This bug was fixed in the package linux - 2.6.32-27.49 --------------- linux (2.6.32-27.49) lucid-proposed; urgency=low [ Leann Ogasawara ] - LP: #683425 * Revert "SAUCE: AF_ECONET prevent kernel stack overflow" * Revert "SAUCE: AF_ECONET SIOCSIFADDR ioctl does not check privileges" * Revert "SAUCE: AF_ECONET saddr->cookie prevent NULL pointer dereference" [ Tim Gardner ] * [Config] Added be2net, be2scsi to udebs - LP: #628776 * [Config] Use correct be2iscsi module name in d-i/modules/scsi-modules - LP: #628776 [ Upstream Kernel Changes ] * Revert "(pre-stable) ACPI: enable repeated PCIEXP wakeup by clearing PCIEXP_WAKE_STS on resume" * Revert "mm: (pre-stable) Move vma_stack_continue into mm.h" * x86, cpu: After uncapping CPUID, re-run CPU feature detection - LP: #668380 * ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory - LP: #668380 * ALSA: oxygen: fix analog capture on Claro halo cards - LP: #668380 * ALSA: hda - Add Dell Latitude E6400 model quirk - LP: #643891, #668380 * ALSA: rawmidi: fix oops (use after free) when unloading a driver module - LP: #668380 * USB: fix bug in initialization of interface minor numbers - LP: #668380 * usb: musb: gadget: fix kernel panic if using out ep with FIFO_TXRX style - LP: #668380 * usb: musb: gadget: restart request on clearing endpoint halt - LP: #668380 * oprofile: Add Support for Intel CPU Family 6 / Model 29 - LP: #668380 * RDMA/cxgb3: Turn off RX coalescing for iWARP connections - LP: #668380 * mmc: sdhci-s3c: fix NULL ptr access in sdhci_s3c_remove - LP: #668380 * x86/amd-iommu: Set iommu configuration flags in enable-loop - LP: #668380 * x86/amd-iommu: Fix rounding-bug in __unmap_single - LP: #668380 * x86/amd-iommu: Work around S3 BIOS bug - LP: #668380 * tracing/x86: Don't use mcount in pvclock.c - LP: #668380 * tracing/x86: Don't use mcount in kvmclock.c - LP: #668380 * v4l1: fix 32-bit compat microcode loading translation - LP: #668380 * V4L/DVB: cx231xx: Avoid an OOPS when card is unknown (card=0) - LP: #668380 * V4L/DVB (13966): DVB-T regression fix for saa7134 cards - LP: #668380 * Input: joydev - fix JSIOCSAXMAP ioctl - LP: #668380 * x86, hpet: Fix bogus error check in hpet_assign_irq() - LP: #668380 * x86, irq: Plug memory leak in sparse irq - LP: #668380 * ubd: fix incorrect sector handling during request restart - LP: #668380 * ring-buffer: Fix typo of time extends per page - LP: #668380 * dmaengine: fix interrupt clearing for mv_xor - LP: #668380 * hrtimer: Preserve timer state in remove_hrtimer() - LP: #668380 * i2c-pca: Fix waitforcompletion() return value - LP: #668380 * wext: fix potential private ioctl memory content leak - LP: #668380 * atl1: fix resume - LP: #668380 * x86, AMD, MCE thresholding: Fix the MCi_MISCj iteration order - LP: #668380 * De-pessimize rds_page_copy_user - LP: #668380 * xfrm4: strip ECN and IP Precedence bits in policy lookup - LP: #668380 * tcp: Fix >4GB writes on 64-bit. - LP: #668380 * net: Fix the condition passed to sk_wait_event() - LP: #668380 * Phonet: Correct header retrieval after pskb_may_pull - LP: #668380 * net: Fix IPv6 PMTU disc. w/ asymmetric routes - LP: #668380 * ip: fix truesize mismatch in ip fragmentation - LP: #668380 * net: clear heap allocations for privileged ethtool actions - LP: #668380 * tcp: Fix race in tcp_poll - LP: #668380 * netxen: dont set skb->truesize - LP: #668380 * net: blackhole route should always be recalculated - LP: #668380 * skge: add quirk to limit DMA - LP: #668380 * r8169: allocate with GFP_KERNEL flag when able to sleep - LP: #668380 * bsg: fix incorrect device_status value - LP: #668380 * r6040: fix r6040_multicast_list - LP: #668380 * r6040: Fix multicast list iteration when hash filter is used - LP: #668380 * powerpc: Initialise paca->kstack before early_setup_secondary - LP: #668380 * powerpc: Don't use kernel stack with translation off - LP: #668380 * b44: fix carrier detection on bind - LP: #668380 * ACPI: enable repeated PCIEXP wakeup by clearing PCIEXP_WAKE_STS on resume - LP: #613381, #668380 * intel_idle: PCI quirk to prevent Lenovo Ideapad s10-3 boot hang - LP: #668380 * ACPI: EC: add Vista incompatibility DMI entry for Toshiba Satellite L355 - LP: #668380 * ACPI: delete ZEPTO idle=nomwait DMI quirk - LP: #668380 * ACPI: Disable Windows Vista compatibility for Toshiba P305D - LP: #668380 * x86: detect scattered cpuid features earlier - LP: #668380 * fix 2.6.32.23 suspend regression caused by commit 6f6198a - LP: #668380 * setup_arg_pages: diagnose excessive argument size - LP: #668380 * execve: improve interactivity with large arguments - LP: #668380 * execve: make responsive to SIGKILL with large arguments - LP: #668380 * Phonet: disable network namespace support - LP: #668380 * mm: Move vma_stack_continue into mm.h - LP: #668380 * Linux 2.6.32.25 - LP: #668380 * xfs: validate untrusted inode numbers during lookup - CVE-2010-2943 * xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED - CVE-2010-2943 * xfs: remove block number from inode lookup code - CVE-2010-2943 * xfs: fix untrusted inode number lookup - CVE-2010-2943 * drm/i915: Sanity check pread/pwrite - CVE-2010-2962 * drm/i915: Rephrase pwrite bounds checking to avoid any potential overflow - CVE-2010-2962 * net: clear heap allocation for ETHTOOL_GRXCLSRLALL - CVE-2010-3861 * ipc: shm: fix information leak to userland - CVE-2010-4072 * staging: usbip: Notify usb core of port status changes - LP: #681132 * staging: usbip: Process event flags without delay - LP: #681132 * powerpc/perf: Fix sampling enable for PPC970 - LP: #681132 * pcmcia: synclink_cs: fix information leak to userland - LP: #681132 * sched: Fix string comparison in /proc/sched_features - LP: #681132 * bluetooth: Fix missing NULL check - LP: #681132 * futex: Fix errors in nested key ref-counting - LP: #681132 * mm, x86: Saving vmcore with non-lazy freeing of vmas - LP: #681132 * x86, cpu: Fix renamed, not-yet-shipping AMD CPUID feature bit - LP: #681132 * x86, kexec: Make sure to stop all CPUs before exiting the kernel - LP: #681132 * x86, olpc: Don't retry EC commands forever - LP: #681132 * x86, mtrr: Assume SYS_CFG[Tom2ForceMemTypeWB] exists on all future AMD CPUs - LP: #681132 * x86, intr-remap: Set redirection hint in the IRTE - LP: #681132 * x86, kdump: Change copy_oldmem_page() to use cached addressing - LP: #681132 * KVM: SVM: Fix wrong intercept masks on 32 bit - LP: #681132 * KVM: MMU: fix direct sps access corrupted - LP: #681132 * KVM: MMU: fix conflict access permissions in direct sp - LP: #681132 * KVM: VMX: Fix host GDT.LIMIT corruption - LP: #681132 * KVM: SVM: Adjust tsc_offset only if tsc_unstable - LP: #681132 * KVM: x86: Fix SVM VMCB reset - LP: #681132 * KVM: x86: Move TSC reset out of vmcb_init - LP: #681132 * KVM: Fix fs/gs reload oops with invalid ldt - LP: #681132 * KVM: Correct ordering of ldt reload wrt fs/gs reload * KVM: VMX: Fix host userspace gsbase corruption * pipe: fix failure to return error code on ->confirm() - LP: #681132 * p54usb: fix off-by-one on !CONFIG_PM - LP: #681132 * p54usb: add five more USBIDs - LP: #681132 * drivers/net/wireless/p54/eeprom.c: Return -ENOMEM on memory allocation failure - LP: #681132 * USB: ftdi_sio: Add PID for accesio products - LP: #681132 * USB: add PID for FTDI based OpenDCC hardware - LP: #681132 * USB: ftdi_sio: new VID/PIDs for various Papouch devices - LP: #681132 * USB: ftdi_sio: add device ids for ScienceScope - LP: #681132 * usb: musb: blackfin: call gpio_free() on error path in musb_platform_init() - LP: #681132 * USB: option: Add more ZTE modem USB id's - LP: #681132 * USB: cp210x: Add Renesas RX-Stick device ID - LP: #681132 * USB: cp210x: Add WAGO 750-923 Service Cable device ID - LP: #681132 * USB: atmel_usba_udc: force vbus_pin at -EINVAL when gpio_request failled - LP: #681132 * USB: disable endpoints after unbinding interfaces, not before - LP: #681132 * USB: opticon: Fix long-standing bugs in opticon driver - LP: #681132 * USB: accept some invalid ep0-maxpacket values - LP: #681132 * sd name space exhaustion causes system hang - LP: #681132 * libsas: fix NCQ mixing with non-NCQ - LP: #681132 * gdth: integer overflow in ioctl - LP: #681132 * Fix race when removing SCSI devices - LP: #681132 * Fix regressions in scsi_internal_device_block - LP: #681132 * sgi-xp: incoming XPC channel messages can come in after the channel's partition structures have been torn down - LP: #681132 * Linux 2.6.32.26 - LP: #681132 * drm/radeon: fix PCI ID 5657 to be an RV410 - LP: #683257 * Linux 2.6.32.26+drm33.12 - LP: #683257 * econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849 - CVE-2010-3849 * econet: fix CVE-2010-3850 - CVE-2010-3850 * econet: fix CVE-2010-3848 - CVE-2010-3848 -- Leann Ogasawara