linux: 2.6.24-29.92 -proposed tracker

This kernel contains only CVE fixes and therefore has no bugs to be verified

Looks good, thanks!

This bug was fixed in the package linux - 2.6.24-29.92

---------------
linux (2.6.24-29.92) hardy-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #812360

  [Upstream Kernel Changes]

  * af_unix: limit unix_tot_inflight CVE-2010-4249
    - LP: #769182
    - CVE-2010-4249
  * xfs: zero proper structure size for geometry calls CVE-2011-0711
    - LP: #767740
    - CVE-2011-0711
  * netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171
    - LP: #801482
    - CVE-2011-1171
  * econet: 4 byte infoleak to the network CVE-2011-1173
    - LP: #801484
    - CVE-2011-1173
  * netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170
    - LP: #801480
  * ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172
    - LP: #801483
    - CVE-2011-1172
  * xen: don't allow blkback virtual CDROM device, CVE-2010-4238
    - LP: #803931
    - CVE-2010-4238
  * IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649
    - LP: #805512
  * ipc: initialize structure memory to zero for compat functions
    CVE-2010-4073
    - LP: #806366
    - CVE-2010-4073
  * tcp: Increase TCP_MAXSEG socket option minimum CVE-2010-4165
    - LP: #806374
    - CVE-2010-4165
  * taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * netfilter: ipt_CLUSTERIP: fix buffer overflow, CVE-2011-2534
    - LP: #801473
    - CVE-2011-2534
  * nfs4: Ensure that ACL pages sent over NFS were not allocated from the
    slab (v3), CVE-2011-1090
    - LP: #800775
    - CVE-2011-1090
  * fs/partitions: Validate map_count in Mac partition tables
    - LP: #804225
    - CVE-2011-1010
 -- Herton Ronaldo Krzesinski <email address hidden> Mon, 18 Jul 2011 12:36:01 -0300

Copied to -security/-updates

The package has been published and the bug is being set to Fix Released

Still need to run KVM on i386. Nevertheless, I got an unexpected failure on the QRT test 'test-kernel.py'. As such, I am failing QA. Bug 822967 has been opened for this error.

I do not see the issue on KVM i386.

For completeness, on all tests I also saw this error -- which I assumed to be a coding error on QRT:

/proc/$pid/ DAC bypass on setuid (CVE-2011-1020) ... (skipped: not fixed before Oneiric yet) FAIL

======================================================================
FAIL: /proc/$pid/ DAC bypass on setuid (CVE-2011-1020)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 1339, in test_101_proc_fd_leaks
    self.assertShellOutputContains(bad[name], ['sudo','-u',os.environ['SUDO_USER'],"sh","-c","echo '' | ./dac-bypass.py %s" % (name)], invert=expected)
  File "/home/ubuntu/qrt-test-kernel/testlib.py", line 903, in assertShellOutputContains
    self.assertTrue(text in out, msg + result + report)
AssertionError: Got exit code 10. Looking for text " 0x"
Command: 'sudo', '-u', 'ubuntu', 'sh', '-c', 'echo '' | ./dac-bypass.py syscall'
Output:
Traceback (most recent call last):
  File "./dac-bypass.py", line 37, in <module>
    files[name] = file('/proc/%d/%s' % (target, name))
IOError: [Errno 2] No such file or directory: '/proc/18730/syscall'
(current) UNIX password: passwd: Authentication failure
passwd: password unchanged
Changing password for ubuntu.

----------------------------------------------------------------------
Ran 49 tests in 28.108s

FAILED (failures=1)

Confirmed that the "/proc/$pid/ DAC bypass on setuid" test is broken on Hardy. I have corrected this.

There were false positives and have been fixed now.