CVE-2011-0695
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Medium
|
Brad Figg | |||
Hardy |
Medium
|
Brad Figg | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Unassigned | |||
Maverick |
Medium
|
Brad Figg | |||
Natty |
Undecided
|
Unassigned | |||
Oneiric |
Undecided
|
Unassigned | |||
linux-fsl-imx51 (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Paolo Pisati | |||
Maverick |
Undecided
|
Unassigned | |||
Natty |
Undecided
|
Unassigned | |||
Oneiric |
Undecided
|
Unassigned | |||
linux-lts-backport-maverick (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Unassigned | |||
Maverick |
Undecided
|
Unassigned | |||
Natty |
Undecided
|
Unassigned | |||
Oneiric |
Undecided
|
Unassigned | |||
linux-mvl-dove (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Unassigned | |||
Maverick |
Undecided
|
Unassigned | |||
Natty |
Undecided
|
Unassigned | |||
Oneiric |
Undecided
|
Unassigned | |||
linux-ti-omap4 (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Unassigned | |||
Maverick |
Undecided
|
Paolo Pisati | |||
Natty |
Undecided
|
Unassigned | |||
Oneiric |
Undecided
|
Unassigned |
Bug Description
Race condition in the cm_work_handler function in the InfiniBand driver (drivers/
CVE References
- 2010-3296
- 2010-3297
- 2010-3858
- 2010-3859
- 2010-3865
- 2010-3875
- 2010-3876
- 2010-3877
- 2010-3880
- 2010-4073
- 2010-4076
- 2010-4077
- 2010-4080
- 2010-4081
- 2010-4082
- 2010-4083
- 2010-4157
- 2010-4162
- 2010-4163
- 2010-4164
- 2010-4169
- 2010-4175
- 2010-4242
- 2010-4243
- 2010-4248
- 2010-4256
- 2010-4258
- 2010-4342
- 2010-4346
- 2010-4527
- 2010-4529
- 2010-4565
- 2010-4649
- 2010-4655
- 2010-4656
- 2011-0463
- 2011-0521
- 2011-0695
- 2011-0711
- 2011-0712
- 2011-0726
- 2011-1010
- 2011-1012
- 2011-1013
- 2011-1016
- 2011-1017
- 2011-1019
- 2011-1020
- 2011-1078
- 2011-1079
- 2011-1080
- 2011-1082
- 2011-1090
- 2011-1093
- 2011-1160
- 2011-1163
- 2011-1169
- 2011-1170
- 2011-1171
- 2011-1172
- 2011-1173
- 2011-1180
- 2011-1478
- 2011-1493
- 2011-1494
- 2011-1577
- 2011-1593
- 2011-1598
- 2011-1748
- 2011-1770
- 2011-1833
- 2011-2484
- 2011-2492
- 2011-2534
- 2011-2699
- 2011-2918
security vulnerability: | no → yes |
Changed in linux (Ubuntu Natty): | |
status: | New → Fix Released |
Changed in linux (Ubuntu Lucid): | |
status: | New → Fix Released |
Changed in linux (Ubuntu Maverick): | |
status: | New → In Progress |
Changed in linux (Ubuntu Karmic): | |
status: | New → Won't Fix |
Changed in linux (Ubuntu Hardy): | |
status: | New → In Progress |
Changed in linux (Ubuntu Dapper): | |
status: | New → In Progress |
Changed in linux-fsl-imx51 (Ubuntu Karmic): | |
status: | New → Won't Fix |
Changed in linux-lts-backport-maverick (Ubuntu Karmic): | |
status: | New → Won't Fix |
Changed in linux-mvl-dove (Ubuntu Karmic): | |
status: | New → Won't Fix |
Changed in linux-ti-omap4 (Ubuntu Karmic): | |
status: | New → Won't Fix |
Changed in linux (Ubuntu Maverick): | |
assignee: | nobody → Brad Figg (brad-figg) |
Changed in linux (Ubuntu Hardy): | |
assignee: | nobody → Brad Figg (brad-figg) |
Changed in linux (Ubuntu Dapper): | |
assignee: | nobody → Brad Figg (brad-figg) |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Hardy): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Maverick): | |
importance: | Undecided → Medium |
description: | updated |
Brad Figg (brad-figg) wrote : | #1 |
Brad Figg (brad-figg) wrote : | #2 |
Brad Figg (brad-figg) wrote : | #3 |
Brad Figg (brad-figg) wrote : | #4 |
Brad Figg (brad-figg) wrote : | #5 |
tags: | added: cve-tracking-bug |
tags: |
added: kernel-cve-tracking-bug removed: cve-tracking-bug |
Changed in linux (Ubuntu Hardy): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Dapper): | |
status: | In Progress → Fix Committed |
Changed in linux-mvl-dove (Ubuntu): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu Dapper): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu Karmic): | |
