CVE-2011-2022

This bug was fixed in the package linux - 2.6.35-30.54

---------------
linux (2.6.35-30.54) maverick-proposed; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #794114

  [ Upstream Kernel Changes ]

  * Revert "xhci: Fix full speed bInterval encoding."
  * Revert "USB: xhci - also free streams when resetting devices"
  * Revert "USB: xhci - fix math in xhci_get_endpoint_interval()"
  * Revert "USB: xhci - fix unsafe macro definitions"

linux (2.6.35-30.53) maverick-proposed; urgency=low

  [ Upstream Kernel Changes ]

  * xhci: Fix full speed bInterval encoding.
    - LP: #792959

linux (2.6.35-30.52) maverick-proposed; urgency=low

  [ Herton R. Krzesinski ]

  * Release Tracking Bug
    - LP: #790653

  [ Stefan Bader ]

  * Include nls_iso8859-1 for virtual images
    - LP: #732046

  [ Thomas Schlichter ]

  * SAUCE: vesafb: mtrr module parameter is uint, not bool
    - LP: #778043

  [ Tim Gardner ]

  * [Config] Add cachefiles.ko to virtual flavour
    - LP: #770430

  [ Upstream Kernel Changes ]

  * Revert "intel_idle: PCI quirk to prevent Lenovo Ideapad s10-3 boot
    hang"
    - LP: #772560
  * Revert "TPM: Long default timeout fix"
    - LP: #772560
  * Revert "tpm_tis: Use timeouts returned from TPM"
    - LP: #772560
  * Revert "xen: set max_pfn_mapped to the last pfn mapped"
  * CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565
    - LP: #765007
    - CVE-2010-4565
  * xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1,
    CVE-2011-0711
    - LP: #767740
    - CVE-2011-0711
  * Treat writes as new when holes span across page boundaries,
    CVE-2011-0463
    - LP: #770483
    - CVE-2011-0463
  * fs/partitions/ldm.c: fix oops caused by corrupted partition table,
    CVE-2011-1017
    - LP: #771382
    - CVE-2011-1017
  * qla2xxx: Make the FC port capability mutual exclusive.
    - LP: #772560
  * staging: usbip: bugfixes related to kthread conversion
    - LP: #772560
  * staging: usbip: bugfix add number of packets for isochronous frames
    - LP: #772560
  * staging: usbip: bugfix for isochronous packets and optimization
    - LP: #772560
  * staging: hv: Fix GARP not sent after Quick Migration
    - LP: #772560
  * staging: hv: use sync_bitops when interacting with the hypervisor
    - LP: #772560
  * irda: validate peer name and attribute lengths
    - LP: #772560
  * irda: prevent heap corruption on invalid nickname
    - LP: #772560
  * nilfs2: fix data loss in mmap page write for hole blocks
    - LP: #772560
  * ASoC: Explicitly say registerless widgets have no register
    - LP: #772560
  * ALSA: ens1371: fix Creative Ectiva support
    - LP: #772560
  * ROSE: prevent heap corruption with bad facilities
    - LP: #772560
  * Btrfs: Fix uninitialized root flags for subvolumes
    - LP: #772560
  * x86, mtrr, pat: Fix one cpu getting out of sync during resume
    - LP: #772560
  * UBIFS: do not read flash unnecessarily
    - LP: #772560
  * UBIFS: fix oops on error path in read_pnode
    - LP: #772560
  * UBIFS: fix debugging failure in dbg_check_space_info
    - LP: #772560
  * quota: Don't write quota info in dquot_commit()
    - LP: #772560
  * mm: avoid wrapping vm_...

This bug was fixed in the package linux-fsl-imx51 - 2.6.31-609.26

---------------
linux-fsl-imx51 (2.6.31-609.26) lucid; urgency=low

  [ Paolo Pisati ]

  * Tracking bug
    - LP: #795219
  * [Config] Disable parport_pc on fsl-imx51
    - LP: #601226

  [ Upstream Kernel Changes ]

  * ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory
    - LP: #712723, #712737
  * can-bcm: fix minor heap overflow
    - LP: #710680
  * drivers/video/via/ioctl.c: prevent reading uninitialized stack memory
    - LP: #712744
  * gdth: integer overflow in ioctl
    - LP: #711797
  * inet_diag: Make sure we actually run the same bytecode we audited, CVE-2010-3880
    - LP: #711865
    - CVE-2010-3880
  * net: fix rds_iovec page count overflow, CVE-2010-3865
    - LP: #709153
    - CVE-2010-3865
  * net: packet: fix information leak to userland, CVE-2010-3876
    - LP: #711045
    - CVE-2010-3876
  * net: tipc: fix information leak to userland, CVE-2010-3877
    - LP: #711291
    - CVE-2010-3877
  * net: Truncate recvfrom and sendto length to INT_MAX.
    - LP: #708839
  * posix-cpu-timers: workaround to suppress the problems with mt exec
    - LP: #712609
  * sys_semctl: fix kernel stack leakage
    - LP: #712749
  * x25: Patch to fix bug 15678 - x25 accesses fields beyond end of packet.
    - LP: #709372
  * memory corruption in X.25 facilities parsing
    - LP: #709372
  * net: ax25: fix information leak to userland, CVE-2010-3875
    - LP: #710714
    - CVE-2010-3875
  * net: ax25: fix information leak to userland harder, CVE-2010-3875
    - LP: #710714
    - CVE-2010-3875
  * fs/partitions/ldm.c: fix oops caused by corrupted partition table, CVE-2011-1017
    - LP: #771382
    - CVE-2011-1017
  * net: clear heap allocations for privileged ethtool actions
    - LP: #771445
  * Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code
    - LP: #772543
  * Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
    - LP: #772543
  * exec: make argv/envp memory visible to oom-killer
    - LP: #768408
  * next_pidmap: fix overflow condition
    - LP: #784727
  * proc: do proper range check on readdir offset
    - LP: #784727
  * mpt2sas: prevent heap overflows and unchecked reads
    - LP: #787145
  * agp: fix arbitrary kernel memory writes
    - LP: #788684
  * can: add missing socket check in can/raw release
    - LP: #788694
  * agp: fix OOM and buffer overflow
    - LP: #788700
  * do_exit(): make sure that we run with get_fs() == USER_DS - CVE-2010-4258
    - LP: #723945
    - CVE-2010-4258
  * x25: Prevent crashing when parsing bad X.25 facilities - CVE-2010-4164
    - LP: #731199
    - CVE-2010-4164
  * install_special_mapping skips security_file_mmap check - CVE-2010-4346
    - LP: #731971
    - CVE-2010-4346
  * econet: Fix crash in aun_incoming() - CVE-2010-4342
    - LP: #736394
    - CVE-2010-4342
  * sound: Prevent buffer overflow in OSS load_mixer_volumes - CVE-2010-4527
    - LP: #737073
    - CVE-2010-4527
  * irda: prevent integer underflow in IRLMP_ENUMDEVICES, CVE-2010-4529
    - LP: #737823
    - CVE-2010-4529
  * CAN: Use inode instead of kernel address for /proc file - CVE-2010-4565
    - LP: #765007...

This bug was fixed in the package linux - 2.6.24-29.91

---------------
linux (2.6.24-29.91) hardy-proposed; urgency=low

  [Steve Conklin]

  * Release Tracking Bug
    - LP: #801636

  [Andy Whitcroft]

  * custom binaries need VERSION_SIGNATURE updated during prepare
    - LP: #794698

  [Stefan Bader]

  * (config) Disable COMPAT_VDSO for i386 Xen kernels
    - LP: #794715
  * XEN: Add yield points to blktap and blkback
    - LP: #791212
    - CVE-2010-4247
  * xen: Fix memory corruption caused by double free
    - LP: #705562

