Lucid fsl-imx51: tracking bug, update to 2.6.31-608.22

Bug #713266 reported by Tim Gardner on 2011-02-04
264
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-fsl-imx51 (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Tim Gardner

Bug Description

rebased to Karmic master branch 2.6.31-22.72 which contains many CVEs and stable updates.

Tim Gardner (timg-tpi) on 2011-02-04
visibility: private → public
Tim Gardner (timg-tpi) on 2011-02-04
Changed in linux-fsl-imx51 (Ubuntu):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Lucid):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → Fix Committed

Accepted linux-fsl-imx51 into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Tobin Davis (gruemaster) wrote :

Tested on babbage, no errors in dmesg log and no issues during install.

tags: added: verification-done
Tim Gardner (timg-tpi) on 2011-02-16
tags: added: verification-done-lucid
removed: verification-done
Martin Pitt (pitti) on 2011-02-16
tags: added: verification-done
Martin Pitt (pitti) wrote :

Adding missing tracking bug tag, so that this appears correctly on the report pages.

tags: added: kernel-tracking-bug
Launchpad Janitor (janitor) wrote :
Download full text (5.8 KiB)

This bug was fixed in the package linux-fsl-imx51 - 2.6.31-608.22

---------------
linux-fsl-imx51 (2.6.31-608.22) lucid; urgency=low

  [ Tim Gardner ]

  * rebased to 2.6.31-22.72
  * Tracking bug
    - LP: #713266

  [ Upstream Kernel Changes ]

  * Karmic SRU: thinkpad-acpi: lock down video output state access, CVE-2010-3448
    - LP: #706999
    - CVE-2010-3448
  * USB: serial/mos*: prevent reading uninitialized stack memory,
    CVE-2010-4074
    - LP: #706149
    - CVE-2010-4074
  * KVM: Fix fs/gs reload oops with invalid ldt
    - LP: #707000
    - CVE-2010-3698
  * drivers/video/sis/sis_main.c: prevent reading uninitialized stack
    memory, CVE-2010-4078
    - LP: #707579
    - CVE-2010-4078
  * V4L/DVB: ivtvfb: prevent reading uninitialized stack memory,
    CVE-2010-4079
    - LP: #707649
    - CVE-2010-4079

  [ Upstream Kernel Changes ]

  * ipc: initialize structure memory to zero for compat functions
  * tcp: Increase TCP_MAXSEG socket option minimum.
    - CVE-2010-4165
  * perf_events: Fix perf_counter_mmap() hook in mprotect()
    - CVE-2010-4169
  * af_unix: limit unix_tot_inflight
    - CVE-2010-4249

linux-fsl-imx51 (2.6.31-608.21) lucid-proposed; urgency=low

  [ Leann Ogasawara ]

  * Rebased to 2.6.31-22.70

  [ Ubuntu: 2.6.31-22.70 ]

  - LP: #683474
  * Revert "SAUCE: AF_ECONET saddr->cookie prevent NULL pointer
    dereference"
  * Revert "SAUCE: AF_ECONET SIOCSIFADDR ioctl does not check privileges"
  * Revert "SAUCE: AF_ECONET prevent kernel stack overflow"
  * Btrfs: fix checks in BTRFS_IOC_CLONE_RANGE
    - CVE-2010-2538
  * xfs: validate untrusted inode numbers during lookup
    - CVE-2010-2943
  * xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED
    - CVE-2010-2943
  * xfs: remove block number from inode lookup code
    - CVE-2010-2943
  * xfs: fix untrusted inode number lookup
    - CVE-2010-2943
  * drm/i915: Sanity check pread/pwrite
    - CVE-2010-2962
  * drm/i915: Rephrase pwrite bounds checking to avoid any potential overflow
    - CVE-2010-2962
  * tracing: Do not allow llseek to set_ftrace_filter
    - CVE-2010-3079
  * drivers/net/cxgb3/cxgb3_main.c: prevent reading uninitialized stack memory
    - CVE-2010-3296
  * drivers/net/eql.c: prevent reading uninitialized stack memory
    - CVE-2010-3297
  * drivers/net/usb/hso.c: prevent reading uninitialized memory
    - CVE-2010-3298
  * setup_arg_pages: diagnose excessive argument size
    - CVE-2010-3858
  * net: clear heap allocation for ETHTOOL_GRXCLSRLALL
    - CVE-2010-3861
  * ipc: shm: fix information leak to userland
    - CVE-2010-4072
  * econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849
    - CVE-2010-3849
  * econet: fix CVE-2010-3850
    - CVE-2010-3850
  * econet: fix CVE-2010-3848
    - CVE-2010-3848

  [ Ubuntu: 2.6.31-22.69 ]

  * SAUCE: AF_ECONET prevent kernel stack overflow
    - CVE-2010-3848
  * SAUCE: AF_ECONET SIOCSIFADDR ioctl does not check privileges
    - CVE-2010-3850
  * SAUCE: AF_ECONET saddr->cookie prevent NULL pointer dereference
    - CVE-2010-3849

  [ Ubuntu: 2.6.31-22.68 ]

  * SAUCE: docs -- fix doc strings for fc_event_seq
  * SAUCE: (no-up) Modularize vesafb -- fix initialization
    - LP: #...

Read more...

Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

Copied to -security, too.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers