Ubuntu

CVE-2011-1020

Reported by Andy Whitcroft on 2011-07-19
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Low
Unassigned
Hardy
Low
Andy Whitcroft
Lucid
Low
Andy Whitcroft
Maverick
Low
Andy Whitcroft
Natty
Low
Andy Whitcroft
Oneiric
Low
Unassigned
Precise
Low
Unassigned
linux-ec2 (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Maverick
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
linux-fsl-imx51 (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Maverick
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
linux-lts-backport-maverick (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Maverick
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
linux-lts-backport-natty (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Maverick
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Maverick
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
linux-mvl-dove (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Maverick
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
linux-ti-omap4 (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Maverick
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned

Bug Description

The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.

Break-Fix: 85863e475e59afb027b0113290e3796ee6020b7d ca6b0bf0e086513b9ee5efc0aa5770ecb57778af
Break-Fix: - ec6fd8a4355cda81cd9f06bebc048e83eb514ac7
Break-Fix: - d6f64b89d7ff22ce05896ab4a93a653e8d0b123d
Break-Fix: - 2fadaef41283aad7100fa73f01998cddaca25833
Break-Fix: ebcb67341fee34061430f3367f2e507e52ee051b a9712bc12c40c172e393f85a9b2ba8db4bf59509

Andy Whitcroft (apw) wrote :

CVE-2011-1020

tags: added: kernel-cve-tracking-bug
security vulnerability: no → yes
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Maverick):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux (Ubuntu Oneiric):
status: New → Invalid
Andy Whitcroft (apw) on 2011-07-21
Changed in linux (Ubuntu Natty):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Changed in linux (Ubuntu Maverick):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Changed in linux (Ubuntu Lucid):
status: New → In Progress
Changed in linux (Ubuntu Hardy):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Changed in linux (Ubuntu Lucid):
assignee: nobody → Andy Whitcroft (apw)
Andy Whitcroft (apw) on 2011-07-21
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → In Progress
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → In Progress
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → In Progress
Changed in linux-mvl-dove (Ubuntu Maverick):
status: New → In Progress
Tim Gardner (timg-tpi) on 2011-07-21
Changed in linux (Ubuntu Hardy):
status: In Progress → Fix Committed
Tim Gardner (timg-tpi) on 2011-07-21
Changed in linux (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Maverick):
status: New → Fix Committed
Tim Gardner (timg-tpi) on 2011-07-21
Changed in linux (Ubuntu Natty):
status: In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Natty):
status: New → Fix Committed
Kees Cook (kees) on 2011-08-02
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Fix Committed
description: updated
Kees Cook (kees) on 2011-08-02
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in linux-mvl-dove (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in linux-mvl-dove (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: In Progress → Fix Committed
description: updated
Kees Cook (kees) on 2011-08-02
description: updated
Kees Cook (kees) on 2011-08-10
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Maverick):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status: New → Invalid
description: updated
Tim Gardner (timg-tpi) wrote :

Lucid "close race in /proc/*/environ, CVE-2011-1020" causes a lockup regression in chromium-browser. I used a simple google.com search experssion "apparmor dfa" which would reliably lockup the chromium browser. Using strace I was able to determine that it always wedged in a read() call directly after an mmap(). Bisecting lead to commit 7713155dea1f1d29257a044d1e0fe7598e7681dc in git://kernel.ubuntu.com/ubuntu/ubuntu-lucid.git. See attached bisect log. Reverting this single commit appears to have alleviated the lockup.

Kees Cook (kees) on 2011-08-16
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance: Undecided → Low
Changed in linux (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance: Undecided → Low
Tim Gardner (timg-tpi) wrote :

Lucid: Added "proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020" to address the attached crash.

