010-4527
    - LP: #737073
    - CVE-2010-4527
  * irda: prevent integer underflow in IRLMP_ENUMDEVICES, CVE-2010-4529
    - LP: #737823
    - CVE-2010-4529
  * CAN: Use inode instead of kernel address for /proc file - CVE-2010-4565
    - LP: #765007...

Read more...

Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: In Progress → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

Released to -security/-updates

Revision history for this message
Herton R. Krzesinski (herton) wrote : Package Released!

The package has been published and the bug is being set to Fix Released

Changed in kernel-sru-workflow:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.