  [Upstream Kernel Changes]

  * agp: fix arbitrary kernel memory writes, CVE-1011-2022
    - LP: #788684
    - CVE-1011-2022
  * agp: fix OOM and buffer overflow
    - LP: #791918
    - CVE-2011-1746
  * tty: icount changeover for other main devices, CVE-2010-4076,
    CVE-2010-4077
    - LP: #794034
    - CVE-2010-4077
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * Fix corrupted OSF partition table parsing
    - LP: #796606
    - CVE-2011-1163
  * proc: avoid information leaks to non-privileged processes
    - LP: #799906
    - CVE-2011-0726
  * proc: protect mm start_code/end_code in /proc/pid/stat
    - LP: #799906
    - CVE-2011-0726
  * sctp: Fix a race between ICMP protocol unreachable and connect()
    - LP: #799828
    - CVE-2010-4526
  * xen: blkback, blktap: Fix potential resource leak
    - LP: #800254
 -- Steve Conklin <email address hidden> Fri, 24 Jun 2011 10:59:11 -0500

This bug was fixed in the package linux-lts-backport-maverick - 2.6.35-30.56~lucid1

---------------
linux-lts-backport-maverick (2.6.35-30.56~lucid1) lucid-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #811215

  [ Herton Ronaldo Krzesinski ]

  * Revert "SAUCE: mmc: Enable MMC card reader for RICOH [1180:e823]"

  [ Upstream Kernel Changes ]

  * Revert "x86: Flush TLB if PGD entry is changed in i386 PAE mode"
    - LP: #805209

linux (2.6.35-30.55) maverick-proposed; urgency=low

  [Steve Conklin]

  * Release Tracking Bug
    - LP: #801690

  [ Jeremy Kerr ]

  * SAUCE: cx23885: Fix argument to videobuf_dma_unmap
    - LP: #800527

  [ Manoj Iyer ]

  * SAUCE: mmc: Enable MMC card reader for RICOH [1180:e823]
    - LP: #790754

  [ Upstream Kernel Changes ]

  * agp: fix OOM and buffer overflow
    - LP: #791918
    - CVE-2011-1746
  * tty: icount changeover for other main devices, CVE-2010-4076,
    CVE-2010-4077
    - LP: #720189
    - CVE-2010-4077
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * Fix corrupted OSF partition table parsing
    - LP: #796606
    - CVE-2011-1163
  * can: Add missing socket check in can/bcm release.
    - LP: #796502
    - CVE-2011-1598
  * nfs4: Ensure that ACL pages sent over NFS were not allocated from the
    slab (v3) CVE-2011-1090
    - LP: #800775
    - CVE-2011-1090

linux (2.6.35-30.54) maverick-proposed; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #794114

  [ Upstream Kernel Changes ]

  * Revert "xhci: Fix full speed bInterval encoding."
  * Revert "USB: xhci - also free streams when resetting devices"
  * Revert "USB: xhci - fix math in xhci_get_endpoint_interval()"
  * Revert "USB: xhci - fix unsafe macro definitions"

linux (2.6.35-30.53) maverick-proposed; urgency=low

  [ Upstream Kernel Changes ]

  * xhci: Fix full speed bInterval encoding.
    - LP: #792959

linux (2.6.35-30.52) maverick-proposed; urgency=low

  [ Herton R. Krzesinski ]

  * Release Tracking Bug
    - LP: #790653

  [ Stefan Bader ]

  * Include nls_iso8859-1 for virtual images
    - LP: #732046

  [ Thomas Schlichter ]

  * SAUCE: vesafb: mtrr module parameter is uint, not bool
    - LP: #778043

  [ Tim Gardner ]

  * [Config] Add cachefiles.ko to virtual flavour
    - LP: #770430

  [ Upstream Kernel Changes ]

  * Revert "intel_idle: PCI quirk to prevent Lenovo Ideapad s10-3 boot
    hang"
    - LP: #772560
  * Revert "TPM: Long default timeout fix"
    - LP: #772560
  * Revert "tpm_tis: Use timeouts returned from TPM"
    - LP: #772560
  * Revert "xen: set max_pfn_mapped to the last pfn mapped"
  * CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565
    - LP: #765007
    - CVE-2010-4565
  * xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1,
    CVE-2011-0711
    - LP: #767740
    - CVE-2011-0711
  * Treat writes as new when holes span across page boundaries,
    CVE-2011-0463
    - LP: #770483
    - CVE-2011-0463
  * fs/partitions/ldm.c: fix oops caused by corrupted partition table,
    CVE-2011-1017
    - LP: #771382
    - CVE-2011-1017
  * qla2xxx:...

This bug was fixed in the package linux-ti-omap4 - 2.6.35-903.24

---------------
linux-ti-omap4 (2.6.35-903.24) maverick-proposed; urgency=low

  * Release tracking bug
    - LP: #838037

  [ Upstream Kernel Changes ]

  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918
  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux-ti-omap4 (2.6.35-903.23) maverick-proposed; urgency=low

  * Release tracking bug
    - LP: #829655

  [ Upstream Kernel Changes ]

  * drm/radeon/kms: check AA resolve registers on r300, CVE-2011-1016
    - LP: #745686
    - CVE-2011-1016
  * drm/radeon: fix regression with AA resolve checking, CVE-2011-1016
    - LP: #745686
    - CVE-2011-1016
  * can-bcm: fix minor heap overflow
    - LP: #690730
  * CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565
    - LP: #765007
    - CVE-2010-4565
  * av7110: check for negative array offset
    - LP: #747520
  * xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1,
    CVE-2011-0711
    - LP: #767740
    - CVE-2011-0711
  * ALSA: caiaq - Fix possible string-buffer overflow
    - LP: #747520
  * IB/cm: Bump reference count on cm_id before invoking callback,
    CVE-2011-0695
    - LP: #770369
    - CVE-2011-0695
  * RDMA/cma: Fix crash in request handlers, CVE-2011-0695
    - LP: #770369
    - CVE-2011-0695
  * Treat writes as new when holes span across page boundaries,
    CVE-2011-0463
    - LP: #770483
    - CVE-2011-0463
  * net: clear heap allocations for privileged ethtool actions
    - LP: #686158
  * usb: iowarrior: don't trust report_size for buffer size
    - LP: #747520
  * fs/partitions/ldm.c: fix oops caused by corrupted partition table,
    CVE-2011-1017
    - LP: #771382
    - CVE-2011-1017
  * Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal
    code
    - LP: #747520
  * Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
    - LP: #747520
  * exec: make argv/envp memory visible to oom-killer
    - LP: #690730
  * next_pidmap: fix overflow condition
    - LP: #772560
  * proc: do proper range check on readdir offset
    - LP: #772560
  * ALSA: sound/pci/asihpi: check adapter index in hpi_ioctl, CVE-2011-1169
    - LP: #785331
    - CVE-2011-1169
  * mpt2sas: prevent heap overflows and unchecked reads, CVE-2011-1494
    - LP: #787145
    - CVE-2011-1494
  * agp: fix arbitrary kernel memory writes, CVE-1011-2022
    - LP: #788684
    - CVE-1011-2022
  * can: add missing socket check in can/raw release, CVE-2011-1748
    - LP: #788694
    - CVE-2011-1748
  * agp: fix OOM and buffer overflow
    - LP: #788700
  * drivers/net/cxgb3/cxgb3_main.c: prevent reading uninitialized stack
    memory - CVE-2010-3296
    - CVE-2010-3296
  * drivers/net/eql.c: prevent reading uninitialized stack memory -
    CVE-2010-3297
    - CVE-2010-3297
  * inet_diag: Make sure we actually run the same bytecode we audited,
    CVE-2010-3880
    - LP: #711865
    - CVE-2010-3880
  * setup_arg_pages: diagnose excessive argume...