CVE-2010-4529
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Low
|
Leann Ogasawara | |||
Hardy |
Low
|
Leann Ogasawara | |||
Karmic |
Low
|
Leann Ogasawara | |||
Lucid |
Low
|
Leann Ogasawara | |||
Maverick |
Low
|
Leann Ogasawara | |||
Natty |
Undecided
|
Unassigned | |||
linux-fsl-imx51 (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Paolo Pisati | |||
Maverick |
Undecided
|
Unassigned | |||
Natty |
Undecided
|
Unassigned | |||
linux-lts-backport-maverick (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Unassigned | |||
Maverick |
Undecided
|
Unassigned | |||
Natty |
Undecided
|
Unassigned | |||
linux-mvl-dove (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Paolo Pisati | |||
Maverick |
Undecided
|
Paolo Pisati | |||
Natty |
Undecided
|
Unassigned | |||
linux-ti-omap4 (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Unassigned | |||
Maverick |
Undecided
|
Paolo Pisati | |||
Natty |
Undecided
|
Unassigned |
Bug Description
Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in
the Linux kernel before 2.6.37 on platforms other than x86 allows local
users to obtain potentially sensitive information from kernel heap memory
via an IRLMP_ENUMDEVICES getsockopt call.
CVE References
- 2010-2954
- 2010-2955
- 2010-2960
- 2010-2962
- 2010-2963
- 2010-3079
- 2010-3080
- 2010-3081
- 2010-3437
- 2010-3698
- 2010-3705
- 2010-3848
- 2010-3849
- 2010-3850
- 2010-3861
- 2010-3865
- 2010-3873
- 2010-3875
- 2010-3876
- 2010-3877
- 2010-3880
- 2010-3904
- 2010-4072
- 2010-4076
- 2010-4077
- 2010-4079
- 2010-4083
- 2010-4158
- 2010-4163
- 2010-4164
- 2010-4165
- 2010-4175
- 2010-4248
- 2010-4258
- 2010-4263
- 2010-4342
- 2010-4346
- 2010-4527
- 2010-4529
- 2010-4565
- 2010-4656
- 2011-0463
- 2011-0521
- 2011-0695
- 2011-0711
- 2011-0712
- 2011-0726
- 2011-1013
- 2011-1016
- 2011-1017
- 2011-1019
- 2011-1090
- 2011-1163
- 2011-1169
- 2011-1494
- 2011-1577
- 2011-1598
- 2011-1746
- 2011-1748
security vulnerability: | no → yes |
description: | updated |
Leann Ogasawara (leannogasawara) wrote : | #1 |
Leann Ogasawara (leannogasawara) wrote : | #2 |
Leann Ogasawara (leannogasawara) wrote : | #3 |
Leann Ogasawara (leannogasawara) wrote : | #4 |
Leann Ogasawara (leannogasawara) wrote : | #5 |
Changed in linux (Ubuntu Natty): | |
status: | New → Invalid |
Changed in linux (Ubuntu Maverick): | |
assignee: | nobody → Leann Ogasawara (leannogasawara) |
importance: | Undecided → Low |
status: | New → In Progress |
Changed in linux (Ubuntu Lucid): | |
assignee: | nobody → Leann Ogasawara (leannogasawara) |
importance: | Undecided → Low |
status: | New → In Progress |
Changed in linux (Ubuntu Karmic): | |
assignee: | nobody → Leann Ogasawara (leannogasawara) |
importance: | Undecided → Low |
status: | New → In Progress |
Changed in linux (Ubuntu Hardy): | |
assignee: | nobody → Leann Ogasawara (leannogasawara) |
importance: | Undecided → Low |
status: | New → In Progress |
Changed in linux (Ubuntu Dapper): | |
assignee: | nobody → Leann Ogasawara (leannogasawara) |
importance: | Undecided → Low |
status: | New → In Progress |
Changed in linux-ti-omap4 (Ubuntu Maverick): | |
assignee: | nobody → Paolo Pisati (p-pisati) |
Changed in linux-ti-omap4 (Ubuntu Dapper): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Karmic): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Natty): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Maverick): | |
status: | New → In Progress |
Changed in linux-mvl-dove (Ubuntu Dapper): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu Karmic): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu Natty): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu Lucid): | |
assignee: | nobody → Paolo Pisati (p-pisati) |
Changed in linux-mvl-dove (Ubuntu Maverick): | |
assignee: | nobody → Paolo Pisati (p-pisati) |
Changed in linux-fsl-imx51 (Ubuntu Natty): | |
status: | New → Invalid |
Changed in linux-lts-backport-maverick (Ubuntu Natty): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Maverick): | |
status: | In Progress → Fix Committed |
Launchpad Janitor (janitor) wrote : | #6 |
Changed in linux-ti-omap4 (Ubuntu Maverick): | |
status: | Fix Committed → Fix Released |
tags: | added: kernel-cve-tracking-bug |
Changed in linux (Ubuntu Lucid): | |
status: | In Progress → Fix Released |
Changed in linux (Ubuntu Maverick): | |
status: | In Progress → Fix Released |
Changed in linux-mvl-dove (Ubuntu Lucid): | |
status: | New → In Progress |
Launchpad Janitor (janitor) wrote : | #7 |
This bug was fixed in the package linux - 2.6.24-29.89
---------------
linux (2.6.24-29.89) hardy-proposed; urgency=low
[ Steve Conklin ]
* Release Tracking Bug
- LP: #768380
[Tim Gardner]
* [Config] remove generated files
[Upstream Kernel Changes]
* econet: Fix crash in aun_incoming(). CVE-2010-4342
- LP: #736394
- CVE-2010-4342
* sound: Prevent buffer overflow in OSS load_mixer_volumes, CVE-2010-4527
- LP: #737073
- CVE-2010-4527
* irda: prevent integer underflow in IRLMP_ENUMDEVICES, CVE-2010-4529
- LP: #737823
- CVE-2010-4529
* av7110: check for negative array offset, CVE-2011-0521
- LP: #767526
- CVE-2011-0521
* xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1,
CVE-2011-0711
- LP: #767740
- CVE-2011-0711
-- Steve Conklin <email address hidden> Thu, 21 Apr 2011 09:28:26 -0500
Changed in linux (Ubuntu Hardy): | |
status: | In Progress → Fix Released |
Paolo Pisati (p-pisati) wrote : | #8 |
karmic is EOL
Changed in linux-fsl-imx51 (Ubuntu Dapper): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Maverick): | |
status: | New → Invalid |
Changed in linux-fsl-imx51 (Ubuntu Karmic): | |
status: | New → Won't Fix |
Changed in linux-fsl-imx51 (Ubuntu Lucid): | |
assignee: | nobody → Paolo Pisati (p-pisati) |
status: | New → In Progress |
Launchpad Janitor (janitor) wrote : | #9 |
This bug was fixed in the package linux-mvl-dove - 2.6.32-217.34
---------------
linux-mvl-dove (2.6.32-217.34) lucid-proposed; urgency=low
[ Herton R. Krzesinski ]
* Release Tracking Bug
- LP: #794695
[ Paolo Pisati ]
* Rebased to 2.6.32-33.66
[ Ubuntu: 2.6.32-33.66 ]
* Release Tracking Bug
- LP: #794098
* Revert "xhci: Fix full speed bInterval encoding."
* Revert "USB: xhci - fix math in xhci_get_
* Revert "USB: xhci - fix unsafe macro definitions"
[ Ubuntu: 2.6.32-33.65 ]
* xhci: Fix full speed bInterval encoding.
- LP: #792959
[ Ubuntu: 2.6.32-33.64 ]
* Release Tracking Bug
- LP: #789325
* SAUCE: (no-up) Fix up KVM: VMX: Fix host userspace gsbase corruption
- LP: #787675
* SAUCE: vesafb: mtrr module parameter is uint, not bool
- LP: #778043
* Revert "(pre-stable): input: Support Clickpad devices in ClickZone
mode"
- LP: #780588
* Revert "GFS2: Fix writing to non-page aligned gfs2_quota structures"
- LP: #780588
* Revert "mmc: build fix: mmc_pm_notify is only available with
CONFIG_PM=y"
- LP: #780588
* Revert "mmc: fix all hangs related to mmc/sd card insert/removal during
suspend/resume"
- LP: #780588
* Revert "econet: fix CVE-2010-3848"
- LP: #780588
* Revert "dell-laptop: Add another Dell laptop family to the DMI
whitelist"
- LP: #780588
* Revert "dell-laptop: Add another Dell laptop family to the DMI
whitelist"
- LP: #780588
* Revert "xen: set max_pfn_mapped to the last pfn mapped"
* cifs: always do is_path_accessible check in cifs_mount
- LP: #770050
* video: sn9c102: world-wirtable sysfs files
- LP: #770050
* UBIFS: restrict world-writable debugfs files
- LP: #770050
* NET: cdc-phonet, handle empty phonet header
- LP: #770050
* x86: Fix a bogus unwind annotation in lib/semaphore_32.S
- LP: #770050
* tioca: Fix assignment from incompatible pointer warnings
- LP: #770050
* mca.c: Fix cast from integer to pointer warning
- LP: #770050
* ramfs: fix memleak on no-mmu arch
- LP: #770050
* MAINTAINERS: update STABLE BRANCH info
- LP: #770050
* UBIFS: fix oops when R/O file-system is fsync'ed
- LP: #770050
* x86, cpu: AMD errata checking framework
- LP: #770050
* x86, cpu: Clean up AMD erratum 400 workaround
- LP: #770050
* x86, AMD: Set ARAT feature on AMD processors
- LP: #770050
* x86, amd: Disable GartTlbWlkErr when BIOS forgets it
- LP: #770050
* USB: ftdi_sio: Added IDs for CTI USB Serial Devices
- LP: #770050
* USB: ftdi_sio: add PID for OCT DK201 docking station
- LP: #770050
* USB: ftdi_sio: add ids for Hameg HO720 and HO730
- LP: #770050
* USB: option: Add new ONDA vendor id and product id for ONDA MT825UP
- LP: #770050
* USB: option: Added support for Samsung GT-B3730/GT-B3710 LTE USB modem.
- LP: #770050
* next_pidmap: fix overflow condition
- LP: #770050
* proc: do proper range check on readdir offset
- LP: #770050
* USB: EHCI: unlink unused QHs when the controller is stopped
- LP: #770050
* USB: fix formatting of SuperSpeed endpoints in /proc/bus/u...
Changed in linux-mvl-dove (Ubuntu Lucid): | |
status: | In Progress → Fix Released |
Launchpad Janitor (janitor) wrote : | #10 |
This bug was fixed in the package linux-fsl-imx51 - 2.6.31-609.26
---------------
linux-fsl-imx51 (2.6.31-609.26) lucid; urgency=low
[ Paolo Pisati ]
* Tracking bug
- LP: #795219
* [Config] Disable parport_pc on fsl-imx51
- LP: #601226
[ Upstream Kernel Changes ]
* ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory
- LP: #712723, #712737
* can-bcm: fix minor heap overflow
- LP: #710680
* drivers/
- LP: #712744
* gdth: integer overflow in ioctl
- LP: #711797
* inet_diag: Make sure we actually run the same bytecode we audited, CVE-2010-3880
- LP: #711865
- CVE-2010-3880
* net: fix rds_iovec page count overflow, CVE-2010-3865
- LP: #709153
- CVE-2010-3865
* net: packet: fix information leak to userland, CVE-2010-3876
- LP: #711045
- CVE-2010-3876
* net: tipc: fix information leak to userland, CVE-2010-3877
- LP: #711291
- CVE-2010-3877
* net: Truncate recvfrom and sendto length to INT_MAX.
- LP: #708839
* posix-cpu-timers: workaround to suppress the problems with mt exec
- LP: #712609
* sys_semctl: fix kernel stack leakage
- LP: #712749
* x25: Patch to fix bug 15678 - x25 accesses fields beyond end of packet.
- LP: #709372
* memory corruption in X.25 facilities parsing
- LP: #709372
* net: ax25: fix information leak to userland, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* net: ax25: fix information leak to userland harder, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* fs/partitions/
- LP: #771382
- CVE-2011-1017
* net: clear heap allocations for privileged ethtool actions
- LP: #771445
* Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code
- LP: #772543
* Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
- LP: #772543
* exec: make argv/envp memory visible to oom-killer
- LP: #768408
* next_pidmap: fix overflow condition
- LP: #784727
* proc: do proper range check on readdir offset
- LP: #784727
* mpt2sas: prevent heap overflows and unchecked reads
- LP: #787145
* agp: fix arbitrary kernel memory writes
- LP: #788684
* can: add missing socket check in can/raw release
- LP: #788694
* agp: fix OOM and buffer overflow
- LP: #788700
* do_exit(): make sure that we run with get_fs() == USER_DS - CVE-2010-4258
- LP: #723945
- CVE-2010-4258
* x25: Prevent crashing when parsing bad X.25 facilities - CVE-2010-4164
- LP: #731199
- CVE-2010-4164
* install_
- LP: #731971
- CVE-2010-4346
* econet: Fix crash in aun_incoming() - CVE-2010-4342
- LP: #736394
- CVE-2010-4342
* sound: Prevent buffer overflow in OSS load_mixer_volumes - CVE-2010-4527
- LP: #737073
- CVE-2010-4527
* irda: prevent integer underflow in IRLMP_ENUMDEVICES, CVE-2010-4529
- LP: #737823
- CVE-2010-4529
* CAN: Use inode instead of kernel address for /proc file - CVE-2010-4565
- LP: #765007...
Changed in linux-fsl-imx51 (Ubuntu Lucid): | |
status: | In Progress → Fix Released |
Launchpad Janitor (janitor) wrote : | #11 |
This bug was fixed in the package linux-mvl-dove - 2.6.32-417.34
---------------
linux-mvl-dove (2.6.32-417.34) maverick-proposed; urgency=low
[ Herton R. Krzesinski ]
* Release Tracking Bug
- LP: #795153
[ Paolo Pisati ]
* Rebased to 2.6.32-33.66
[ Ubuntu: 2.6.32-33.66 ]
* Release Tracking Bug
- LP: #794098
* Revert "xhci: Fix full speed bInterval encoding."
* Revert "USB: xhci - fix math in xhci_get_
* Revert "USB: xhci - fix unsafe macro definitions"
[ Ubuntu: 2.6.32-33.65 ]
* xhci: Fix full speed bInterval encoding.
- LP: #792959
[ Ubuntu: 2.6.32-33.64 ]
* Release Tracking Bug
- LP: #789325
* SAUCE: (no-up) Fix up KVM: VMX: Fix host userspace gsbase corruption
- LP: #787675
* SAUCE: vesafb: mtrr module parameter is uint, not bool
- LP: #778043
* Revert "(pre-stable): input: Support Clickpad devices in ClickZone
mode"
- LP: #780588
* Revert "GFS2: Fix writing to non-page aligned gfs2_quota structures"
- LP: #780588
* Revert "mmc: build fix: mmc_pm_notify is only available with
CONFIG_PM=y"
- LP: #780588
* Revert "mmc: fix all hangs related to mmc/sd card insert/removal during
suspend/resume"
- LP: #780588
* Revert "econet: fix CVE-2010-3848"
- LP: #780588
* Revert "dell-laptop: Add another Dell laptop family to the DMI
whitelist"
- LP: #780588
* Revert "dell-laptop: Add another Dell laptop family to the DMI
whitelist"
- LP: #780588
* Revert "xen: set max_pfn_mapped to the last pfn mapped"
* cifs: always do is_path_accessible check in cifs_mount
- LP: #770050
* video: sn9c102: world-wirtable sysfs files
- LP: #770050
* UBIFS: restrict world-writable debugfs files
- LP: #770050
* NET: cdc-phonet, handle empty phonet header
- LP: #770050
* x86: Fix a bogus unwind annotation in lib/semaphore_32.S
- LP: #770050
* tioca: Fix assignment from incompatible pointer warnings
- LP: #770050
* mca.c: Fix cast from integer to pointer warning
- LP: #770050
* ramfs: fix memleak on no-mmu arch
- LP: #770050
* MAINTAINERS: update STABLE BRANCH info
- LP: #770050
* UBIFS: fix oops when R/O file-system is fsync'ed
- LP: #770050
* x86, cpu: AMD errata checking framework
- LP: #770050
* x86, cpu: Clean up AMD erratum 400 workaround
- LP: #770050
* x86, AMD: Set ARAT feature on AMD processors
- LP: #770050
* x86, amd: Disable GartTlbWlkErr when BIOS forgets it
- LP: #770050
* USB: ftdi_sio: Added IDs for CTI USB Serial Devices
- LP: #770050
* USB: ftdi_sio: add PID for OCT DK201 docking station
- LP: #770050
* USB: ftdi_sio: add ids for Hameg HO720 and HO730
- LP: #770050
* USB: option: Add new ONDA vendor id and product id for ONDA MT825UP
- LP: #770050
* USB: option: Added support for Samsung GT-B3730/GT-B3710 LTE USB modem.
- LP: #770050
* next_pidmap: fix overflow condition
- LP: #770050
* proc: do proper range check on readdir offset
- LP: #770050
* USB: EHCI: unlink unused QHs when the controller is stopped
- LP: #770050
* USB: fix formatting of SuperSpeed endpoints in /proc/bu...
Changed in linux-mvl-dove (Ubuntu Maverick): | |
status: | New → Fix Released |
This bug was nominated against a series that is no longer supported, ie karmic. The bug task representing the karmic nomination is being closed as Won't Fix.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.
Changed in linux (Ubuntu Karmic): | |
status: | In Progress → Won't Fix |
Launchpad Janitor (janitor) wrote : | #13 |
This bug was fixed in the package linux-lts-
---------------
linux-lts-
[Herton R. Krzesinski]
* Release Tracking Bug
- LP: #811215
[ Herton Ronaldo Krzesinski ]
* Revert "SAUCE: mmc: Enable MMC card reader for RICOH [1180:e823]"
[ Upstream Kernel Changes ]
* Revert "x86: Flush TLB if PGD entry is changed in i386 PAE mode"
- LP: #805209
linux (2.6.35-30.55) maverick-proposed; urgency=low
[Steve Conklin]
* Release Tracking Bug
- LP: #801690
[ Jeremy Kerr ]
* SAUCE: cx23885: Fix argument to videobuf_dma_unmap
- LP: #800527
[ Manoj Iyer ]
* SAUCE: mmc: Enable MMC card reader for RICOH [1180:e823]
- LP: #790754
[ Upstream Kernel Changes ]
* agp: fix OOM and buffer overflow
- LP: #791918
- CVE-2011-1746
* tty: icount changeover for other main devices, CVE-2010-4076,
CVE-2010-4077
- LP: #720189
- CVE-2010-4077
* fs/partitions/
oops
- LP: #795418
- CVE-2011-1577
* Fix corrupted OSF partition table parsing
- LP: #796606
- CVE-2011-1163
* can: Add missing socket check in can/bcm release.
- LP: #796502
- CVE-2011-1598
* nfs4: Ensure that ACL pages sent over NFS were not allocated from the
slab (v3) CVE-2011-1090
- LP: #800775
- CVE-2011-1090
linux (2.6.35-30.54) maverick-proposed; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #794114
[ Upstream Kernel Changes ]
* Revert "xhci: Fix full speed bInterval encoding."
* Revert "USB: xhci - also free streams when resetting devices"
* Revert "USB: xhci - fix math in xhci_get_
* Revert "USB: xhci - fix unsafe macro definitions"
linux (2.6.35-30.53) maverick-proposed; urgency=low
[ Upstream Kernel Changes ]
* xhci: Fix full speed bInterval encoding.
- LP: #792959
linux (2.6.35-30.52) maverick-proposed; urgency=low
[ Herton R. Krzesinski ]
* Release Tracking Bug
- LP: #790653
[ Stefan Bader ]
* Include nls_iso8859-1 for virtual images
- LP: #732046
[ Thomas Schlichter ]
* SAUCE: vesafb: mtrr module parameter is uint, not bool
- LP: #778043
[ Tim Gardner ]
* [Config] Add cachefiles.ko to virtual flavour
- LP: #770430
[ Upstream Kernel Changes ]
* Revert "intel_idle: PCI quirk to prevent Lenovo Ideapad s10-3 boot
hang"
- LP: #772560
* Revert "TPM: Long default timeout fix"
- LP: #772560
* Revert "tpm_tis: Use timeouts returned from TPM"
- LP: #772560
* Revert "xen: set max_pfn_mapped to the last pfn mapped"
* CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565
- LP: #765007
- CVE-2010-4565
* xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1,
CVE-2011-0711
- LP: #767740
- CVE-2011-0711
* Treat writes as new when holes span across page boundaries,
CVE-2011-0463
- LP: #770483
- CVE-2011-0463
* fs/partitions/
CVE-2011-1017
- LP: #771382
- CVE-2011-1017
* qla2xxx:...
Changed in linux-lts-backport-maverick (Ubuntu Lucid): | |
status: | New → Fix Released |
Changed in linux-lts-backport-maverick (Ubuntu Dapper): | |
status: | New → Won't Fix |
Changed in linux-lts-backport-maverick (Ubuntu Karmic): | |
status: | New → Won't Fix |
Changed in linux (Ubuntu Dapper): | |
status: | In Progress → Won't Fix |
Jamie Strandboge (jdstrand) wrote : | #14 |
Thank you for reporting this bug to Ubuntu. maverick has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against maverick is being marked "Won't Fix". Please see
https:/
releases.
Please feel free to report any other bugs you may find.
Changed in linux-lts-backport-maverick (Ubuntu Maverick): | |
status: | New → Won't Fix |
Changed in linux-lts-backport-maverick (Ubuntu Hardy): | |
status: | New → Won't Fix |
This bug was fixed in the package linux-ti-omap4 - 2.6.35-903.22
---------------
linux-ti-omap4 (2.6.35-903.22) maverick; urgency=low
[ Paolo Pisati ]
* Release Tracking Bug
- LP: #744250
[ Upstream Kernel Changes ]
* ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open(), CVE-2010-3080 session_ to_parent( ) if parent has no session keyring, CVE-2010-2960 alloc_user_ space() incorporate the access_ok(), CVE-2010-3081 session_ to_parent( ), CVE-2010-2960 get_hmac( ), CVE-2010-3705 GRXCLSRLALL, CVE-2010-3861
- CVE-2010-3080
* tracing: t_start: reset FTRACE_ITER_HASH in case of seek/pread, CVE-2010-3079
- CVE-2010-3079
* KEYS: Fix bug in keyctl_
- CVE-2010-2960
* drm/i915: Sanity check pread/pwrite, CVE-2010-2962
- CVE-2010-2962
* do_exit(): make sure that we run with get_fs() == USER_DS, CVE-2010-3849
- CVE-2010-3849
* econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849
- CVE-2010-3849
* econet: fix CVE-2010-3850
- CVE-2010-3850
* econet: fix CVE-2010-3848
- CVE-2010-3848
* compat: Make compat_
- CVE-2010-3081
* irda: Correctly clean up self->ias_obj on irda_bind() failure., CVE-2010-2954
- CVE-2010-2954
* wireless extensions: fix kernel heap content leak, CVE-2010-2955
- CVE-2010-2955
* KEYS: Fix RCU no-lock warning in keyctl_
- CVE-2010-2960
* Fix pktcdvd ioctl dev_minor range check, CVE-2010-3437
- CVE-2010-3437
* Fix out-of-bounds reading in sctp_asoc_
- CVE-2010-3705
* ocfs2: Don't walk off the end of fast symlinks., CVE-2010-NNN2
- CVE-2010-NNN2
* v4l: disable dangerous buggy compat function, CVE-2010-2963
- CVE-2010-2963
* Local privilege escalation vulnerability in RDS sockets, CVE-2010-3904
- CVE-2010-3904
* net: clear heap allocation for ETHTOOL_
- CVE-2010-3861
* ipc: shm: fix information leak to userland, CVE-2010-4072
- CVE-2010-4072
* tcp: Increase TCP_MAXSEG socket option minimum., CVE-2010-4165
- CVE-2010-4165
* af_unix: limit unix_tot_inflight, CVE-2010-4249
- CVE-2010-4249
* V4L/DVB: ivtvfb: prevent reading uninitialized stack memory, CVE-2010-4079
- LP: #707649
- CVE-2010-4079
* net: fix rds_iovec page count overflow, CVE-2010-3865
- LP: #709153
- CVE-2010-3865
* net: ax25: fix information leak to userland, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* net: ax25: fix information leak to userland harder, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* net: packet: fix information leak to userland, CVE-2010-3876
- LP: #710714
- CVE-2010-3876
* net: tipc: fix information leak to userland, CVE-2010-3877
- LP: #711291
- CVE-2010-3877
* filter: make sure filters dont read uninitialized memory, CVE-2010-4158
- LP: #721282
- CVE-2010-4158
* econet: Fix crash in aun_incoming(). CVE-2010-4342
- LP: #736394
- CVE-2010-4342
* sound: Prevent buffer overflow in OSS load_mixer_volumes, CVE-2010-4527
- LP: #737073
- CVE-2010-4527
* irda: prevent integer underflow in IRLMP_ENUMDEVICES, CVE-2010-4529
- LP: #737823
- CVE-2010-4529
* x25: Prevent crashing when parsing bad X.25 facilities, C...