This bug was fixed in the package linux-ec2 - 2.6.31-307.27
--------------- linux-ec2 (2.6.31-307.27) karmic-proposed; urgency=low
[ Stefan Bader ]
* Rebased to 2.6.31-22.73
[ Ubuntu: 2.6.31-22.73 ]
* Release Tracking Bug - LP: #716648 * net: Limit socket I/O iovec total length to INT_MAX., CVE-2010-3859 - LP: #708839, #711855 - CVE-2010-4160 * net: Truncate recvfrom and sendto length to INT_MAX., CVE-2010-3859 - LP: #708839, #711855 - CVE-2010-4160 * net: fix rds_iovec page count overflow, CVE-2010-3865 - LP: #709153 - CVE-2010-3865 * net: ax25: fix information leak to userland, CVE-2010-3875 - LP: #710714 - CVE-2010-3875 * net: ax25: fix information leak to userland harder, CVE-2010-3875 - LP: #710714 - CVE-2010-3875 * can-bcm: fix minor heap overflow - LP: #710680 - CVE-2010-3874 * memory corruption in X.25 facilities parsing, CVE-2010-3873 - LP: #709372 - CVE-2010-3873 * net: packet: fix information leak to userland, CVE-2010-3876 - LP: #710714 - CVE-2010-3876 * net: tipc: fix information leak to userland, CVE-2010-3877 - LP: #711291 - CVE-2010-3877 * KVM: VMX: fix vmx null pointer dereference on debug register access, CVE-2010-0435 - LP: #712615 - CVE-2010-0435 * gdth: integer overflow in ioctl, CVE-2010-4157 - LP: #711797 - CVE-2010-4157 * posix-cpu-timers: workaround to suppress the problems with mt exec, CVE-2010-4248 - LP: #712609 - CVE-2010-4248 * ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory, CVE-2010-4080, CVE-2010-4081 - LP: #712723, #712737 - CVE-2010-4081 * drivers/video/via/ioctl.c: prevent reading uninitialized stack memory, CVE-2010-4082 - LP: #712744 - CVE-2010-4082 * sys_semctl: fix kernel stack leakage, CVE-2010-4083 - LP: #712749 - CVE-2010-4083 * inet_diag: Make sure we actually run the same bytecode we audited, CVE-2010-3880 - LP: #711865 - CVE-2010-3880 -- Stefan Bader <email address hidden> Fri, 11 Feb 2011 09:22:20 +0100
This bug was fixed in the package linux-ec2 - 2.6.31-307.27
---------------
linux-ec2 (2.6.31-307.27) karmic-proposed; urgency=low
[ Stefan Bader ]
* Rebased to 2.6.31-22.73
[ Ubuntu: 2.6.31-22.73 ]
* Release Tracking Bug video/via/ ioctl.c: prevent reading uninitialized stack memory,
- LP: #716648
* net: Limit socket I/O iovec total length to INT_MAX., CVE-2010-3859
- LP: #708839, #711855
- CVE-2010-4160
* net: Truncate recvfrom and sendto length to INT_MAX., CVE-2010-3859
- LP: #708839, #711855
- CVE-2010-4160
* net: fix rds_iovec page count overflow, CVE-2010-3865
- LP: #709153
- CVE-2010-3865
* net: ax25: fix information leak to userland, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* net: ax25: fix information leak to userland harder, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* can-bcm: fix minor heap overflow
- LP: #710680
- CVE-2010-3874
* memory corruption in X.25 facilities parsing, CVE-2010-3873
- LP: #709372
- CVE-2010-3873
* net: packet: fix information leak to userland, CVE-2010-3876
- LP: #710714
- CVE-2010-3876
* net: tipc: fix information leak to userland, CVE-2010-3877
- LP: #711291
- CVE-2010-3877
* KVM: VMX: fix vmx null pointer dereference on debug register access,
CVE-2010-0435
- LP: #712615
- CVE-2010-0435
* gdth: integer overflow in ioctl, CVE-2010-4157
- LP: #711797
- CVE-2010-4157
* posix-cpu-timers: workaround to suppress the problems with mt exec,
CVE-2010-4248
- LP: #712609
- CVE-2010-4248
* ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory,
CVE-2010-4080, CVE-2010-4081
- LP: #712723, #712737
- CVE-2010-4081
* drivers/
CVE-2010-4082
- LP: #712744
- CVE-2010-4082
* sys_semctl: fix kernel stack leakage, CVE-2010-4083
- LP: #712749
- CVE-2010-4083
* inet_diag: Make sure we actually run the same bytecode we audited,
CVE-2010-3880
- LP: #711865
- CVE-2010-3880
-- Stefan Bader <email address hidden> Fri, 11 Feb 2011 09:22:20 +0100