Ubuntu

CVE-2012-3412

Reported by John Johansen on 2012-08-16
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Low
Tim Gardner
Hardy
Low
Unassigned
Lucid
Low
Tim Gardner
Natty
Low
Tim Gardner
Oneiric
Low
Tim Gardner
Precise
Low
Tim Gardner
Quantal
Low
Tim Gardner
linux-armadaxp (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-ec2 (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-fsl-imx51 (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-lts-backport-maverick (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-lts-backport-natty (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-mvl-dove (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-ti-omap4 (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned

Bug Description

A peer (or local user) may cause TCP to use a nominal MSS of as little as 88 (actual MSS of 76 with timestamps). Given that we have a sufficiently prodigious local sender and the peer ACKs quickly enough, it is nevertheless possible to grow the window for such a connection to the point that we will try to send just under 64K at once. This results in a single skb that expands to 861 segments. In the sfc driver, such an skb will require hundreds of DMA descriptors; a substantial fraction of a TX ring or even more than a full ring. The TX queue selected for the skb may stall and trigger the TX watchdog repeatedly (since the problem skb will be retried after the TX reset).

Break-Fix: - 30b678d844af3305cda5953467005cebb5d7b687
Break-Fix: - 7e6d06f0de3f74ca929441add094518ae332257c
Break-Fix: - 1485348d2424e1131ea42efc033cbd9366462b01

John Johansen (jjohansen) wrote :

CVE-2012-3412

tags: added: kernel-cve-tracking-bug
security vulnerability: no → yes
Changed in linux-armadaxp (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Hardy):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Natty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance: Undecided → Low
Changed in linux (Ubuntu Precise):
importance: Undecided → Low
Changed in linux (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance: Undecided → Low
Brad Figg (brad-figg) wrote :

This bug is used by the kernel team to track the application of the relevant fixes for this CVE accross all of the released series. Please do not mark it as a duplicate.

Tim Gardner (timg-tpi) on 2012-08-21
Changed in linux (Ubuntu Quantal):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Tim Gardner (timg-tpi) on 2012-08-21
Changed in linux (Ubuntu Precise):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Tim Gardner (timg-tpi) on 2012-08-21
Changed in linux (Ubuntu Quantal):
status: In Progress → Fix Committed
Tim Gardner (timg-tpi) on 2012-08-22
Changed in linux (Ubuntu Oneiric):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Changed in linux (Ubuntu Precise):
status: In Progress → Fix Committed
Tim Gardner (timg-tpi) on 2012-08-23
Changed in linux (Ubuntu Oneiric):
status: In Progress → Fix Committed
Tim Gardner (timg-tpi) on 2012-08-23
Changed in linux (Ubuntu Natty):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Tim Gardner (timg-tpi) on 2012-08-23
Changed in linux (Ubuntu Lucid):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Fix Committed
Tim Gardner (timg-tpi) on 2012-08-24
Changed in linux (Ubuntu Lucid):
status: In Progress → Invalid
Changed in linux (Ubuntu Natty):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Hardy):
status: New → Invalid
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.5.0-12.12

---------------
linux (3.5.0-12.12) quantal-proposed; urgency=low

  [ Luis Henriques ]

  * [Config] Fix typo on control.stub.in

  [ Ricardo Salveti de Araujo ]

  * [Config] installing omapdrm specific headers for external drivers
    - LP: #1038846

  [ Seth Forshee ]

  * SAUCE: apple-gmux: Fix port address calculation in gmux_pio_write32()

  [ Stefan Bader ]

  * SAUCE: (no-up) x86/mm: Fix 64bit size of mapping tables
    - LP: #1022561

  [ Tim Gardner ]

  * SAUCE: firmware: Remove sb16 files duplicated in linux-firmware

  [ Upstream Kernel Changes ]

  * net: Allow driver to limit number of GSO segments per skb
    - LP: #1037456
    - CVE-2012-3412
  * sfc: Fix maximum number of TSO segments and minimum TX queue size
    - LP: #1037456
    - CVE-2012-3412
  * tcp: Apply device TSO segment limit earlier
    - LP: #1037456
    - CVE-2012-3412
  * cfg80211: add channel flag to prohibit OFDM operation
  * brcmsmac: use channel flags to restrict OFDM
  * gmux: Add generic write32 function
  * apple_gmux: Add support for newer hardware
  * apple_gmux: Fix ACPI video unregister
  * apple-gmux: Fix kconfig dependencies
  * vga_switcheroo: Don't require handler init callback
  * vga_switcheroo: Remove assumptions about registration/unregistration
    ordering
  * apple-gmux: Add display mux support
  * mei: add mei_quirk_probe function
    - LP: #1041164
  * mutex: Place lock in contended state after fastpath_lock failure
    - LP: #1041114
 -- Leann Ogasawara <email address hidden> Fri, 24 Aug 2012 07:13:00 -0700