status: | Won't Fix → Invalid |
Changed in linux-mvl-dove (Ubuntu Natty): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Dapper): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Karmic): | |
status: | Won't Fix → Invalid |
Changed in linux-ti-omap4 (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu Lucid): | |
status: | New → In Progress |
Changed in linux-ti-omap4 (Ubuntu): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Maverick): | |
assignee: | nobody → Paolo Pisati (p-pisati) |
status: | New → In Progress |
Changed in linux-fsl-imx51 (Ubuntu): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Dapper): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Maverick): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Natty): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Lucid): | |
assignee: | nobody → Paolo Pisati (p-pisati) |
status: | New → In Progress |
Launchpad Janitor (janitor) wrote : | #6 |
Changed in linux (Ubuntu Hardy): | |
status: | Fix Committed → Fix Released |
Launchpad Janitor (janitor) wrote : | #7 |
This bug was fixed in the package linux-fsl-imx51 - 2.6.31-609.26
---------------
linux-fsl-imx51 (2.6.31-609.26) lucid; urgency=low
[ Paolo Pisati ]
* Tracking bug
- LP: #795219
* [Config] Disable parport_pc on fsl-imx51
- LP: #601226
[ Upstream Kernel Changes ]
* ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory
- LP: #712723, #712737
* can-bcm: fix minor heap overflow
- LP: #710680
* drivers/
- LP: #712744
* gdth: integer overflow in ioctl
- LP: #711797
* inet_diag: Make sure we actually run the same bytecode we audited, CVE-2010-3880
- LP: #711865
- CVE-2010-3880
* net: fix rds_iovec page count overflow, CVE-2010-3865
- LP: #709153
- CVE-2010-3865
* net: packet: fix information leak to userland, CVE-2010-3876
- LP: #711045
- CVE-2010-3876
* net: tipc: fix information leak to userland, CVE-2010-3877
- LP: #711291
- CVE-2010-3877
* net: Truncate recvfrom and sendto length to INT_MAX.
- LP: #708839
* posix-cpu-timers: workaround to suppress the problems with mt exec
- LP: #712609
* sys_semctl: fix kernel stack leakage
- LP: #712749
* x25: Patch to fix bug 15678 - x25 accesses fields beyond end of packet.
- LP: #709372
* memory corruption in X.25 facilities parsing
- LP: #709372
* net: ax25: fix information leak to userland, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* net: ax25: fix information leak to userland harder, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* fs/partitions/
- LP: #771382
- CVE-2011-1017
* net: clear heap allocations for privileged ethtool actions
- LP: #771445
* Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code
- LP: #772543
* Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
- LP: #772543
* exec: make argv/envp memory visible to oom-killer
- LP: #768408
* next_pidmap: fix overflow condition
- LP: #784727
* proc: do proper range check on readdir offset
- LP: #784727
* mpt2sas: prevent heap overflows and unchecked reads
- LP: #787145
* agp: fix arbitrary kernel memory writes
- LP: #788684
* can: add missing socket check in can/raw release
- LP: #788694
* agp: fix OOM and buffer overflow
- LP: #788700
* do_exit(): make sure that we run with get_fs() == USER_DS - CVE-2010-4258
- LP: #723945
- CVE-2010-4258
* x25: Prevent crashing when parsing bad X.25 facilities - CVE-2010-4164
- LP: #731199
- CVE-2010-4164
* install_
- LP: #731971
- CVE-2010-4346
* econet: Fix crash in aun_incoming() - CVE-2010-4342
- LP: #736394
- CVE-2010-4342
* sound: Prevent buffer overflow in OSS load_mixer_volumes - CVE-2010-4527
- LP: #737073
- CVE-2010-4527
* irda: prevent integer underflow in IRLMP_ENUMDEVICES, CVE-2010-4529
- LP: #737823
- CVE-2010-4529
* CAN: Use inode instead of kernel address for /proc file - CVE-2010-4565
- LP: #765007...
Changed in linux-fsl-imx51 (Ubuntu Lucid): | |
status: | In Progress → Fix Released |
Changed in linux-lts-backport-maverick (Ubuntu Maverick): | |
status: | New → Invalid |
Changed in linux-lts-backport-maverick (Ubuntu Natty): | |
status: | New → Invalid |
Changed in linux-lts-backport-maverick (Ubuntu Oneiric): | |
status: | New → Invalid |
Changed in linux-lts-backport-maverick (Ubuntu Dapper): | |
status: | New → Invalid |
Changed in linux-lts-backport-maverick (Ubuntu Hardy): | |
status: | New → Invalid |
Launchpad Janitor (janitor) wrote : | #8 |
This bug was fixed in the package linux-ti-omap4 - 2.6.35-903.24
---------------
linux-ti-omap4 (2.6.35-903.24) maverick-proposed; urgency=low
* Release tracking bug
- LP: #838037
[ Upstream Kernel Changes ]
* ipv6: make fragment identifications less predictable, CVE-2011-2699
- LP: #827685
- CVE-2011-2699
* perf: Fix software event overflow, CVE-2011-2918
- LP: #834121
- CVE-2011-2918
* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
linux-ti-omap4 (2.6.35-903.23) maverick-proposed; urgency=low
* Release tracking bug
- LP: #829655
[ Upstream Kernel Changes ]
* drm/radeon/kms: check AA resolve registers on r300, CVE-2011-1016
- LP: #745686
- CVE-2011-1016
* drm/radeon: fix regression with AA resolve checking, CVE-2011-1016
- LP: #745686
- CVE-2011-1016
* can-bcm: fix minor heap overflow
- LP: #690730
* CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565
- LP: #765007
- CVE-2010-4565
* av7110: check for negative array offset
- LP: #747520
* xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1,
CVE-2011-0711
- LP: #767740
- CVE-2011-0711
* ALSA: caiaq - Fix possible string-buffer overflow
- LP: #747520
* IB/cm: Bump reference count on cm_id before invoking callback,
CVE-2011-0695
- LP: #770369
- CVE-2011-0695
* RDMA/cma: Fix crash in request handlers, CVE-2011-0695
- LP: #770369
- CVE-2011-0695
* Treat writes as new when holes span across page boundaries,
CVE-2011-0463
- LP: #770483
- CVE-2011-0463
* net: clear heap allocations for privileged ethtool actions
- LP: #686158
* usb: iowarrior: don't trust report_size for buffer size
- LP: #747520
* fs/partitions/
CVE-2011-1017
- LP: #771382
- CVE-2011-1017
* Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal
code
- LP: #747520
* Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
- LP: #747520
* exec: make argv/envp memory visible to oom-killer
- LP: #690730
* next_pidmap: fix overflow condition
- LP: #772560
* proc: do proper range check on readdir offset
- LP: #772560
* ALSA: sound/pci/asihpi: check adapter index in hpi_ioctl, CVE-2011-1169
- LP: #785331
- CVE-2011-1169
* mpt2sas: prevent heap overflows and unchecked reads, CVE-2011-1494
- LP: #787145
- CVE-2011-1494
* agp: fix arbitrary kernel memory writes, CVE-1011-2022
- LP: #788684
- CVE-1011-2022
* can: add missing socket check in can/raw release, CVE-2011-1748
- LP: #788694
- CVE-2011-1748
* agp: fix OOM and buffer overflow
- LP: #788700
* drivers/
memory - CVE-2010-3296
- CVE-2010-3296
* drivers/net/eql.c: prevent reading uninitialized stack memory -
CVE-2010-3297
- CVE-2010-3297
* inet_diag: Make sure we actually run the same bytecode we audited,
CVE-2010-3880
- LP: #711865
- CVE-2010-3880
* setup_arg_pages: diagnose excessive argume...
Changed in linux-ti-omap4 (Ubuntu Maverick): | |
status: | In Progress → Fix Released |
Changed in linux (Ubuntu Dapper): | |
status: | Fix Committed → Won't Fix |
Changed in linux-mvl-dove (Ubuntu Maverick): | |
status: | New → Won't Fix |
Changed in linux-ti-omap4 (Ubuntu Natty): | |
status: | New → Won't Fix |
Changed in linux-lts-backport-maverick (Ubuntu Lucid): | |
status: | New → Won't Fix |
Jamie Strandboge (jdstrand) wrote : | #9 |
Thank you for reporting this bug to Ubuntu. maverick has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against maverick is being marked "Won't Fix".
Please see https:/
supported Ubuntu releases.
Please feel free to report any other bugs you may find.
Changed in linux (Ubuntu Maverick): | |
status: | In Progress → Won't Fix |
Rolf Leggewie (r0lf) wrote : | #10 |
lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".
Changed in linux-mvl-dove (Ubuntu Lucid): | |
status: | In Progress → Won't Fix |
This bug was fixed in the package linux - 2.6.24-29.90
---------------
linux (2.6.24-29.90) hardy-proposed; urgency=low
[ Herton R. Krzesinski ]
* Release Tracking Bug
- LP: #788843
[Upstream Kernel Changes]
* IB/cm: Bump reference count on cm_id before invoking callback, ldm.c: fix oops caused by corrupted partition table,
CVE-2011-0695
- LP: #770369
- CVE-2011-0695
* RDMA/cma: Fix crash in request handlers, CVE-2011-0695
- LP: #770369
- CVE-2011-0695
* ALSA: caiaq - Fix possible string-buffer overflow, CVE-2011-0712
- LP: #768448
- CVE-2011-0712
* Treat writes as new when holes span across page boundaries,
CVE-2011-0463
- LP: #770483
- CVE-2011-0463
* net: clear heap allocations for privileged ethtool actions,
CVE-2010-4655
- LP: #771445
- CVE-2010-4655
* usb: iowarrior: don't trust report_size for buffer size, CVE-2010-4656
- LP: #711484
- CVE-2010-4656
* fs/partitions/
CVE-2011-1017
- LP: #771382
- CVE-2011-1017
* ldm: corrupted partition table can cause kernel oops, CVE-2011-1017
- LP: #771382
- CVE-2011-1017
* next_pidmap: fix overflow condition, CVE-2011-1593
- LP: #784727
- CVE-2011-1593
* proc: do proper range check on readdir offset, CVE-2011-1593
- LP: #784727
- CVE-2011-1593
-- Herton Ronaldo Krzesinski <email address hidden> Thu, 26 May 2011 18:15:42 -0300