This bug was fixed in the package linux-ti-omap4 - 2.6.35-903.22 --------------- linux-ti-omap4 (2.6.35-903.22) maverick; urgency=low [ Paolo Pisati ] * Release Tracking Bug - LP: #744250 [ Upstream Kernel Changes ] * ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open(), CVE-2010-3080 - CVE-2010-3080 * tracing: t_start: reset FTRACE_ITER_HASH in case of seek/pread, CVE-2010-3079 - CVE-2010-3079 * KEYS: Fix bug in keyctl_session_to_parent() if parent has no session keyring, CVE-2010-2960 - CVE-2010-2960 * drm/i915: Sanity check pread/pwrite, CVE-2010-2962 - CVE-2010-2962 * do_exit(): make sure that we run with get_fs() == USER_DS, CVE-2010-3849 - CVE-2010-3849 * econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849 - CVE-2010-3849 * econet: fix CVE-2010-3850 - CVE-2010-3850 * econet: fix CVE-2010-3848 - CVE-2010-3848 * compat: Make compat_alloc_user_space() incorporate the access_ok(), CVE-2010-3081 - CVE-2010-3081 * irda: Correctly clean up self->ias_obj on irda_bind() failure., CVE-2010-2954 - CVE-2010-2954 * wireless extensions: fix kernel heap content leak, CVE-2010-2955 - CVE-2010-2955 * KEYS: Fix RCU no-lock warning in keyctl_session_to_parent(), CVE-2010-2960 - CVE-2010-2960 * Fix pktcdvd ioctl dev_minor range check, CVE-2010-3437 - CVE-2010-3437 * Fix out-of-bounds reading in sctp_asoc_get_hmac(), CVE-2010-3705 - CVE-2010-3705 * ocfs2: Don't walk off the end of fast symlinks., CVE-2010-NNN2 - CVE-2010-NNN2 * v4l: disable dangerous buggy compat function, CVE-2010-2963 - CVE-2010-2963 * Local privilege escalation vulnerability in RDS sockets, CVE-2010-3904 - CVE-2010-3904 * net: clear heap allocation for ETHTOOL_GRXCLSRLALL, CVE-2010-3861 - CVE-2010-3861 * ipc: shm: fix information leak to userland, CVE-2010-4072 - CVE-2010-4072 * tcp: Increase TCP_MAXSEG socket option minimum., CVE-2010-4165 - CVE-2010-4165 * af_unix: limit unix_tot_inflight, CVE-2010-4249 - CVE-2010-4249 * V4L/DVB: ivtvfb: prevent reading uninitialized stack memory, CVE-2010-4079 - LP: #707649 - CVE-2010-4079 * net: fix rds_iovec page count overflow, CVE-2010-3865 - LP: #709153 - CVE-2010-3865 * net: ax25: fix information leak to userland, CVE-2010-3875 - LP: #710714 - CVE-2010-3875 * net: ax25: fix information leak to userland harder, CVE-2010-3875 - LP: #710714 - CVE-2010-3875 * net: packet: fix information leak to userland, CVE-2010-3876 - LP: #710714 - CVE-2010-3876 * net: tipc: fix information leak to userland, CVE-2010-3877 - LP: #711291 - CVE-2010-3877 * filter: make sure filters dont read uninitialized memory, CVE-2010-4158 - LP: #721282 - CVE-2010-4158 * econet: Fix crash in aun_incoming(). CVE-2010-4342 - LP: #736394 - CVE-2010-4342 * sound: Prevent buffer overflow in OSS load_mixer_volumes, CVE-2010-4527 - LP: #737073 - CVE-2010-4527 * irda: prevent integer underflow in IRLMP_ENUMDEVICES, CVE-2010-4529 - LP: #737823 - CVE-2010-4529 * x25: Prevent crashing when parsing bad X.25 facilities, CVE-2010-4164, CVE-2010-3873 - LP: #731199 - CVE-2010-3873 * install_special_mapping skips security_file_mmap check., CVE-2010-4346 - LP: #731971 - CVE-2010-4346 -- Tim Gardner