Tim Gardner (timg-tpi) wrote :

Maverick: Added "proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020" to address the attached crash. See https://bugs.launchpad.net/ubuntu/+source/linux/+bug/827198/comments/14

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.24-29.93

---------------
linux (2.6.24-29.93) hardy-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #823912

  [Upstream Kernel Changes]

  * close races in /proc/*/{environ,auxv}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * dccp: fix oops on Reset after close, CVE-2011-1093
    - LP: #814087
    - CVE-2011-1093
  * Bluetooth: sco: fix information leak to userspace, CVE-2011-1078
    - LP: #816542
    - CVE-2011-1078
  * Bluetooth: bnep: fix buffer overflow, CVE-2011-1079
    - LP: #816544
    - CVE-2011-1079
  * bridge: netfilter: fix information leak, CVE-2011-1080
    - LP: #816545
    - CVE-2011-1080
  * char/tpm: Fix unitialized usage of data buffer, CVE-2011-1160
    - LP: #816546
    - CVE-2011-1160
  * irda: validate peer name and attribute lengths, CVE-2011-1180
    - LP: #816547
    - CVE-2011-1180
  * rose_loopback_timer sets VC number <= ROSE_DEFAULT_MAXVC, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * ROSE: prevent heap corruption with bad facilities, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
 -- Herton Ronaldo Krzesinski <email address hidden> Wed, 10 Aug 2011 10:07:45 -0300

Changed in linux (Ubuntu Hardy):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (6.2 KiB)

This bug was fixed in the package linux-fsl-imx51 - 2.6.31-610.28

---------------
linux-fsl-imx51 (2.6.31-610.28) lucid-proposed; urgency=low

  * Release tracking bug
    - LP: #837802

  [ Upstream Kernel Changes ]

  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918
  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux-fsl-imx51 (2.6.31-610.27) lucid-proposed; urgency=low

  * Release tracking bug
    - LP: #829160

  [ Upstream Kernel Changes ]

  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * Fix corrupted OSF partition table parsing
    - LP: #796606
    - CVE-2011-1163
  * can: Add missing socket check in can/bcm release.
    - LP: #796502
    - CVE-2011-1598
  * proc: protect mm start_code/end_code in /proc/pid/stat
    - LP: #799906
    - CVE-2011-0726
  * sctp: Fix a race between ICMP protocol unreachable and connect()
  * tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
    - LP: #794034
    - CVE-2010-4077
  * filter: make sure filters dont read uninitialized memory CVE-2010-4158
    - LP: #721282
    - CVE-2010-4158
  * bio: take care not overflow page count when mapping/copying user data
    CVE-2010-4162
    - LP: #721441
    - CVE-2010-4162
  * block: check for proper length of iov entries in blk_rq_map_user_iov()
    - LP: #721504
    - CVE-2010-4163
  * block: check for proper length of iov entries earlier in
    blk_rq_map_user_iov(), CVE-2010-4163
    - LP: #721504
    - CVE-2010-4163
  * rds: Integer overflow in RDS cmsg handling, CVE-2010-4175
    - LP: #721455
    - CVE-2010-4175
  * bluetooth: Fix missing NULL check CVE-2010-4242
    - LP: #714846
    - CVE-2010-4242
  * IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649
    - LP: #800121
    - CVE-2010-4649
  * epoll: prevent creating circular epoll structures CVE-2011-1082
    - LP: #800758
    - CVE-2011-1082
  * nfs4: Ensure that ACL pages sent over NFS were not allocated from the
    slab (v3) CVE-2011-1090
    - LP: #800775
  * ldm: corrupted partition table can cause kernel oops CVE-2011-1012
    - LP: #801083
    - CVE-2011-1012
  * netfilter: ipt_CLUSTERIP: fix buffer overflow CVE-2011-2534
    - LP: #801473
    - CVE-2011-2534
  * netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170
    - LP: #801480
    - CVE-2011-1170
  * netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171
    - LP: #801482
    - CVE-2011-1171
  * ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172
    - LP: #801483
    - CVE-2011-1172
  * econet: 4 byte infoleak to the network CVE-2011-1173
    - LP: #801484
    - CVE-2011-1173
  * net: Limit socket I/O iovec total length to INT_MAX.
    - LP: #708839
  * fs/partitions: Validate map_count in Mac partition tables -
    CVE-2011-1010
    - LP: #804225
    - CVE-2011-1010
  * drm: fix unsigned vs signed comparison issue in modeset ctl ioctl,
    CVE-2011-1013
    - LP: #804229
    - CVE-2011-1013
...

Read more...

Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (17.0 KiB)

This bug was fixed in the package linux-mvl-dove - 2.6.32-218.36

---------------
linux-mvl-dove (2.6.32-218.36) lucid-proposed; urgency=low

  * Release tracking bug
    - LP: #837803

  [ Paolo Pisati ]

  * Rebased to 2.6.32-34.76

  [ Ubuntu: 2.6.32-34.76 ]

  * Release Tracking Bug
    - LP: #836914
  * Revert "drm/nv50-nvc0: work around an evo channel hang that some people
    see"
  * Revert "eCryptfs: Handle failed metadata read in lookup"
  * Revert "tunnels: fix netns vs proto registration ordering"

  [ Ubuntu: 2.6.32-34.75 ]

  * Release Tracking Bug
    - LP: #832332
  * drm/i915: Remove BUG_ON from i915_gem_evict_something
    - LP: #828550

linux-mvl-dove (2.6.32-218.35) lucid-proposed; urgency=low

  [ Paolo Pisati ]

  * Release Tracking Bug
    - LP: #829161
  * Rebased to 2.6.32-34.74

  [ Ubuntu: 2.6.32-34.74 ]

  * Release Tracking Bug
    - LP: #828375
  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

  [ Ubuntu: 2.6.32-34.73 ]

  * Release Tracking Bug
    - LP: #824148
  * SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
    - LP: #805494
  * [Config] Add enic/fnic to udebs
    - LP: #801610
  * tty: icount changeover for other main devices, CVE-2010-4076,
    CVE-2010-4077
    - LP: #720189
    - CVE-2010-4077
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * ftrace: Only update the function code on write to filter files
    - LP: #802383
  * kmemleak: Do not return a pointer to an object that kmemleak did not
    get
    - LP: #802383
  * CPU hotplug, re-create sysfs directory and symlinks
    - LP: #802383
  * Fix memory leak in cpufreq_stat
    - LP: #802383
  * powerpc/kexec: Fix memory corruption from unallocated slaves
    - LP: #802383
  * powerpc/oprofile: Handle events that raise an exception without
    overflowing
    - LP: #802383
  * mtd: mtdconcat: fix NAND OOB write
    - LP: #802383
  * x86, 64-bit: Fix copy_[to/from]_user() checks for the userspace address
    limit
    - LP: #802383
  * ext3: Fix fs corruption when make_indexed_dir() fails
    - LP: #802383
  * jbd: Fix forever sleeping process in do_get_write_access()
    - LP: #802383
  * jbd: fix fsync() tid wraparound bug
    - LP: #802383
  * ext4: release page cache in ext4_mb_load_buddy error path
    - LP: #802383
  * Fix Ultrastor asm snippet
    - LP: #802383
  * x86, amd: Do not enable ARAT feature on AMD processors below family
    0x12
    - LP: #802383
  * x86, amd: Use _safe() msr access for GartTlbWlk disable code
    - LP: #802383
  * rcu: Fix unpaired rcu_irq_enter() from locking selftests
    - LP: #802383
  * staging: usbip: fix wrong endian conversion
    - LP: #802383
  * Fix for buffer overflow in ldm_frag_add not sufficient
    - LP: #802383
  * seqlock: Don't smp_rmb in seqlock reader spin loop
    - LP: #802383
  * ALSA: HDA: Use one dmic only for Dell Studio 1558
    - LP: #731706, #802383
  * ASoC: Ensure output PGA is enabled for line outputs in wm_hubs
    - LP: #802383
  * ASoC: Add some missing volume update bit sets for wm_hubs devices
    - LP: #802383
  * mm/page_alloc.c: prevent u...

Changed in linux-mvl-dove (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (9.1 KiB)

This bug was fixed in the package linux-ti-omap4 - 2.6.35-903.24

---------------
linux-ti-omap4 (2.6.35-903.24) maverick-proposed; urgency=low

  * Release tracking bug
    - LP: #838037

  [ Upstream Kernel Changes ]

  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918
  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux-ti-omap4 (2.6.35-903.23) maverick-proposed; urgency=low

  * Release tracking bug
    - LP: #829655

  [ Upstream Kernel Changes ]

  * drm/radeon/kms: check AA resolve registers on r300, CVE-2011-1016
    - LP: #745686
    - CVE-2011-1016
  * drm/radeon: fix regression with AA resolve checking, CVE-2011-1016
    - LP: #745686
    - CVE-2011-1016
  * can-bcm: fix minor heap overflow
    - LP: #690730
  * CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565
    - LP: #765007
    - CVE-2010-4565
  * av7110: check for negative array offset
    - LP: #747520
  * xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1,
    CVE-2011-0711
    - LP: #767740
    - CVE-2011-0711
  * ALSA: caiaq - Fix possible string-buffer overflow
    - LP: #747520
  * IB/cm: Bump reference count on cm_id before invoking callback,
    CVE-2011-0695
    - LP: #770369
    - CVE-2011-0695
  * RDMA/cma: Fix crash in request handlers, CVE-2011-0695
    - LP: #770369
    - CVE-2011-0695
  * Treat writes as new when holes span across page boundaries,
    CVE-2011-0463
    - LP: #770483
    - CVE-2011-0463
  * net: clear heap allocations for privileged ethtool actions
    - LP: #686158
  * usb: iowarrior: don't trust report_size for buffer size
    - LP: #747520
  * fs/partitions/ldm.c: fix oops caused by corrupted partition table,
    CVE-2011-1017
    - LP: #771382
    - CVE-2011-1017
  * Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal
    code
    - LP: #747520
  * Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
    - LP: #747520
  * exec: make argv/envp memory visible to oom-killer
    - LP: #690730
  * next_pidmap: fix overflow condition
    - LP: #772560
  * proc: do proper range check on readdir offset
    - LP: #772560
  * ALSA: sound/pci/asihpi: check adapter index in hpi_ioctl, CVE-2011-1169
    - LP: #785331
    - CVE-2011-1169
  * mpt2sas: prevent heap overflows and unchecked reads, CVE-2011-1494
    - LP: #787145
    - CVE-2011-1494
  * agp: fix arbitrary kernel memory writes, CVE-1011-2022
    - LP: #788684
    - CVE-1011-2022
  * can: add missing socket check in can/raw release, CVE-2011-1748
    - LP: #788694
    - CVE-2011-1748
  * agp: fix OOM and buffer overflow
    - LP: #788700
  * drivers/net/cxgb3/cxgb3_main.c: prevent reading uninitialized stack
    memory - CVE-2010-3296
    - CVE-2010-3296
  * drivers/net/eql.c: prevent reading uninitialized stack memory -
    CVE-2010-3297
    - CVE-2010-3297
  * inet_diag: Make sure we actually run the same bytecode we audited,
    CVE-2010-3880
    - LP: #711865
    - CVE-2010-3880
  * setup_arg_pages: diagnose excessive argume...

Read more...

Changed in linux-ti-omap4 (Ubuntu Maverick):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.35-30.59

---------------
linux (2.6.35-30.59) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #837449

  [ Upstream Kernel Changes ]

  * Revert "drm/nv50-nvc0: work around an evo channel hang that some people
    see"
  * Revert "eCryptfs: Handle failed metadata read in lookup"

linux (2.6.35-30.58) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #828376

  [ Upstream Kernel Changes ]

  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux (2.6.35-30.57) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #823306

  [ Tim Gardner ]

  * SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
    - LP: #805494
  * [Config] Add enic/fnic to udebs
    - LP: #801610

  [ Upstream Kernel Changes ]

  * taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * dccp: handle invalid feature options length, CVE-2011-1770
    - LP: #806375
    - CVE-2011-1770
  * eCryptfs: Handle failed metadata read in lookup
    - LP: #509180
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * drm/nv50-nvc0: work around an evo channel hang that some people see
    - LP: #583760
 -- Herton Ronaldo Krzesinski <email address hidden> Tue, 30 Aug 2011 12:11:13 -0300

Changed in linux (Ubuntu Maverick):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-backport-maverick - 2.6.35-30.59~lucid1

---------------
linux-lts-backport-maverick (2.6.35-30.59~lucid1) lucid-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #838043

  [ Upstream Kernel Changes ]

  * Revert "drm/nv50-nvc0: work around an evo channel hang that some people
    see"
  * Revert "eCryptfs: Handle failed metadata read in lookup"

linux (2.6.35-30.58) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #828376

  [ Upstream Kernel Changes ]

  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux (2.6.35-30.57) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #823306

  [ Tim Gardner ]

  * SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
    - LP: #805494
  * [Config] Add enic/fnic to udebs
    - LP: #801610

  [ Upstream Kernel Changes ]

  * taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * dccp: handle invalid feature options length, CVE-2011-1770
    - LP: #806375
    - CVE-2011-1770
  * eCryptfs: Handle failed metadata read in lookup
    - LP: #509180
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * drm/nv50-nvc0: work around an evo channel hang that some people see
    - LP: #583760

linux (2.6.35-30.56) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #808934

  [ Herton Ronaldo Krzesinski ]

  * Revert "SAUCE: mmc: Enable MMC card reader for RICOH [1180:e823]"

  [ Upstream Kernel Changes ]

  * Revert "x86: Flush TLB if PGD entry is changed in i386 PAE mode"
    - LP: #805209
 -- Herton Ronaldo Krzesinski <email address hidden> Thu, 01 Sep 2011 13:40:57 -0300

Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-mvl-dove (Ubuntu Maverick):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (38.0 KiB)

This bug was fixed in the package linux-ti-omap4 - 2.6.38-1209.15

---------------
linux-ti-omap4 (2.6.38-1209.15) natty-proposed; urgency=low

  * Release tracking bug
    - LP: #837761

  [ Paolo Pisati ]

  * [Config] Turn on CONFIG_USER_NS and DEVPTS_MULTIPLE_INSTANCES.
    - LP: #787749

  [ Tim Gardner ]

  * [Config] Add enic/fnic to nic-modules udeb, CVE-2011-1020
    - LP: #801610

  [ Upstream Kernel Changes ]

  * mpt2sas: prevent heap overflows and unchecked reads
    - LP: #780546
  * agp: fix arbitrary kernel memory writes
    - LP: #775809
  * can: add missing socket check in can/raw release
    - LP: #780546
  * agp: fix OOM and buffer overflow
    - LP: #775809
  * bonding: Incorrect TX queue offset, CVE-2011-1581
    - LP: #792312
    - CVE-2011-1581
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * can: Add missing socket check in can/bcm release.
    - LP: #796502
    - CVE-2011-1598
  * USB: ehci: remove structure packing from ehci_def
    - LP: #791552
  * taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * ext4: init timer earlier to avoid a kernel panic in __save_error_info,
    CVE-2011-2493
    - LP: #806929
    - CVE-2011-2493
  * dccp: handle invalid feature options length, CVE-2011-1770
    - LP: #806375
    - CVE-2011-1770
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * GFS2: make sure fallocate bytes is a multiple of blksize, CVE-2011-2689
    - LP: #819572
    - CVE-2011-2689
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * Add mount option to check uid of device being mounted = expect uid,
    CVE-2011-1833
    - LP: #732628
    - CVE-2011-1833
  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918
  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux-ti-omap4 (2.6.38-1209.13) natty; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #772381

  [ Brad Figg ]

  * Ubuntu-2.6.38-9.43

  [ Bryan Wu ]

  * merge Ubuntu-2.6.38-9.43
  * cherry-pick 6 patches from u2 of 'for-ubuntu' branch
  * [Config] Sync up configs for 2.6.38.4

  [ Herton Ronaldo Krzesinski ]

  * SAUCE: Revert "x86, hibernate: Initialize mmu_cr4_features during boot"
    - LP: #764758

  [ Leann Ogasawara ]

  * [Config] updateconfigs for 2.6.38.4

  [ Paolo Pisati ]

  * [Conf...

