This bug was fixed in the package linux-fsl-imx51 - 2.6.31-609.26 --------------- linux-fsl-imx51 (2.6.31-609.26) lucid; urgency=low [ Paolo Pisati ] * Tracking bug - LP: #795219 * [Config] Disable parport_pc on fsl-imx51 - LP: #601226 [ Upstream Kernel Changes ] * ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory - LP: #712723, #712737 * can-bcm: fix minor heap overflow - LP: #710680 * drivers/video/via/ioctl.c: prevent reading uninitialized stack memory - LP: #712744 * gdth: integer overflow in ioctl - LP: #711797 * inet_diag: Make sure we actually run the same bytecode we audited, CVE-2010-3880 - LP: #711865 - CVE-2010-3880 * net: fix rds_iovec page count overflow, CVE-2010-3865 - LP: #709153 - CVE-2010-3865 * net: packet: fix information leak to userland, CVE-2010-3876 - LP: #711045 - CVE-2010-3876 * net: tipc: fix information leak to userland, CVE-2010-3877 - LP: #711291 - CVE-2010-3877 * net: Truncate recvfrom and sendto length to INT_MAX. - LP: #708839 * posix-cpu-timers: workaround to suppress the problems with mt exec - LP: #712609 * sys_semctl: fix kernel stack leakage - LP: #712749 * x25: Patch to fix bug 15678 - x25 accesses fields beyond end of packet. - LP: #709372 * memory corruption in X.25 facilities parsing - LP: #709372 * net: ax25: fix information leak to userland, CVE-2010-3875 - LP: #710714 - CVE-2010-3875 * net: ax25: fix information leak to userland harder, CVE-2010-3875 - LP: #710714 - CVE-2010-3875 * fs/partitions/ldm.c: fix oops caused by corrupted partition table, CVE-2011-1017 - LP: #771382 - CVE-2011-1017 * net: clear heap allocations for privileged ethtool actions - LP: #771445 * Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code - LP: #772543 * Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo - LP: #772543 * exec: make argv/envp memory visible to oom-killer - LP: #768408 * next_pidmap: fix overflow condition - LP: #784727 * proc: do proper range check on readdir offset - LP: #784727 * mpt2sas: prevent heap overflows and unchecked reads - LP: #787145 * agp: fix arbitrary kernel memory writes - LP: #788684 * can: add missing socket check in can/raw release - LP: #788694 * agp: fix OOM and buffer overflow - LP: #788700 * do_exit(): make sure that we run with get_fs() == USER_DS - CVE-2010-4258 - LP: #723945 - CVE-2010-4258 * x25: Prevent crashing when parsing bad X.25 facilities - CVE-2010-4164 - LP: #731199 - CVE-2010-4164 * install_special_mapping skips security_file_mmap check - CVE-2010-4346 - LP: #731971 - CVE-2010-4346 * econet: Fix crash in aun_incoming() - CVE-2010-4342 - LP: #736394 - CVE-2010-4342 * sound: Prevent buffer overflow in OSS load_mixer_volumes - CVE-2010-4527 - LP: #737073 - CVE-2010-4527 * irda: prevent integer underflow in IRLMP_ENUMDEVICES, CVE-2010-4529 - LP: #737823 - CVE-2010-4529 * CAN: Use inode instead of kernel address for /proc file - CVE-2010-4565 - LP: #765007 - CVE-2010-4565 * av7110: check for negative array offset - CVE-2011-0521 - LP: #767526 - CVE-2011-0521 * xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 - CVE-2011-0711 - LP: #767740 - CVE-2011-0711 * xfs: zero proper structure size for geometry calls - CVE-2011-0711 - LP: #767740 - CVE-2011-0711 * ALSA: caiaq - Fix possible string-buffer overflow - CVE-2011-0712 - LP: #768448 - CVE-2011-0712 * RDMA/cma: Fix crash in request handlers - CVE-2011-0695 - LP: #770369 - CVE-2011-0695 * IB/cm: Bump reference count on cm_id before invoking callback - CVE-2011-0695 - LP: #770369 - CVE-2011-0695 * Treat writes as new when holes span across page boundaries - CVE-2011-0463 - LP: #770483 - CVE-2011-0463 * usb: iowarrior: don't trust report_size for buffer size - CVE-2010-4656 - LP: #771484 - CVE-2010-4656 * tty: icount changeover for other main devices, CVE-2010-4076, CVE-2010-4077 - LP: #720189 - CVE-2010-4077 -- Paolo Pisati