Comment 4 for bug 713266

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-fsl-imx51 - 2.6.31-608.22

---------------
linux-fsl-imx51 (2.6.31-608.22) lucid; urgency=low

  [ Tim Gardner ]

  * rebased to 2.6.31-22.72
  * Tracking bug
    - LP: #713266

  [ Upstream Kernel Changes ]

  * Karmic SRU: thinkpad-acpi: lock down video output state access, CVE-2010-3448
    - LP: #706999
    - CVE-2010-3448
  * USB: serial/mos*: prevent reading uninitialized stack memory,
    CVE-2010-4074
    - LP: #706149
    - CVE-2010-4074
  * KVM: Fix fs/gs reload oops with invalid ldt
    - LP: #707000
    - CVE-2010-3698
  * drivers/video/sis/sis_main.c: prevent reading uninitialized stack
    memory, CVE-2010-4078
    - LP: #707579
    - CVE-2010-4078
  * V4L/DVB: ivtvfb: prevent reading uninitialized stack memory,
    CVE-2010-4079
    - LP: #707649
    - CVE-2010-4079

  [ Upstream Kernel Changes ]

  * ipc: initialize structure memory to zero for compat functions
  * tcp: Increase TCP_MAXSEG socket option minimum.
    - CVE-2010-4165
  * perf_events: Fix perf_counter_mmap() hook in mprotect()
    - CVE-2010-4169
  * af_unix: limit unix_tot_inflight
    - CVE-2010-4249

linux-fsl-imx51 (2.6.31-608.21) lucid-proposed; urgency=low

  [ Leann Ogasawara ]

  * Rebased to 2.6.31-22.70

  [ Ubuntu: 2.6.31-22.70 ]

  - LP: #683474
  * Revert "SAUCE: AF_ECONET saddr->cookie prevent NULL pointer
    dereference"
  * Revert "SAUCE: AF_ECONET SIOCSIFADDR ioctl does not check privileges"
  * Revert "SAUCE: AF_ECONET prevent kernel stack overflow"
  * Btrfs: fix checks in BTRFS_IOC_CLONE_RANGE
    - CVE-2010-2538
  * xfs: validate untrusted inode numbers during lookup
    - CVE-2010-2943
  * xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED
    - CVE-2010-2943
  * xfs: remove block number from inode lookup code
    - CVE-2010-2943
  * xfs: fix untrusted inode number lookup
    - CVE-2010-2943
  * drm/i915: Sanity check pread/pwrite
    - CVE-2010-2962
  * drm/i915: Rephrase pwrite bounds checking to avoid any potential overflow
    - CVE-2010-2962
  * tracing: Do not allow llseek to set_ftrace_filter
    - CVE-2010-3079
  * drivers/net/cxgb3/cxgb3_main.c: prevent reading uninitialized stack memory
    - CVE-2010-3296
  * drivers/net/eql.c: prevent reading uninitialized stack memory
    - CVE-2010-3297
  * drivers/net/usb/hso.c: prevent reading uninitialized memory
    - CVE-2010-3298
  * setup_arg_pages: diagnose excessive argument size
    - CVE-2010-3858
  * net: clear heap allocation for ETHTOOL_GRXCLSRLALL
    - CVE-2010-3861
  * ipc: shm: fix information leak to userland
    - CVE-2010-4072
  * econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849
    - CVE-2010-3849
  * econet: fix CVE-2010-3850
    - CVE-2010-3850
  * econet: fix CVE-2010-3848
    - CVE-2010-3848

  [ Ubuntu: 2.6.31-22.69 ]

  * SAUCE: AF_ECONET prevent kernel stack overflow
    - CVE-2010-3848
  * SAUCE: AF_ECONET SIOCSIFADDR ioctl does not check privileges
    - CVE-2010-3850
  * SAUCE: AF_ECONET saddr->cookie prevent NULL pointer dereference
    - CVE-2010-3849

  [ Ubuntu: 2.6.31-22.68 ]

  * SAUCE: docs -- fix doc strings for fc_event_seq
  * SAUCE: (no-up) Modularize vesafb -- fix initialization
    - LP: #611471
  * SAUCE: sched: update load count only once per cpu in 10 tick update window
    - LP: #513848
  * SAUCE: agp/intel: Add second set of PCI-IDs for B43
    - LP: #640214
  * SAUCE: drm/i915: Add second set of PCI-IDs for B43
    - LP: #640214
  * SAUCE: Fix compile error on ia64, powerpc, and sparc
  * (pre-stable) x86-32, resume: do a global tlb flush in S4 resume
    - LP: #531309
  * PCI: Ensure we re-enable devices on resume
    - LP: #566149

  [ Ubuntu: 2.6.31-22.67 ]

  * Local privilege escalation vulnerability in RDS sockets
    - CVE-2010-3904
  * v4l: disable dangerous buggy compat function
    - CVE-2010-2963
  * mm: Do not assume ENOMEM when looking at a split stack vma
    - LP: #646114
  * mm: Use helper to find real vma with stack guard page
    - LP: #646114
  * Fix race in tty_fasync() properly
    - CVE-2009-4895
  * ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files
    - CVE-2010-2066
  * xfs: prevent swapext from operating on write-only files
    - CVE-2010-2226
  * cifs: Fix a kernel BUG with remote OS/2 server (try #3)
    - CVE-2010-2248
  * ethtool: Fix potential user buffer overflow for ETHTOOL_{G, S}RXFH
    - CVE-2010-2478
  * l2tp: Fix oops in pppol2tp_xmit
    - CVE-2010-2495
  * nfsd4: bug in read_buf
    - CVE-2010-2521
  * CIFS: Fix a malicious redirect problem in the DNS lookup code
    - CVE-2010-2524
  * GFS2: rename causes kernel Oops
    - CVE-2010-2798
  * net sched: fix some kernel memory leaks
    - CVE-2010-2942
  * jfs: don't allow os2 xattr namespace overlap with others
    - CVE-2010-2946
  * irda: Correctly clean up self->ias_obj on irda_bind() failure.
    - CVE-2010-2954
  * wireless extensions: fix kernel heap content leak
    - CVE-2010-2955
  * ext4: consolidate in_range() definitions
    - CVE-2010-3015
  * aio: check for multiplication overflow in do_io_submit
    - CVE-2010-3067
  * xfs: prevent reading uninitialized stack memory
    - CVE-2010-3078
  * ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
    - CVE-2010-3080
  * niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL
    - CVE-2010-3084
  * rose: Fix signedness issues wrt. digi count.
    - CVE-2010-3310
  * sctp: Do not reset the packet during sctp_packet_config().
    - CVE-2010-3432
  * Fix pktcdvd ioctl dev_minor range check
    - CVE-2010-3437
  * ALSA: prevent heap corruption in snd_ctl_new()
    - CVE-2010-3442
  * net sched: fix kernel leak in act_police
    - CVE-2010-3477
  * Fix out-of-bounds reading in sctp_asoc_get_hmac()
    - CVE-2010-3705
  * ocfs2: Don't walk off the end of fast symlinks.
    - CVE-2010-NNN2
 -- Tim Gardner <email address hidden> Fri, 04 Feb 2011 11:39:27 -0700