Changed in linux (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Natty):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.38-16.67

---------------
linux (2.6.38-16.67) natty-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1045383

  [ Upstream Kernel Changes ]

  * rds: set correct msg_namelen
    - LP: #1031112
    - CVE-2012-3430
  * eCryptfs: Initialize empty lower files when opening them
    - LP: #911507
  * net: Allow driver to limit number of GSO segments per skb
    - LP: #1037456
    - CVE-2012-3412
  * tcp: do not scale TSO segment size with reordering degree
    - LP: #1037456
    - CVE-2012-3412
  * tcp: Apply device TSO segment limit earlier
    - LP: #1037456
    - CVE-2012-3412
  * sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE
    - LP: #1037456
    - CVE-2012-3412
  * sfc: Fix maximum number of TSO segments and minimum TX queue size
    - LP: #1037456
    - CVE-2012-3412
  * mm: Hold a file reference in madvise_remove
    - LP: #1042447
    - CVE-2012-3511
  * cred: copy_process() should clear child->replacement_session_keyring
    - LP: #1023535
    - CVE-2012-2745
 -- Luis Henriques <email address hidden> Thu, 06 Sep 2012 09:25:21 +0100

Changed in linux (Ubuntu Natty):
status: Fix Committed → Fix Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :
Download full text (5.4 KiB)

This bug was fixed in the package linux - 3.0.0-26.42

---------------
linux (3.0.0-26.42) oneiric-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1045707

  [ Upstream Kernel Changes ]

  * rds: set correct msg_namelen
    - LP: #1031112
    - CVE-2012-3430
  * x86: Simplify code by removing a !SMP #ifdefs from 'struct cpuinfo_x86'
    - LP: #1037281
  * Redefine ATOMIC_INIT and ATOMIC64_INIT to drop the casts
    - LP: #1037281
  * SUNRPC: return negative value in case rpcbind client creation error
    - LP: #1037281
  * nilfs2: fix deadlock issue between chcp and thaw ioctls
    - LP: #1037281
  * pcdp: use early_ioremap/early_iounmap to access pcdp table
    - LP: #1037281
  * mm: fix wrong argument of migrate_huge_pages() in
    soft_offline_huge_page()
    - LP: #1037281
  * ARM: 7478/1: errata: extend workaround for erratum #720789
    - LP: #1037281
  * ARM: 7479/1: mm: avoid NULL dereference when flushing gate_vma with
    VIVT caches
    - LP: #1037281
  * mm: mmu_notifier: fix freed page still mapped in secondary MMU
    - LP: #1037281
  * mac80211: cancel mesh path timer
    - LP: #1037281
  * x86, nops: Missing break resulting in incorrect selection on Intel
    - LP: #1037281
  * random: Add support for architectural random hooks
    - LP: #1037281
  * fix typo/thinko in get_random_bytes()
    - LP: #1037281
  * random: Use arch_get_random_int instead of cycle counter if avail
    - LP: #1037281
  * random: Use arch-specific RNG to initialize the entropy store
    - LP: #1037281
  * random: Adjust the number of loops when initializing
    - LP: #1037281
  * drivers/char/random.c: fix boot id uniqueness race
    - LP: #1037281
  * random: make 'add_interrupt_randomness()' do something sane
    - LP: #1037281
  * random: use lockless techniques in the interrupt path
    - LP: #1037281
  * random: create add_device_randomness() interface
    - LP: #1037281
  * usb: feed USB device information to the /dev/random driver
    - LP: #1037281
  * net: feed /dev/random with the MAC address when registering a device
    - LP: #1037281
  * random: use the arch-specific rng in xfer_secondary_pool
    - LP: #1037281
  * random: add new get_random_bytes_arch() function
    - LP: #1037281
  * random: add tracepoints for easier debugging and verification
    - LP: #1037281
  * MAINTAINERS: Theodore Ts'o is taking over the random driver
    - LP: #1037281
  * rtc: wm831x: Feed the write counter into device_add_randomness()
    - LP: #1037281
  * mfd: wm831x: Feed the device UUID into device_add_randomness()
    - LP: #1037281
  * random: remove rand_initialize_irq()
    - LP: #1037281
  * random: Add comment to random_initialize()
    - LP: #1037281
  * dmi: Feed DMI table to /dev/random driver
    - LP: #1037281
  * random: mix in architectural randomness in extract_buf()
    - LP: #1037281
  * x86, microcode: microcode_core.c simple_strtoul cleanup
    - LP: #1037281
  * x86, microcode: Sanitize per-cpu microcode reloading interface
    - LP: #1037281
  * mm: hugetlbfs: close race during teardown of hugetlbfs shared page
    tables
    - LP: #1037281
  * ARM: mxs: Remove MMAP_MIN_ADDR setting from mxs_defconfig
  ...

Read more...

Changed in linux (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-armadaxp - 3.2.0-1608.13

---------------
linux-armadaxp (3.2.0-1608.13) precise-proposed; urgency=low

  [ Ike Panhc ]

  * Release Tracking Bug
    - LP: #1047672
  * Rebase onto Ubuntu-3.2.0-31.50

  [ Ubuntu: 3.2.0-31.50 ]

  * Release Tracking Bug
    - LP: #1047242
  * SAUCE: drm/vmwgfx: add MODULE_DEVICE_TABLE so vmwgfx loads at boot
    - LP: #1039157
  * SAUCE: input: Cypress PS/2 Trackpad move PSMOUSE_CYPRESS enum
    - LP: #1041594
 -- Ike Panhc <email address hidden> Mon, 10 Sep 2012 09:32:28 +0800

Changed in linux-armadaxp (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
John Johansen (jjohansen) wrote :

the commits to fix this are in 2.6.32-43.97

Changed in linux (Ubuntu Lucid):
status: Invalid → In Progress
Changed in linux (Ubuntu Lucid):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-43.97

---------------
linux (2.6.32-43.97) lucid-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1045405

  [ Upstream Kernel Changes ]

  * rds: set correct msg_namelen
    - LP: #1031112
    - CVE-2012-3430
  * eCryptfs: Initialize empty lower files when opening them
    - LP: #911507
  * net: Allow driver to limit number of GSO segments per skb
    - LP: #1037456
    - CVE-2012-3412
  * tcp: do not scale TSO segment size with reordering degree
    - LP: #1037456
    - CVE-2012-3412
  * tcp: Apply device TSO segment limit earlier
    - LP: #1037456
    - CVE-2012-3412
  * sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE
    - LP: #1037456
    - CVE-2012-3412
  * sfc: Fix maximum number of TSO segments and minimum TX queue size
    - LP: #1037456
    - CVE-2012-3412
  * mm: Hold a file reference in madvise_remove
    - LP: #1042447
    - CVE-2012-3511
  * ulimit: raise default hard ulimit on number of files to 4096
    - LP: #663090
 -- Luis Henriques <email address hidden> Wed, 05 Sep 2012 09:39:41 +0100

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ec2 - 2.6.32-348.54

---------------
linux-ec2 (2.6.32-348.54) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-43.97
  * SAUCE: EC2: Backport changes to limit GSO segments
    - LP: #1037456
    - CVE-2012-3412
  * Release Tracking Bug
    - LP: #1046656

  [ Ubuntu: 2.6.32-43.97 ]

  * rds: set correct msg_namelen
    - LP: #1031112
    - CVE-2012-3430
  * eCryptfs: Initialize empty lower files when opening them
    - LP: #911507
  * net: Allow driver to limit number of GSO segments per skb
    - LP: #1037456
    - CVE-2012-3412
  * tcp: do not scale TSO segment size with reordering degree
    - LP: #1037456
    - CVE-2012-3412
  * tcp: Apply device TSO segment limit earlier
    - LP: #1037456
    - CVE-2012-3412
  * sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE
    - LP: #1037456
    - CVE-2012-3412
  * sfc: Fix maximum number of TSO segments and minimum TX queue size
    - LP: #1037456
    - CVE-2012-3412
  * mm: Hold a file reference in madvise_remove
    - LP: #1042447
    - CVE-2012-3511
  * ulimit: raise default hard ulimit on number of files to 4096
    - LP: #663090
 -- Stefan Bader <email address hidden> Fri, 07 Sep 2012 09:16:52 +0200

Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (5.1 KiB)

This bug was fixed in the package linux-ti-omap4 - 3.5.0-210.16

---------------
linux-ti-omap4 (3.5.0-210.16) quantal-proposed; urgency=low

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.5.0-14.16

  [ Ricardo Salveti de Araujo ]

  * [Config] Disable CONFIG_OMAP2_DSS_VENC
  * [Config] Disable DSS_DSI, not yet compatible with DSS_HL
  * [Config] CONFIG_DRM_OMAP_NUM_CRTCS should be 2 for OMAP4
  * [Config] Reducing VRAM size as it's not relevant anymore

  [ Upstream Kernel Changes ]

  * drm: remove unused fxn prototypes
  * staging: omapdrm: Fix DMM sparse warnings
  * staging: omapdrm: Remove unnecessary memcpy
  * omapdrm: use alloc_ordered_workqueue() instead of UNBOUND w/ max_active
    = 1
  * drm/omap: hold a ref to the bo while waiting for flip
  * drm: refcnt drm_framebuffer
  * OMAPDSS: workaround 'operation stopped while reading edid' error
  * WIP: OMAPDSS: enable either high level or low level API
  * omap2+: use dss_dispc hwmod for omapdrm
  * WIP: drm/omap: use omapdss low lever API (v4)
  * omapdss: fixing support for the low level API

  [ Ubuntu: 3.5.0-14.16 ]

  * SAUCE: apple-gmux: Fix index read functions
  * SAUCE: input: Cypress PS/2 Trackpad move PSMOUSE_CYPRESS enum
    - LP: #1041594
  * SAUCE: Input: synaptics - Adjust threshold for treating position values
    as negative
    - LP: #1046512
  * mei: check for error codes that mei_flow_ctrl_creds retuns
  * mei: make mei_write_message more readable
  * mei: mei_irq_thread_write_handler check for overflow
  * mei: group wd_interface_reg with watchdog variables within struct
    mei_device
  * mei: don't query HCSR for host buffer depth
  * mei: revamp host buffer interface function
  * mei: mei_device can be const for mei register access functions
  * mei: remove write only wariable wd_due_counter
  * mei: mei_wd_host_init: update the comment
  * mei: introduce mei_data2slots wrapper
  * mei: streamline the _mei_irq_thread_close/ioctol functions
  * mei: mei_irq_thread_write_handler - line break fix
  * mei: use module_pci_driver
  * mei: fix device stall after wd is stopped

  [ Ubuntu: 3.5.0-14.15 ]

  * SAUCE: fs: d_revalidate methods may be passed a NULL nameidata
    - LP: #1038075
  * SAUCE: drm/vmwgfx: add MODULE_DEVICE_TABLE so vmwgfx loads at boot
    - LP: #1039157
  * [Config] Enable CONFIG_DEVPTS_MULTIPLE_INSTANCES for highbank
    - LP: #1038259
  * SAUCE: wlcore: Declare MODULE_FIRMWARE usage
    - LP: #1042918
  * asus-nb-wmi: add some video toggle keys
    - LP: #1022427
  * [media] uvcvideo: Fix frame drop in bulk video stream
  * [media] uvcvideo: Fix alternate setting selection
  * Input: wacom - add support to Cintiq 22HD
    - LP: #1043733
  * ALSA: HDA: Create phantom jacks for fixed inputs and outputs
  * ALSA: HDA: Support single 3-pin jack without VREF on the actual pin
    - LP: #1018262
  * ALSA: hda - give 3-pin jack the name "Headphone Mic Jack"
  * ALSA: hda - Do not set GPIOs for speakers on IDT if there are no
    speakers
    - LP: #1040077
  * ALSA: hda - Fix pop noise in headphones on S3 for Asus X55A, X55V
    - LP: #1034779
  * ALSA: hda - Always call standard unsolicited event for Realtek codecs
    - LP: #1021192
  * ALSA: hda - ...

Read more...

Changed in linux-ti-omap4 (Ubuntu Quantal):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-backport-natty - 2.6.38-16.67~lucid1

---------------
linux-lts-backport-natty (2.6.38-16.67~lucid1) lucid-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1047350

  [ Upstream Kernel Changes ]

  * rds: set correct msg_namelen
    - LP: #1031112
    - CVE-2012-3430
  * eCryptfs: Initialize empty lower files when opening them
    - LP: #911507
  * net: Allow driver to limit number of GSO segments per skb
    - LP: #1037456
    - CVE-2012-3412
  * tcp: do not scale TSO segment size with reordering degree
    - LP: #1037456
    - CVE-2012-3412
  * tcp: Apply device TSO segment limit earlier
    - LP: #1037456
    - CVE-2012-3412
  * sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE
    - LP: #1037456
    - CVE-2012-3412
  * sfc: Fix maximum number of TSO segments and minimum TX queue size
    - LP: #1037456
    - CVE-2012-3412
  * mm: Hold a file reference in madvise_remove
    - LP: #1042447
    - CVE-2012-3511
  * cred: copy_process() should clear child->replacement_session_keyring
    - LP: #1023535
    - CVE-2012-2745
 -- Luis Henriques <email address hidden> Fri, 07 Sep 2012 14:15:51 +0100

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (5.4 KiB)

This bug was fixed in the package linux-lts-backport-oneiric - 3.0.0-26.42~lucid1

---------------
linux-lts-backport-oneiric (3.0.0-26.42~lucid1) lucid-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1046423

  [ Upstream Kernel Changes ]

  * rds: set correct msg_namelen
    - LP: #1031112
    - CVE-2012-3430
  * x86: Simplify code by removing a !SMP #ifdefs from 'struct cpuinfo_x86'
    - LP: #1037281
  * Redefine ATOMIC_INIT and ATOMIC64_INIT to drop the casts
    - LP: #1037281
  * SUNRPC: return negative value in case rpcbind client creation error
    - LP: #1037281
  * nilfs2: fix deadlock issue between chcp and thaw ioctls
    - LP: #1037281
  * pcdp: use early_ioremap/early_iounmap to access pcdp table
    - LP: #1037281
  * mm: fix wrong argument of migrate_huge_pages() in
    soft_offline_huge_page()
    - LP: #1037281
  * ARM: 7478/1: errata: extend workaround for erratum #720789
    - LP: #1037281
  * ARM: 7479/1: mm: avoid NULL dereference when flushing gate_vma with
    VIVT caches
    - LP: #1037281
  * mm: mmu_notifier: fix freed page still mapped in secondary MMU
    - LP: #1037281
  * mac80211: cancel mesh path timer
    - LP: #1037281
  * x86, nops: Missing break resulting in incorrect selection on Intel
    - LP: #1037281
  * random: Add support for architectural random hooks
    - LP: #1037281
  * fix typo/thinko in get_random_bytes()
    - LP: #1037281
  * random: Use arch_get_random_int instead of cycle counter if avail
    - LP: #1037281
  * random: Use arch-specific RNG to initialize the entropy store
    - LP: #1037281
  * random: Adjust the number of loops when initializing
    - LP: #1037281
  * drivers/char/random.c: fix boot id uniqueness race
    - LP: #1037281
  * random: make 'add_interrupt_randomness()' do something sane
    - LP: #1037281
  * random: use lockless techniques in the interrupt path
    - LP: #1037281
  * random: create add_device_randomness() interface
    - LP: #1037281
  * usb: feed USB device information to the /dev/random driver
    - LP: #1037281
  * net: feed /dev/random with the MAC address when registering a device
    - LP: #1037281
  * random: use the arch-specific rng in xfer_secondary_pool
    - LP: #1037281
  * random: add new get_random_bytes_arch() function
    - LP: #1037281
  * random: add tracepoints for easier debugging and verification
    - LP: #1037281
  * MAINTAINERS: Theodore Ts'o is taking over the random driver
    - LP: #1037281
  * rtc: wm831x: Feed the write counter into device_add_randomness()
    - LP: #1037281
  * mfd: wm831x: Feed the device UUID into device_add_randomness()
    - LP: #1037281
  * random: remove rand_initialize_irq()
    - LP: #1037281
  * random: Add comment to random_initialize()
    - LP: #1037281
  * dmi: Feed DMI table to /dev/random driver
    - LP: #1037281
  * random: mix in architectural randomness in extract_buf()
    - LP: #1037281
  * x86, microcode: microcode_core.c simple_strtoul cleanup
    - LP: #1037281
  * x86, microcode: Sanitize per-cpu microcode reloading interface
    - LP: #1037281
  * mm: hugetlbfs: close race during teardown of hugetlbfs shared page
    tables
    - LP: #1037281
  * ARM: m...

Read more...

Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (5.5 KiB)

This bug was fixed in the package linux-ti-omap4 - 3.0.0-1216.28

---------------
linux-ti-omap4 (3.0.0-1216.28) oneiric-proposed; urgency=low

  * Release Tracking Bug
    - LP: #1046422

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.0.0-26.42

  [ Ubuntu: 3.0.0-26.42 ]

  * Release Tracking Bug
    - LP: #1045707
  * rds: set correct msg_namelen
    - LP: #1031112
    - CVE-2012-3430
  * x86: Simplify code by removing a !SMP #ifdefs from 'struct cpuinfo_x86'
    - LP: #1037281
  * Redefine ATOMIC_INIT and ATOMIC64_INIT to drop the casts
    - LP: #1037281
  * SUNRPC: return negative value in case rpcbind client creation error
    - LP: #1037281
  * nilfs2: fix deadlock issue between chcp and thaw ioctls
    - LP: #1037281
  * pcdp: use early_ioremap/early_iounmap to access pcdp table
    - LP: #1037281
  * mm: fix wrong argument of migrate_huge_pages() in
    soft_offline_huge_page()
    - LP: #1037281
  * ARM: 7478/1: errata: extend workaround for erratum #720789
    - LP: #1037281
  * ARM: 7479/1: mm: avoid NULL dereference when flushing gate_vma with
    VIVT caches
    - LP: #1037281
  * mm: mmu_notifier: fix freed page still mapped in secondary MMU
    - LP: #1037281
  * mac80211: cancel mesh path timer
    - LP: #1037281
  * x86, nops: Missing break resulting in incorrect selection on Intel
    - LP: #1037281
  * random: Add support for architectural random hooks
    - LP: #1037281
  * fix typo/thinko in get_random_bytes()
    - LP: #1037281
  * random: Use arch_get_random_int instead of cycle counter if avail
    - LP: #1037281
  * random: Use arch-specific RNG to initialize the entropy store
    - LP: #1037281
  * random: Adjust the number of loops when initializing
    - LP: #1037281
  * drivers/char/random.c: fix boot id uniqueness race
    - LP: #1037281
  * random: make 'add_interrupt_randomness()' do something sane
    - LP: #1037281
  * random: use lockless techniques in the interrupt path
    - LP: #1037281
  * random: create add_device_randomness() interface
    - LP: #1037281
  * usb: feed USB device information to the /dev/random driver
    - LP: #1037281
  * net: feed /dev/random with the MAC address when registering a device
    - LP: #1037281
  * random: use the arch-specific rng in xfer_secondary_pool
    - LP: #1037281
  * random: add new get_random_bytes_arch() function
    - LP: #1037281
  * random: add tracepoints for easier debugging and verification
    - LP: #1037281
  * MAINTAINERS: Theodore Ts'o is taking over the random driver
    - LP: #1037281
  * rtc: wm831x: Feed the write counter into device_add_randomness()
    - LP: #1037281
  * mfd: wm831x: Feed the device UUID into device_add_randomness()
    - LP: #1037281
  * random: remove rand_initialize_irq()
    - LP: #1037281
  * random: Add comment to random_initialize()
    - LP: #1037281
  * dmi: Feed DMI table to /dev/random driver
    - LP: #1037281
  * random: mix in architectural randomness in extract_buf()
    - LP: #1037281
  * x86, microcode: microcode_core.c simple_strtoul cleanup
    - LP: #1037281
  * x86, microcode: Sanitize per-cpu microcode reloading interface
    - LP: #1037281
  * mm: hugetlbfs: close race during teardown of hugetlbfs shared pa...

Read more...

Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (5.5 KiB)

This bug was fixed in the package linux - 3.2.0-31.50

---------------
linux (3.2.0-31.50) precise-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1047242

  [ Dave Airlie ]

  * SAUCE: drm/vmwgfx: add MODULE_DEVICE_TABLE so vmwgfx loads at boot
    - LP: #1039157

  [ Kamal Mostafa ]

  * SAUCE: input: Cypress PS/2 Trackpad move PSMOUSE_CYPRESS enum
    - LP: #1041594

linux (3.2.0-31.49) precise-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1046216

  [ Cypress Semiconductor Corporation ]

  * SAUCE: input: Cypress PS/2 Trackpad mouse driver
    - LP: #978807
  * SAUCE: input: Cypress PS/2 Trackpad link driver into psmouse-base
    - LP: #978807

  [ Ike Panhc ]

  * [Config] Enable CONFIG_DEVPTS_MULTIPLE_INSTANCES for highbank
    - LP: #1038259

  [ Kamal Mostafa ]

  * SAUCE: input: Cypress PS/2 Trackpad code style cleanup
    - LP: #978807
  * SAUCE: input: Cypress PS/2 Trackpad eliminate dead code
    - LP: #978807
  * SAUCE: input: Cypress PS/2 Trackpad fix no-config stubs
    - LP: #978807
  * SAUCE: input: Cypress PS/2 Trackpad set default debug_level=0
    - LP: #978807

  [ Stefan Bader ]

  * Revert "SAUCE: fix pv-ops for legacy Xen"
    - LP: #1044550
  * SAUCE: Force xsave off on older Xen hypervisors
    - LP: #1044550

  [ Tim Gardner ]

  * [Config] Add smsc{79}5xx to nic-usb-modules
    - LP: #1041397

  [ Upstream Kernel Changes ]

  * Revert "samsung-laptop: make the dmi check less strict"
    - LP: #1028151
  * rds: set correct msg_namelen
    - LP: #1031112
    - CVE-2012-3430
  * bnx2: Fix bug in bnx2_free_tx_skbs().
    - LP: #1039087
  * sch_sfb: Fix missing NULL check
    - LP: #1039087
  * sctp: Fix list corruption resulting from freeing an association on a
    list
    - LP: #1039087
  * caif: Fix access to freed pernet memory
    - LP: #1039087
  * cipso: don't follow a NULL pointer when setsockopt() is called
    - LP: #1039087
  * caif: fix NULL pointer check
    - LP: #1039087
  * wanmain: comparing array with NULL
    - LP: #1039087
  * tcp: Add TCP_USER_TIMEOUT negative value check
    - LP: #1039087
  * USB: kaweth.c: use GFP_ATOMIC under spin_lock
    - LP: #1039087
  * net: fix rtnetlink IFF_PROMISC and IFF_ALLMULTI handling
    - LP: #1039087
  * tcp: perform DMA to userspace only if there is a task waiting for it
    - LP: #1039087
  * net/tun: fix ioctl() based info leaks
    - LP: #1039087
  * e1000: add dropped DMA receive enable back in for WoL
    - LP: #1039087
  * rtlwifi: rtl8192cu: Change buffer allocation for synchronous reads
    - LP: #1039087
  * hfsplus: fix overflow in sector calculations in hfsplus_submit_bio
    - LP: #1039087
  * drm/i915: fixup seqno allocation logic for lazy_request
    - LP: #1039087
  * mac80211: cancel mesh path timer
    - LP: #1039087
  * ath9k: Add PID/VID support for AR1111
    - LP: #1039087
  * ARM: mxs: Remove MMAP_MIN_ADDR setting from mxs_defconfig
    - LP: #1039087
  * ALSA: hda - add dock support for Thinkpad T430s
    - LP: #1039087
  * cfg80211: process pending events when unregistering net device
    - LP: #1039087
  * rt61pci: fix NULL pointer dereference in config_lna_gain
    - LP: #...

Read more...

Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (5.4 KiB)

This bug was fixed in the package linux-ti-omap4 - 3.2.0-1419.26

---------------
linux-ti-omap4 (3.2.0-1419.26) precise-proposed; urgency=low

  * Release Tracking Bug
    - LP: #1047670

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.2.0-31.50

  [ Ubuntu: 3.2.0-31.50 ]

  * Release Tracking Bug
    - LP: #1047242
  * SAUCE: drm/vmwgfx: add MODULE_DEVICE_TABLE so vmwgfx loads at boot
    - LP: #1039157
  * SAUCE: input: Cypress PS/2 Trackpad move PSMOUSE_CYPRESS enum
    - LP: #1041594

  [ Ubuntu: 3.2.0-31.49 ]

  * Release Tracking Bug
    - LP: #1046216
  * SAUCE: input: Cypress PS/2 Trackpad mouse driver
    - LP: #978807
  * SAUCE: input: Cypress PS/2 Trackpad link driver into psmouse-base
    - LP: #978807
  * [Config] Enable CONFIG_DEVPTS_MULTIPLE_INSTANCES for highbank
    - LP: #1038259
  * SAUCE: input: Cypress PS/2 Trackpad code style cleanup
    - LP: #978807
  * SAUCE: input: Cypress PS/2 Trackpad eliminate dead code
    - LP: #978807
  * SAUCE: input: Cypress PS/2 Trackpad fix no-config stubs
    - LP: #978807
  * SAUCE: input: Cypress PS/2 Trackpad set default debug_level=0
    - LP: #978807
  * Revert "SAUCE: fix pv-ops for legacy Xen"
    - LP: #1044550
  * SAUCE: Force xsave off on older Xen hypervisors
    - LP: #1044550
  * [Config] Add smsc{79}5xx to nic-usb-modules
    - LP: #1041397
  * Revert "samsung-laptop: make the dmi check less strict"
    - LP: #1028151
  * rds: set correct msg_namelen
    - LP: #1031112
    - CVE-2012-3430
  * bnx2: Fix bug in bnx2_free_tx_skbs().
    - LP: #1039087
  * sch_sfb: Fix missing NULL check
    - LP: #1039087
  * sctp: Fix list corruption resulting from freeing an association on a
    list
    - LP: #1039087
  * caif: Fix access to freed pernet memory
    - LP: #1039087
  * cipso: don't follow a NULL pointer when setsockopt() is called
    - LP: #1039087
  * caif: fix NULL pointer check
    - LP: #1039087
  * wanmain: comparing array with NULL
    - LP: #1039087
  * tcp: Add TCP_USER_TIMEOUT negative value check
    - LP: #1039087
  * USB: kaweth.c: use GFP_ATOMIC under spin_lock
    - LP: #1039087
  * net: fix rtnetlink IFF_PROMISC and IFF_ALLMULTI handling
    - LP: #1039087
  * tcp: perform DMA to userspace only if there is a task waiting for it
    - LP: #1039087
  * net/tun: fix ioctl() based info leaks
    - LP: #1039087
  * e1000: add dropped DMA receive enable back in for WoL
    - LP: #1039087
  * rtlwifi: rtl8192cu: Change buffer allocation for synchronous reads
    - LP: #1039087
  * hfsplus: fix overflow in sector calculations in hfsplus_submit_bio
    - LP: #1039087
  * drm/i915: fixup seqno allocation logic for lazy_request
    - LP: #1039087
  * mac80211: cancel mesh path timer
    - LP: #1039087
  * ath9k: Add PID/VID support for AR1111
    - LP: #1039087
  * ARM: mxs: Remove MMAP_MIN_ADDR setting from mxs_defconfig
    - LP: #1039087
  * ALSA: hda - add dock support for Thinkpad T430s
    - LP: #1039087
  * cfg80211: process pending events when unregistering net device
    - LP: #1039087
  * rt61pci: fix NULL pointer dereference in config_lna_gain
    - LP: #1039087
  * iwlwifi: disable greenfield transmissions as a workaround
    - LP: #1039087
  * ALSA: hda - add doc...

Read more...

Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ti-omap4 - 2.6.38-1209.26

---------------
linux-ti-omap4 (2.6.38-1209.26) natty-proposed; urgency=low

  * Release Tracking Bug
    - LP: #1047347

  [ Upstream Kernel Changes ]

  * rds: set correct msg_namelen
    - LP: #1031112
    - CVE-2012-3340
  * KVM: unmap pages from the iommu when slots are removed
    - LP: #987569
    - CVE-2012-2121
  * net: Allow driver to limit number of GSO segments per skb
    - LP: #1037456
    - CVE-2012-3412
  * tcp: do not scale TSO segment size with reordering degree
    - LP: #1037456
    - CVE-2012-3412
  * tcp: Apply device TSO segment limit earlier
    - LP: #1037456
    - CVE-2012-3412
  * sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE
    - LP: #1037456
    - CVE-2012-3412
  * sfc: Fix maximum number of TSO segments and minimum TX queue size
    - LP: #1037456
    - CVE-2012-3412
  * mm: Hold a file reference in madvise_remove
    - LP: #1042447
    - CVE-2012-3511
 -- Paolo Pisati <email address hidden> Wed, 12 Sep 2012 16:34:28 +0200

Changed in linux-ti-omap4 (Ubuntu Natty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers