This bug was fixed in the package linux-fsl-imx51 - 2.6.31-608.22 --------------- linux-fsl-imx51 (2.6.31-608.22) lucid; urgency=low [ Tim Gardner ] * rebased to 2.6.31-22.72 * Tracking bug - LP: #713266 [ Upstream Kernel Changes ] * Karmic SRU: thinkpad-acpi: lock down video output state access, CVE-2010-3448 - LP: #706999 - CVE-2010-3448 * USB: serial/mos*: prevent reading uninitialized stack memory, CVE-2010-4074 - LP: #706149 - CVE-2010-4074 * KVM: Fix fs/gs reload oops with invalid ldt - LP: #707000 - CVE-2010-3698 * drivers/video/sis/sis_main.c: prevent reading uninitialized stack memory, CVE-2010-4078 - LP: #707579 - CVE-2010-4078 * V4L/DVB: ivtvfb: prevent reading uninitialized stack memory, CVE-2010-4079 - LP: #707649 - CVE-2010-4079 [ Upstream Kernel Changes ] * ipc: initialize structure memory to zero for compat functions * tcp: Increase TCP_MAXSEG socket option minimum. - CVE-2010-4165 * perf_events: Fix perf_counter_mmap() hook in mprotect() - CVE-2010-4169 * af_unix: limit unix_tot_inflight - CVE-2010-4249 linux-fsl-imx51 (2.6.31-608.21) lucid-proposed; urgency=low [ Leann Ogasawara ] * Rebased to 2.6.31-22.70 [ Ubuntu: 2.6.31-22.70 ] - LP: #683474 * Revert "SAUCE: AF_ECONET saddr->cookie prevent NULL pointer dereference" * Revert "SAUCE: AF_ECONET SIOCSIFADDR ioctl does not check privileges" * Revert "SAUCE: AF_ECONET prevent kernel stack overflow" * Btrfs: fix checks in BTRFS_IOC_CLONE_RANGE - CVE-2010-2538 * xfs: validate untrusted inode numbers during lookup - CVE-2010-2943 * xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED - CVE-2010-2943 * xfs: remove block number from inode lookup code - CVE-2010-2943 * xfs: fix untrusted inode number lookup - CVE-2010-2943 * drm/i915: Sanity check pread/pwrite - CVE-2010-2962 * drm/i915: Rephrase pwrite bounds checking to avoid any potential overflow - CVE-2010-2962 * tracing: Do not allow llseek to set_ftrace_filter - CVE-2010-3079 * drivers/net/cxgb3/cxgb3_main.c: prevent reading uninitialized stack memory - CVE-2010-3296 * drivers/net/eql.c: prevent reading uninitialized stack memory - CVE-2010-3297 * drivers/net/usb/hso.c: prevent reading uninitialized memory - CVE-2010-3298 * setup_arg_pages: diagnose excessive argument size - CVE-2010-3858 * net: clear heap allocation for ETHTOOL_GRXCLSRLALL - CVE-2010-3861 * ipc: shm: fix information leak to userland - CVE-2010-4072 * econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849 - CVE-2010-3849 * econet: fix CVE-2010-3850 - CVE-2010-3850 * econet: fix CVE-2010-3848 - CVE-2010-3848 [ Ubuntu: 2.6.31-22.69 ] * SAUCE: AF_ECONET prevent kernel stack overflow - CVE-2010-3848 * SAUCE: AF_ECONET SIOCSIFADDR ioctl does not check privileges - CVE-2010-3850 * SAUCE: AF_ECONET saddr->cookie prevent NULL pointer dereference - CVE-2010-3849 [ Ubuntu: 2.6.31-22.68 ] * SAUCE: docs -- fix doc strings for fc_event_seq * SAUCE: (no-up) Modularize vesafb -- fix initialization - LP: #611471 * SAUCE: sched: update load count only once per cpu in 10 tick update window - LP: #513848 * SAUCE: agp/intel: Add second set of PCI-IDs for B43 - LP: #640214 * SAUCE: drm/i915: Add second set of PCI-IDs for B43 - LP: #640214 * SAUCE: Fix compile error on ia64, powerpc, and sparc * (pre-stable) x86-32, resume: do a global tlb flush in S4 resume - LP: #531309 * PCI: Ensure we re-enable devices on resume - LP: #566149 [ Ubuntu: 2.6.31-22.67 ] * Local privilege escalation vulnerability in RDS sockets - CVE-2010-3904 * v4l: disable dangerous buggy compat function - CVE-2010-2963 * mm: Do not assume ENOMEM when looking at a split stack vma - LP: #646114 * mm: Use helper to find real vma with stack guard page - LP: #646114 * Fix race in tty_fasync() properly - CVE-2009-4895 * ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files - CVE-2010-2066 * xfs: prevent swapext from operating on write-only files - CVE-2010-2226 * cifs: Fix a kernel BUG with remote OS/2 server (try #3) - CVE-2010-2248 * ethtool: Fix potential user buffer overflow for ETHTOOL_{G, S}RXFH - CVE-2010-2478 * l2tp: Fix oops in pppol2tp_xmit - CVE-2010-2495 * nfsd4: bug in read_buf - CVE-2010-2521 * CIFS: Fix a malicious redirect problem in the DNS lookup code - CVE-2010-2524 * GFS2: rename causes kernel Oops - CVE-2010-2798 * net sched: fix some kernel memory leaks - CVE-2010-2942 * jfs: don't allow os2 xattr namespace overlap with others - CVE-2010-2946 * irda: Correctly clean up self->ias_obj on irda_bind() failure. - CVE-2010-2954 * wireless extensions: fix kernel heap content leak - CVE-2010-2955 * ext4: consolidate in_range() definitions - CVE-2010-3015 * aio: check for multiplication overflow in do_io_submit - CVE-2010-3067 * xfs: prevent reading uninitialized stack memory - CVE-2010-3078 * ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open() - CVE-2010-3080 * niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL - CVE-2010-3084 * rose: Fix signedness issues wrt. digi count. - CVE-2010-3310 * sctp: Do not reset the packet during sctp_packet_config(). - CVE-2010-3432 * Fix pktcdvd ioctl dev_minor range check - CVE-2010-3437 * ALSA: prevent heap corruption in snd_ctl_new() - CVE-2010-3442 * net sched: fix kernel leak in act_police - CVE-2010-3477 * Fix out-of-bounds reading in sctp_asoc_get_hmac() - CVE-2010-3705 * ocfs2: Don't walk off the end of fast symlinks. - CVE-2010-NNN2 -- Tim Gardner