Changed in linux-ti-omap4 (Ubuntu Natty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.38-11.50

---------------
linux (2.6.38-11.50) natty-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #848246

  [ Upstream Kernel Changes ]

  * Revert "eCryptfs: Handle failed metadata read in lookup"
  * Revert "KVM: fix kvmclock regression due to missing clock update"
  * Revert "ath9k: use split rx buffers to get rid of order-1 skb
    allocations"

linux (2.6.38-11.49) natty-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #836903

  [ Adam Jackson ]

  * SAUCE: drm/i915/pch: Fix integer math bugs in panel fitting
    - LP: #753994

  [ Keng-Yu Lin ]

  * SAUCE: Input: ALPS - Enable Intellimouse mode for Lenovo Zhaoyang E47
    - LP: #632884, #803005

  [ Stefan Bader ]

  * [Config] Force perf to use libiberty for demangling
    - LP: #783660

  [ Tim Gardner ]

  * [Config] Add enic/fnic to udebs
    - LP: #801610

  [ Upstream Kernel Changes ]

  * eeepc-wmi: add keys found on EeePC 1215T
    - LP: #812644
  * eCryptfs: Handle failed metadata read in lookup
    - LP: #509180
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * vmscan: fix a livelock in kswapd
    - LP: #813797
  * mmc: Add PCI fixup quirks for Ricoh 1180:e823 reader
    - LP: #773524
  * mmc: Added quirks for Ricoh 1180:e823 lower base clock frequency
    - LP: #773524
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * pata_marvell: Add support for 88SE91A0, 88SE91A4
    - LP: #777325
  * GFS2: make sure fallocate bytes is a multiple of blksize, CVE-2011-2689
    - LP: #819572
    - CVE-2011-2689
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * drm/nv50-nvc0: work around an evo channel hang that some people see
    - LP: #583760
  * KVM: fix kvmclock regression due to missing clock update
    - LP: #795717
  * Add mount option to check uid of device being mounted = expect uid,
    CVE-2011-1833
    - LP: #732628
    - CVE-2011-1833
  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * ath9k: use split rx buffers to get rid of order-1 skb allocations
    - LP: #728835
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918
 -- Herton Ronaldo Krzesinski <email address hidden> Mon, 12 Sep 2011 17:23:38 -0300

Changed in linux (Ubuntu Natty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (16.4 KiB)

This bug was fixed in the package linux-ec2 - 2.6.32-318.38

---------------
linux-ec2 (2.6.32-318.38) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Rebased to 2.6.32-34.76
  * Release Tracking Bug
    - LP: #837804

  [ Ubuntu: 2.6.32-34.76 ]

  * Revert "drm/nv50-nvc0: work around an evo channel hang that some people
    see"
  * Revert "eCryptfs: Handle failed metadata read in lookup"
  * Revert "tunnels: fix netns vs proto registration ordering"

  [ Ubuntu: 2.6.32-34.75 ]

  * drm/i915: Remove BUG_ON from i915_gem_evict_something
    - LP: #828550

linux-ec2 (2.6.32-318.37) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Release Tracking Bug
    - LP: #829162
  * XEN: exec: delay address limit change until point of no return
    - LP: #802383
  * Rebased to 2.6.32-34.74

  [ Ubuntu: 2.6.32-34.74 ]

  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

  [ Ubuntu: 2.6.32-34.73 ]

  * SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
    - LP: #805494
  * [Config] Add enic/fnic to udebs
    - LP: #801610
  * tty: icount changeover for other main devices, CVE-2010-4076,
    CVE-2010-4077
    - LP: #720189
    - CVE-2010-4077
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * ftrace: Only update the function code on write to filter files
    - LP: #802383
  * kmemleak: Do not return a pointer to an object that kmemleak did not
    get
    - LP: #802383
  * CPU hotplug, re-create sysfs directory and symlinks
    - LP: #802383
  * Fix memory leak in cpufreq_stat
    - LP: #802383
  * powerpc/kexec: Fix memory corruption from unallocated slaves
    - LP: #802383
  * powerpc/oprofile: Handle events that raise an exception without
    overflowing
    - LP: #802383
  * mtd: mtdconcat: fix NAND OOB write
    - LP: #802383
  * x86, 64-bit: Fix copy_[to/from]_user() checks for the userspace address
    limit
    - LP: #802383
  * ext3: Fix fs corruption when make_indexed_dir() fails
    - LP: #802383
  * jbd: Fix forever sleeping process in do_get_write_access()
    - LP: #802383
  * jbd: fix fsync() tid wraparound bug
    - LP: #802383
  * ext4: release page cache in ext4_mb_load_buddy error path
    - LP: #802383
  * Fix Ultrastor asm snippet
    - LP: #802383
  * x86, amd: Do not enable ARAT feature on AMD processors below family
    0x12
    - LP: #802383
  * x86, amd: Use _safe() msr access for GartTlbWlk disable code
    - LP: #802383
  * rcu: Fix unpaired rcu_irq_enter() from locking selftests
    - LP: #802383
  * staging: usbip: fix wrong endian conversion
    - LP: #802383
  * Fix for buffer overflow in ldm_frag_add not sufficient
    - LP: #802383
  * seqlock: Don't smp_rmb in seqlock reader spin loop
    - LP: #802383
  * ALSA: HDA: Use one dmic only for Dell Studio 1558
    - LP: #731706, #802383
  * ASoC: Ensure output PGA is enabled for line outputs in wm_hubs
    - LP: #802383
  * ASoC: Add some missing volume update bit sets for wm_hubs devices
    - LP: #802383
  * mm/page_alloc.c: prevent unending loop in __alloc_pages_slowpath()
    - LP: #802383
  * loop: limit 'max_part' module param to D...

Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (16.5 KiB)

This bug was fixed in the package linux-lts-backport-natty - 2.6.38-11.50~lucid1

---------------
linux-lts-backport-natty (2.6.38-11.50~lucid1) lucid-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #848588

  [ Upstream Kernel Changes ]

  * Revert "eCryptfs: Handle failed metadata read in lookup"
  * Revert "KVM: fix kvmclock regression due to missing clock update"
  * Revert "ath9k: use split rx buffers to get rid of order-1 skb
    allocations"

linux (2.6.38-11.49) natty-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #836903

  [ Adam Jackson ]

  * SAUCE: drm/i915/pch: Fix integer math bugs in panel fitting
    - LP: #753994

  [ Keng-Yu Lin ]

  * SAUCE: Input: ALPS - Enable Intellimouse mode for Lenovo Zhaoyang E47
    - LP: #632884, #803005

  [ Stefan Bader ]

  * [Config] Force perf to use libiberty for demangling
    - LP: #783660

  [ Tim Gardner ]

  * [Config] Add enic/fnic to udebs
    - LP: #801610

  [ Upstream Kernel Changes ]

  * eeepc-wmi: add keys found on EeePC 1215T
    - LP: #812644
  * eCryptfs: Handle failed metadata read in lookup
    - LP: #509180
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * vmscan: fix a livelock in kswapd
    - LP: #813797
  * mmc: Add PCI fixup quirks for Ricoh 1180:e823 reader
    - LP: #773524
  * mmc: Added quirks for Ricoh 1180:e823 lower base clock frequency
    - LP: #773524
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * pata_marvell: Add support for 88SE91A0, 88SE91A4
    - LP: #777325
  * GFS2: make sure fallocate bytes is a multiple of blksize, CVE-2011-2689
    - LP: #819572
    - CVE-2011-2689
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * drm/nv50-nvc0: work around an evo channel hang that some people see
    - LP: #583760
  * KVM: fix kvmclock regression due to missing clock update
    - LP: #795717
  * Add mount option to check uid of device being mounted = expect uid,
    CVE-2011-1833
    - LP: #732628
    - CVE-2011-1833
  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * ath9k: use split rx buffers to get rid of order-1 skb allocations
    - LP: #728835
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918

linux (2.6.38-11.48) natty-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #818175

  [ Upstream Kernel Changes ]

  * Revert "HID: magicmouse: ignore 'ivalid report id' while switching
   ...

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (16.9 KiB)

This bug was fixed in the package linux - 2.6.32-34.77

---------------
linux (2.6.32-34.77) lucid-proposed; urgency=low

  [Steve Conklin]

  * Release Tracking Bug
    - LP: #849228

  [ Upstream Kernel Changes ]

  * Revert "drm/i915: Remove BUG_ON from i915_gem_evict_something"
  * Revert "drm/i915: Periodically flush the active lists and requests"
  * Revert "drm/i915/evict: Ensure we completely cleanup on failure"
  * Revert "drm/i915: Maintain LRU order of inactive objects upon access by
    CPU (v2)"
  * Revert "drm/i915: Implement fair lru eviction across both rings. (v2)"
  * Revert "drm/i915: Move the eviction logic to its own file."
  * Revert "drm/i915: prepare for fair lru eviction"

linux (2.6.32-34.76) lucid-proposed; urgency=low

  [Steve Conklin]

  * Release Tracking Bug
    - LP: #836914

  [ Upstream Kernel Changes ]

  * Revert "drm/nv50-nvc0: work around an evo channel hang that some people
    see"
  * Revert "eCryptfs: Handle failed metadata read in lookup"
  * Revert "tunnels: fix netns vs proto registration ordering"

linux (2.6.32-34.75) lucid-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #832332

  [ Upstream Kernel Changes ]

  * drm/i915: Remove BUG_ON from i915_gem_evict_something
    - LP: #828550

linux (2.6.32-34.74) lucid-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #828375

  [ Upstream Kernel Changes ]

  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux (2.6.32-34.73) lucid-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #824148

  [ Tim Gardner ]

  * SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
    - LP: #805494
  * [Config] Add enic/fnic to udebs
    - LP: #801610

  [ Upstream Kernel Changes ]

  * tty: icount changeover for other main devices, CVE-2010-4076,
    CVE-2010-4077
    - LP: #720189
    - CVE-2010-4077
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * ftrace: Only update the function code on write to filter files
    - LP: #802383
  * kmemleak: Do not return a pointer to an object that kmemleak did not
    get
    - LP: #802383
  * CPU hotplug, re-create sysfs directory and symlinks
    - LP: #802383
  * Fix memory leak in cpufreq_stat
    - LP: #802383
  * powerpc/kexec: Fix memory corruption from unallocated slaves
    - LP: #802383
  * powerpc/oprofile: Handle events that raise an exception without
    overflowing
    - LP: #802383
  * mtd: mtdconcat: fix NAND OOB write
    - LP: #802383
  * x86, 64-bit: Fix copy_[to/from]_user() checks for the userspace address
    limit
    - LP: #802383
  * ext3: Fix fs corruption when make_indexed_dir() fails
    - LP: #802383
  * jbd: Fix forever sleeping process in do_get_write_access()
    - LP: #802383
  * jbd: fix fsync() tid wraparound bug
    - LP: #802383
  * ext4: release page cache in ext4_mb_load_buddy error path
    - LP: #802383
  * Fix Ultrastor asm snippet
    - LP: #802383
  * x86, amd: Do not enable ARAT feature on AMD processors below family
    0x12
    - LP: #802383
  * x86, ...

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Maverick):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status: New → Invalid
importance: Undecided → Low
Paolo Pisati (p-pisati) on 2012-01-30
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers