Ubuntu

CVE-2011-2723

Reported by Kees Cook on 2011-09-07
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Andy Whitcroft
Natty
Medium
Andy Whitcroft
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
linux-ec2 (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Unassigned
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
linux-fsl-imx51 (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Andy Whitcroft
Maverick
Medium
Unassigned
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
linux-lts-backport-maverick (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Unassigned
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
linux-lts-backport-natty (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Unassigned
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Unassigned
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
linux-mvl-dove (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Unassigned
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
linux-ti-omap4 (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Andy Whitcroft
Natty
Medium
Andy Whitcroft
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned

Bug Description

The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic.

Break-Fix: 86911732d3996a9da07914b280621450111bb6da 17dd759c67f21e34f2156abcf415e1f60605a188

Kees Cook (kees) wrote :

CVE-2011-2723

tags: added: kernel-cve-tracking-bug
security vulnerability: no → yes
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Maverick):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
description: updated
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Maverick):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance: Undecided → Medium
Andy Whitcroft (apw) on 2011-09-13
Changed in linux (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Natty):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Changed in linux (Ubuntu Natty):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Changed in linux (Ubuntu Maverick):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → In Progress
Andy Whitcroft (apw) on 2011-09-13
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → In Progress
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-fsl-imx51 (Ubuntu Lucid):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → In Progress
status: In Progress → Fix Committed
Changed in linux-mvl-dove (Ubuntu Maverick):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Maverick):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Andy Whitcroft (apw) on 2011-09-13
Changed in linux (Ubuntu Hardy):
status: New → Invalid
Tim Gardner (timg-tpi) on 2011-09-13
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Natty):
status: In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Natty):
status: In Progress → Fix Committed
Kees Cook (kees) on 2011-09-13
Changed in linux-mvl-dove (Ubuntu Lucid):
status: Fix Committed → Fix Released
description: updated
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in linux-mvl-dove (Ubuntu Maverick):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-backport-maverick - 2.6.35-30.60~lucid1

---------------
linux-lts-backport-maverick (2.6.35-30.60~lucid1) lucid-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #854430

  [ Stefan Bader ]

  * [Config] Force perf to use libiberty for demangling
    - LP: #783660

  [ Tim Gardner ]

  * [Config] Simplify binary-udebs dependencies
  * [Config] kernel preparation cannot be parallelized
  * [Config] Linearize module/abi checks
  * [Config] Linearize and simplify tree preparation rules
  * [Config] Build kernel image in parallel with modules
  * [Config] Set concurrency for kmake invocations
  * [Config] Improve install-arch-headers speed
  * [Config] Fix binary-perarch dependencies
  * [Config] Removed stamp-flavours target
  * [Config] Serialize binary indep targets
  * [Config] Use build stamp directly
  * [Config] Restore prepare-% target
  * [Config] Fix binary-% build target

  [ Upstream Kernel Changes ]

  * Add mount option to check uid of device being mounted = expect uid,
    CVE-2011-1833
    - LP: #732628
    - CVE-2011-1833
  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918
  * cifs: fix possible memory corruption in CIFSFindNext, CVE-2011-3191
    - LP: #834135
    - CVE-2011-3191
  * befs: Validate length of long symbolic links, CVE-2011-2928
    - LP: #834124
    - CVE-2011-2928
  * gro: Only reset frag0 when skb can be pulled, CVE-2011-2723
    - LP: #844371
    - CVE-2011-2723
  * Validate size of EFI GUID partition entries, CVE-2011-1776
    - LP: #844365
    - CVE-2011-1776
  * inet_diag: fix inet_diag_bc_audit(), CVE-2011-2213
    - LP: #838421
    - CVE-2011-2213
  * si4713-i2c: avoid potential buffer overflow on si4713, CVE-2011-2700
    - LP: #844370
    - CVE-2011-2700
  * Bluetooth: Prevent buffer overflow in l2cap config request,
    CVE-2011-2497
    - LP: #838423
    - CVE-2011-2497
  * core: Fix memory leak/corruption on VLAN GRO_DROP, CVE-2011-1576
    - LP: #844361
    - CVE-2011-1576

linux (2.6.35-30.59) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #837449

  [ Upstream Kernel Changes ]

  * Revert "drm/nv50-nvc0: work around an evo channel hang that some people
    see"
  * Revert "eCryptfs: Handle failed metadata read in lookup"
 -- Herton Ronaldo Krzesinski <email address hidden> Tue, 20 Sep 2011 11:03:51 -0300

Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ti-omap4 - 2.6.35-903.25

---------------
linux-ti-omap4 (2.6.35-903.25) maverick-proposed; urgency=low

  [ Ming Lei ]

  * SAUCE: usb: ehci: make HC see up-to-date qh/qtd descriptor ASAP
    - LP: #709245

  [ Upstream Kernel Changes ]

  * cifs: fix possible memory corruption in CIFSFindNext, CVE-2011-3191
    - LP: #834135
    - CVE-2011-3191
  * befs: Validate length of long symbolic links, CVE-2011-2928
    - LP: #834124
    - CVE-2011-2928
  * gro: Only reset frag0 when skb can be pulled, CVE-2011-2723
    - LP: #844371
    - CVE-2011-2723
  * Validate size of EFI GUID partition entries, CVE-2011-1776
    - LP: #844365
    - CVE-2011-1776
  * inet_diag: fix inet_diag_bc_audit(), CVE-2011-2213
    - LP: #838421
    - CVE-2011-2213
  * si4713-i2c: avoid potential buffer overflow on si4713, CVE-2011-2700
    - LP: #844370
    - CVE-2011-2700
  * Bluetooth: Prevent buffer overflow in l2cap config request,
    CVE-2011-2497
    - LP: #838423
    - CVE-2011-2497
  * core: Fix memory leak/corruption on VLAN GRO_DROP, CVE-2011-1576
    - LP: #844361
    - CVE-2011-1576
  * crypto: Move md5_transform to lib/md5.c, CVE-2011-3188
    - LP: #834129
    - CVE-2011-3188
  * net: Compute protocol sequence numbers and fragment IDs using MD5,
    CVE-2011-3188
    - LP: #834129
    - CVE-2011-3188
 -- Paolo Pisati <email address hidden> Tue, 20 Sep 2011 19:12:28 +0200

Changed in linux-ti-omap4 (Ubuntu Maverick):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.35-30.60

---------------
linux (2.6.35-30.60) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #854092

  [ Stefan Bader ]

  * [Config] Force perf to use libiberty for demangling
    - LP: #783660

  [ Tim Gardner ]

  * [Config] Simplify binary-udebs dependencies
  * [Config] kernel preparation cannot be parallelized
  * [Config] Linearize module/abi checks
  * [Config] Linearize and simplify tree preparation rules
  * [Config] Build kernel image in parallel with modules
  * [Config] Set concurrency for kmake invocations
  * [Config] Improve install-arch-headers speed
  * [Config] Fix binary-perarch dependencies
  * [Config] Removed stamp-flavours target
  * [Config] Serialize binary indep targets
  * [Config] Use build stamp directly
  * [Config] Restore prepare-% target
  * [Config] Fix binary-% build target

  [ Upstream Kernel Changes ]

  * Add mount option to check uid of device being mounted = expect uid,
    CVE-2011-1833
    - LP: #732628
    - CVE-2011-1833
  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918
  * cifs: fix possible memory corruption in CIFSFindNext, CVE-2011-3191
    - LP: #834135
    - CVE-2011-3191
  * befs: Validate length of long symbolic links, CVE-2011-2928
    - LP: #834124
    - CVE-2011-2928
  * gro: Only reset frag0 when skb can be pulled, CVE-2011-2723
    - LP: #844371
    - CVE-2011-2723
  * Validate size of EFI GUID partition entries, CVE-2011-1776
    - LP: #844365
    - CVE-2011-1776
  * inet_diag: fix inet_diag_bc_audit(), CVE-2011-2213
    - LP: #838421
    - CVE-2011-2213
  * si4713-i2c: avoid potential buffer overflow on si4713, CVE-2011-2700
    - LP: #844370
    - CVE-2011-2700
  * Bluetooth: Prevent buffer overflow in l2cap config request,
    CVE-2011-2497
    - LP: #838423
    - CVE-2011-2497
  * core: Fix memory leak/corruption on VLAN GRO_DROP, CVE-2011-1576
    - LP: #844361
    - CVE-2011-1576
 -- Herton Ronaldo Krzesinski <email address hidden> Mon, 19 Sep 2011 15:10:43 -0300

Changed in linux (Ubuntu Maverick):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ti-omap4 - 2.6.38-1209.16

---------------
linux-ti-omap4 (2.6.38-1209.16) natty-proposed; urgency=low

  * Release tracking bug
    - LP: #862554

  [ Ming Lei ]

  * SAUCE: usb: ehci: make HC see up-to-date qh/qtd descriptor ASAP
    - LP: #709245

  [ Upstream Kernel Changes ]

  * cifs: fix possible memory corruption in CIFSFindNext, CVE-2011-3191
    - LP: #834135
    - CVE-2011-3191
  * befs: Validate length of long symbolic links, CVE-2011-2928
    - LP: #834124
    - CVE-2011-2928
  * gro: Only reset frag0 when skb can be pulled, CVE-2011-2723
    - LP: #844371
    - CVE-2011-2723
  * Validate size of EFI GUID partition entries, CVE-2011-1776
    - LP: #844365
    - CVE-2011-1776
  * inet_diag: fix inet_diag_bc_audit(), CVE-2011-2213
    - LP: #838421
    - CVE-2011-2213
  * si4713-i2c: avoid potential buffer overflow on si4713, CVE-2011-2700
    - LP: #844370
    - CVE-2011-2700
  * Bluetooth: Prevent buffer overflow in l2cap config request,
    CVE-2011-2497
    - LP: #838423
    - CVE-2011-2497
  * crypto: Move md5_transform to lib/md5.c, CVE-2011-3188
    - LP: #834129
    - CVE-2011-3188
  * net: Compute protocol sequence numbers and fragment IDs using MD5,
    CVE-2011-3188
    - LP: #834129
    - CVE-2011-3188
  * ext4: Fix max file size and logical block counting of extent format
    file, CVE-2011-2695
    - LP: #819574
    - CVE-2011-2695
 -- Paolo Pisati <email address hidden> Fri, 30 Sep 2011 12:12:00 +0200

Changed in linux-ti-omap4 (Ubuntu Natty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.38-12.51

---------------
linux (2.6.38-12.51) natty-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #860832

  [ Alex Bligh ]

  * SAUCE: net/netfilter/nf_conntrack_netlink.c: fix Oops on container
    destroy
    - LP: #843892

  [ Jesse Sung ]

  * SAUCE: Unregister input device only if it is registered
    - LP: #839238

  [ Leann Ogasawara ]

  * SAUCE: x86: reboot: Make Dell Latitude E6220 use reboot=pci
    - LP: #838402
  * SAUCE: x86: reboot: Make Dell Latitude E6520 use reboot=pci
    - LP: #833705

  [ Ming Lei ]

  * SAUCE: fireware: add NO_MSI quirks for o2micro controller
    - LP: #801719

  [ Stefan Bader ]

  * [Config] Include all filesystem modules for virtual
    - LP: #761809

  [ Tim Gardner ]

  * [Config] kernel preparation cannot be parallelized
  * [Config] Linearize module/abi checks
  * [Config] Linearize and simplify tree preparation rules
  * [Config] Build kernel image in parallel with modules
  * [Config] Set concurrency for kmake invocations
  * [Config] Improve install-arch-headers speed
  * [Config] Fix binary-perarch dependencies
  * [Config] Removed stamp-flavours target
  * [Config] Serialize binary indep targets
  * [Config] Use build stamp directly
  * [Config] Restore prepare-% target
  * [Config] Fix binary-% build target

  [ Upstream Kernel Changes ]

  * Revert "drm/i915: disable PCH ports if needed when disabling a CRTC"
    - LP: #814325, #838181
  * drm/i915: restore only the mode of this driver on lastclose (v2)
    - LP: #848687
  * cifs: fix possible memory corruption in CIFSFindNext, CVE-2011-3191
    - LP: #834135
    - CVE-2011-3191
  * befs: Validate length of long symbolic links, CVE-2011-2928
    - LP: #834124
    - CVE-2011-2928
  * gro: Only reset frag0 when skb can be pulled, CVE-2011-2723
    - LP: #844371
    - CVE-2011-2723
  * inet_diag: fix inet_diag_bc_audit(), CVE-2011-2213
    - LP: #838421
    - CVE-2011-2213
  * si4713-i2c: avoid potential buffer overflow on si4713, CVE-2011-2700
    - LP: #844370
    - CVE-2011-2700
  * Bluetooth: Prevent buffer overflow in l2cap config request,
    CVE-2011-2497
    - LP: #838423
    - CVE-2011-2497
  * crypto: Move md5_transform to lib/md5.c, CVE-2011-3188
    - LP: #834129
    - CVE-2011-3188
  * net: Compute protocol sequence numbers and fragment IDs using MD5,
    CVE-2011-3188
    - LP: #834129
    - CVE-2011-3188
  * x86, intel, power: Initialize MSR_IA32_ENERGY_PERF_BIAS
    - LP: #760131
  * x86, intel, power: Correct the MSR_IA32_ENERGY_PERF_BIAS message
    - LP: #760131
  * rt2x00: Serialize TX operations on a queue.
    - LP: #855239
  * ext4: Fix max file size and logical block counting of extent format
    file, CVE-2011-2695
    - LP: #819574
    - CVE-2011-2695
 -- Herton Ronaldo Krzesinski <email address hidden> Tue, 27 Sep 2011 16:19:57 -0300

Changed in linux (Ubuntu Natty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (3.2 KiB)

This bug was fixed in the package linux-lts-backport-natty - 2.6.38-12.51~lucid1

---------------
linux-lts-backport-natty (2.6.38-12.51~lucid1) lucid-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #862556

  [ Alex Bligh ]

  * SAUCE: net/netfilter/nf_conntrack_netlink.c: fix Oops on container
    destroy
    - LP: #843892

  [ Jesse Sung ]

  * SAUCE: Unregister input device only if it is registered
    - LP: #839238

  [ Leann Ogasawara ]

  * SAUCE: x86: reboot: Make Dell Latitude E6220 use reboot=pci
    - LP: #838402
  * SAUCE: x86: reboot: Make Dell Latitude E6520 use reboot=pci
    - LP: #833705

  [ Ming Lei ]

  * SAUCE: fireware: add NO_MSI quirks for o2micro controller
    - LP: #801719

  [ Stefan Bader ]

  * [Config] Include all filesystem modules for virtual
    - LP: #761809

  [ Tim Gardner ]

  * [Config] kernel preparation cannot be parallelized
  * [Config] Linearize module/abi checks
  * [Config] Linearize and simplify tree preparation rules
  * [Config] Build kernel image in parallel with modules
  * [Config] Set concurrency for kmake invocations
  * [Config] Improve install-arch-headers speed
  * [Config] Fix binary-perarch dependencies
  * [Config] Removed stamp-flavours target
  * [Config] Serialize binary indep targets
  * [Config] Use build stamp directly
  * [Config] Restore prepare-% target
  * [Config] Fix binary-% build target

  [ Upstream Kernel Changes ]

  * Revert "drm/i915: disable PCH ports if needed when disabling a CRTC"
    - LP: #814325, #838181
  * drm/i915: restore only the mode of this driver on lastclose (v2)
    - LP: #848687
  * cifs: fix possible memory corruption in CIFSFindNext, CVE-2011-3191
    - LP: #834135
    - CVE-2011-3191
  * befs: Validate length of long symbolic links, CVE-2011-2928
    - LP: #834124
    - CVE-2011-2928
  * gro: Only reset frag0 when skb can be pulled, CVE-2011-2723
    - LP: #844371
    - CVE-2011-2723
  * inet_diag: fix inet_diag_bc_audit(), CVE-2011-2213
    - LP: #838421
    - CVE-2011-2213
  * si4713-i2c: avoid potential buffer overflow on si4713, CVE-2011-2700
    - LP: #844370
    - CVE-2011-2700
  * Bluetooth: Prevent buffer overflow in l2cap config request,
    CVE-2011-2497
    - LP: #838423
    - CVE-2011-2497
  * crypto: Move md5_transform to lib/md5.c, CVE-2011-3188
    - LP: #834129
    - CVE-2011-3188
  * net: Compute protocol sequence numbers and fragment IDs using MD5,
    CVE-2011-3188
    - LP: #834129
    - CVE-2011-3188
  * x86, intel, power: Initialize MSR_IA32_ENERGY_PERF_BIAS
    - LP: #760131
  * x86, intel, power: Correct the MSR_IA32_ENERGY_PERF_BIAS message
    - LP: #760131
  * rt2x00: Serialize TX operations on a queue.
    - LP: #855239
  * ext4: Fix max file size and logical block counting of extent format
    file, CVE-2011-2695
    - LP: #819574
    - CVE-2011-2695

linux (2.6.38-11.50) natty-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #848246

  [ Upstream Kernel Changes ]

  * Revert "eCryptfs: Handle failed metadata read in lookup"
  * Revert "KVM: fix kvmclock regression due to missing clock update"
  * Revert "ath9k: use split rx buffers to get rid of...

Read more...

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-fsl-imx51 - 2.6.31-611.29

---------------
linux-fsl-imx51 (2.6.31-611.29) lucid-proposed; urgency=low

  * Release tracking bug
    - LP: #873059

  [ Upstream Kernel Changes ]

  * cifs: fix possible memory corruption in CIFSFindNext, CVE-2011-3191
    - LP: #834135
    - CVE-2011-3191
  * befs: Validate length of long symbolic links, CVE-2011-2928
    - LP: #834124
    - CVE-2011-2928
  * gro: Only reset frag0 when skb can be pulled, CVE-2011-2723
    - LP: #844371
    - CVE-2011-2723
  * Validate size of EFI GUID partition entries, CVE-2011-1776
    - LP: #844365
    - CVE-2011-1776
  * inet_diag: fix inet_diag_bc_audit(), CVE-2011-2213
    - LP: #838421
    - CVE-2011-2213
  * Bluetooth: Prevent buffer overflow in l2cap config request,
    CVE-2011-2497
    - LP: #838423
    - CVE-2011-2497
  * core: Fix memory leak/corruption on VLAN GRO_DROP, CVE-2011-1576
    - LP: #844361
    - CVE-2011-1576
  * crypto: Move md5_transform to lib/md5.c, CVE-2011-3188
    - LP: #827462, #834129
    - CVE-2011-3188
  * net: Compute protocol sequence numbers and fragment IDs using MD5,
    CVE-2011-3188
    - LP: #827462, #834129
    - CVE-2011-3188
  * ext4: correctly calculate number of blocks for fiemap, CVE-2011-2695
    - LP: #474597, #583414, #819574
    - CVE-2011-2695
  * ext4: Fix max file size and logical block counting of extent format
    file, CVE-2011-2695
    - LP: #819574
    - CVE-2011-2695
  * cifs: always do is_path_accessible check in cifs_mount, CVE-2011-3363
    - LP: #866034
    - CVE-2011-3363
  * cifs: add fallback in is_path_accessible for old servers, CVE-2011-3363
    - LP: #866034
    - CVE-2011-3363
  * Make TASKSTATS require root access, CVE-2011-2494
    - LP: #866021
    - CVE-2011-2494
  * proc: restrict access to /proc/PID/io, CVE-2011-2495
    - LP: #866025
    - CVE-2011-2495
  * proc: fix a race in do_io_accounting(), CVE-2011-2495
    - LP: #866025
    - CVE-2011-2495
  * staging: comedi: fix infoleak to userspace, CVE-2011-2909
    - LP: #869261
    - CVE-2011-2909
  * sctp: fix to calc the INIT/INIT-ACK chunk length correctly is set,
    CVE-2011-1573
    - LP: #869205
    - CVE-2011-1573
  * perf tools: do not look at ./config for configuration, CVE-2011-2905
    - LP: #869259
    - CVE-2011-2905
  * net_sched: Fix qdisc_notify() - CVE-2011-2525
    - LP: #869250
    - CVE-2011-2525
  * nl80211: fix overflow in ssid_len - CVE-2011-2517
    - LP: #869245
    - CVE-2011-2517
  * mm: avoid wrapping vm_pgoff in mremap() - CVE-2011-2496
    - LP: #869243
    - CVE-2011-2496
  * vm: fix vm_pgoff wrap in stack expansion - CVE-2011-2496
    - LP: #869243
    - CVE-2011-2496
  * vm: fix vm_pgoff wrap in upward expansion - CVE-2011-2496
    - LP: #869243
    - CVE-2011-2496
 -- Paolo Pisati <email address hidden> Thu, 13 Oct 2011 12:19:09 +0200

Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Maverick):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status: New → Invalid
importance: Undecided → Medium
Paolo Pisati (p-pisati) on 2011-12-21
Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Oneiric):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers