Bug #807462 “CVE-2010-4251” : Natty (11.04) : Bugs : linux-fsl-imx51 package : Ubuntu

Revision history for this message

Andy Whitcroft (apw) wrote on 2011-07-08:

#1

CVE-2010-4251

tags:	added: kernel-cve-tracking-bug
security vulnerability:	no → yes
Changed in linux-ti-omap4 (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Maverick):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Maverick):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status:	New → Invalid

Tim Gardner (timg-tpi) on 2011-07-12

Changed in linux (Ubuntu Lucid):
assignee:	nobody → Paolo Pisati (p-pisati)
status:	New → Fix Committed

Andy Whitcroft (apw) on 2011-07-14

Changed in linux (Ubuntu Maverick):
status:	New → Fix Released
Changed in linux (Ubuntu Natty):
status:	New → Fix Released
Changed in linux (Ubuntu Oneiric):
status:	New → Fix Released

Andy Whitcroft (apw) on 2011-07-14

Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status:	New → Fix Released
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status:	New → Fix Released
Changed in linux-mvl-dove (Ubuntu Lucid):
status:	New → Fix Released
Changed in linux-mvl-dove (Ubuntu Maverick):
status:	New → Fix Released
Changed in linux-ti-omap4 (Ubuntu Maverick):
status:	New → Fix Released
Changed in linux-ti-omap4 (Ubuntu Natty):
status:	New → Fix Released
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status:	New → Fix Released

Tim Gardner (timg-tpi) on 2011-07-22

Changed in linux-fsl-imx51 (Ubuntu Lucid):
status:	New → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-09-13:

#2

Download full text (6.2 KiB)

This bug was fixed in the package linux-fsl-imx51 - 2.6.31-610.28

---------------
linux-fsl-imx51 (2.6.31-610.28) lucid-proposed; urgency=low

* Release tracking bug
- LP: #837802

[ Upstream Kernel Changes ]

  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918
  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux-fsl-imx51 (2.6.31-610.27) lucid-proposed; urgency=low

* Release tracking bug
- LP: #829160

[ Upstream Kernel Changes ]

  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * Fix corrupted OSF partition table parsing
    - LP: #796606
    - CVE-2011-1163
  * can: Add missing socket check in can/bcm release.
    - LP: #796502
    - CVE-2011-1598
  * proc: protect mm start_code/end_code in /proc/pid/stat
    - LP: #799906
    - CVE-2011-0726
  * sctp: Fix a race between ICMP protocol unreachable and connect()
  * tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
    - LP: #794034
    - CVE-2010-4077
  * filter: make sure filters dont read uninitialized memory CVE-2010-4158
    - LP: #721282
    - CVE-2010-4158
  * bio: take care not overflow page count when mapping/copying user data
    CVE-2010-4162
    - LP: #721441
    - CVE-2010-4162
  * block: check for proper length of iov entries in blk_rq_map_user_iov()
    - LP: #721504
    - CVE-2010-4163
  * block: check for proper length of iov entries earlier in
    blk_rq_map_user_iov(), CVE-2010-4163
    - LP: #721504
    - CVE-2010-4163
  * rds: Integer overflow in RDS cmsg handling, CVE-2010-4175
    - LP: #721455
    - CVE-2010-4175
  * bluetooth: Fix missing NULL check CVE-2010-4242
    - LP: #714846
    - CVE-2010-4242
  * IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649
    - LP: #800121
    - CVE-2010-4649
  * epoll: prevent creating circular epoll structures CVE-2011-1082
    - LP: #800758
    - CVE-2011-1082
  * nfs4: Ensure that ACL pages sent over NFS were not allocated from the
    slab (v3) CVE-2011-1090
    - LP: #800775
  * ldm: corrupted partition table can cause kernel oops CVE-2011-1012
    - LP: #801083
    - CVE-2011-1012
  * netfilter: ipt_CLUSTERIP: fix buffer overflow CVE-2011-2534
    - LP: #801473
    - CVE-2011-2534
  * netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170
    - LP: #801480
    - CVE-2011-1170
  * netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171
    - LP: #801482
    - CVE-2011-1171
  * ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172
    - LP: #801483
    - CVE-2011-1172
  * econet: 4 byte infoleak to the network CVE-2011-1173
    - LP: #801484
    - CVE-2011-1173
  * net: Limit socket I/O iovec total length to INT_MAX.
    - LP: #708839
  * fs/partitions: Validate map_count in Mac partition tables -
    CVE-2011-1010
    - LP: #804225
    - CVE-2011-1010
  * drm: fix unsigned vs signed comparison issue in modeset ctl ioctl,
    CVE-2011-1013
    - LP: #804229
    - CVE-2011-1013
...

This bug was fixed in the package linux-fsl-imx51 - 2.6.31-610.28

---------------
linux-fsl-imx51 (2.6.31-610.28) lucid-proposed; urgency=low

* Release tracking bug
    - LP: #837802

[ Upstream Kernel Changes ]

* ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918
  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux-fsl-imx51 (2.6.31-610.27) lucid-proposed; urgency=low

* Release tracking bug
    - LP: #829160

[ Upstream Kernel Changes ]

* fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * Fix corrupted OSF partition table parsing
    - LP: #796606
    - CVE-2011-1163
  * can: Add missing socket check in can/bcm release.
    - LP: #796502
    - CVE-2011-1598
  * proc: protect mm start_code/end_code in /proc/pid/stat
    - LP: #799906
    - CVE-2011-0726
  * sctp: Fix a race between ICMP protocol unreachable and connect()
  * tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
    - LP: #794034
    - CVE-2010-4077
  * filter: make sure filters dont read uninitialized memory CVE-2010-4158
    - LP: #721282
    - CVE-2010-4158
  * bio: take care not overflow page count when mapping/copying user data
    CVE-2010-4162
    - LP: #721441
    - CVE-2010-4162
  * block: check for proper length of iov entries in blk_rq_map_user_iov()
    - LP: #721504
    - CVE-2010-4163
  * block: check for proper length of iov entries earlier in
    blk_rq_map_user_iov(), CVE-2010-4163
    - LP: #721504
    - CVE-2010-4163
  * rds: Integer overflow in RDS cmsg handling, CVE-2010-4175
    - LP: #721455
    - CVE-2010-4175
  * bluetooth: Fix missing NULL check CVE-2010-4242
    - LP: #714846
    - CVE-2010-4242
  * IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649
    - LP: #800121
    - CVE-2010-4649
  * epoll: prevent creating circular epoll structures CVE-2011-1082
    - LP: #800758
    - CVE-2011-1082
  * nfs4: Ensure that ACL pages sent over NFS were not allocated from the
    slab (v3) CVE-2011-1090
    - LP: #800775
  * ldm: corrupted partition table can cause kernel oops CVE-2011-1012
    - LP: #801083
    - CVE-2011-1012
  * netfilter: ipt_CLUSTERIP: fix buffer overflow CVE-2011-2534
    - LP: #801473
    - CVE-2011-2534
  * netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170
    - LP: #801480
    - CVE-2011-1170
  * netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171
    - LP: #801482
    - CVE-2011-1171
  * ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172
    - LP: #801483
    - CVE-2011-1172
  * econet: 4 byte infoleak to the network CVE-2011-1173
    - LP: #801484
    - CVE-2011-1173
  * net: Limit socket I/O iovec total length to INT_MAX.
    - LP: #708839
  * fs/partitions: Validate map_count in Mac partition tables -
    CVE-2011-1010
    - LP: #804225
    - CVE-2011-1010
  * drm: fix unsigned vs signed comparison issue in modeset ctl ioctl,
    CVE-2011-1013
    - LP: #804229
    - CVE-2011-1013
  * exec: copy-and-paste the fixes into compat_do_execve() paths -
    CVE-2010-4243
    - LP: #804234
    - CVE-2010-4243
  * taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * dccp: handle invalid feature options length, CVE-2011-1770
    - LP: #806375
    - CVE-2011-1770
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * dccp: fix oops on Reset after close, CVE-2011-1093
    - LP: #814087
    - CVE-2011-1093
  * net: add limit for socket backlog CVE-2010-4251
    - LP: #807462
  * tcp: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * ipv6: udp: Optimise multicast reception
    - LP: #807462
  * ipv4: udp: Optimise multicast reception
    - LP: #807462
  * udp: multicast RX should increment SNMP/sk_drops counter in allocation
    failures CVE-2010-4251
    - LP: #807462
  * udp: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * llc: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * sctp: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * tipc: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * x25: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * net: backlog functions rename CVE-2010-4251
    - LP: #807462
  * net: sk_add_backlog() take rmem_alloc into account CVE-2010-4805
    - LP: #809318
  * Bluetooth: sco: fix information leak to userspace, CVE-2011-1078
    - LP: #816542
    - CVE-2011-1078
  * Bluetooth: bnep: fix buffer overflow, CVE-2011-1079
    - LP: #816544
    - CVE-2011-1079
  * bridge: netfilter: fix information leak, CVE-2011-1080
    - LP: #816545
    - CVE-2011-1080
  * char/tpm: Fix unitialized usage of data buffer, CVE-2011-1160
    - LP: #816546
    - CVE-2011-1160
  * irda: validate peer name and attribute lengths, CVE-2011-1180
    - LP: #816547
    - CVE-2011-1180
  * gro: Reset dev pointer on reuse, CVE-2011-1478
    - LP: #816549
    - CVE-2011-1478
  * gro: reset skb_iif on reuse, CVE-2011-1478
    - LP: #816549
    - CVE-2011-1478
  * rose_loopback_timer sets VC number <= ROSE_DEFAULT_MAXVC, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * ROSE: prevent heap corruption with bad facilities, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * Add mount option to check uid of device being mounted = expect uid,
    CVE-2011-1833
    - LP: #732628
    - CVE-2011-1833
 -- Paolo Pisati <paolo.pisati@canonical.com>   Wed, 31 Aug 2011 10:26:26 +0200

Changed in linux-fsl-imx51 (Ubuntu Lucid):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-09-29:

#3

Download full text (16.9 KiB)

This bug was fixed in the package linux - 2.6.32-34.77

---------------
linux (2.6.32-34.77) lucid-proposed; urgency=low

[Steve Conklin]

* Release Tracking Bug
- LP: #849228

[ Upstream Kernel Changes ]

  * Revert "drm/i915: Remove BUG_ON from i915_gem_evict_something"
  * Revert "drm/i915: Periodically flush the active lists and requests"
  * Revert "drm/i915/evict: Ensure we completely cleanup on failure"
  * Revert "drm/i915: Maintain LRU order of inactive objects upon access by
    CPU (v2)"
  * Revert "drm/i915: Implement fair lru eviction across both rings. (v2)"
  * Revert "drm/i915: Move the eviction logic to its own file."
  * Revert "drm/i915: prepare for fair lru eviction"

linux (2.6.32-34.76) lucid-proposed; urgency=low

[Steve Conklin]

* Release Tracking Bug
- LP: #836914

[ Upstream Kernel Changes ]

  * Revert "drm/nv50-nvc0: work around an evo channel hang that some people
    see"
  * Revert "eCryptfs: Handle failed metadata read in lookup"
  * Revert "tunnels: fix netns vs proto registration ordering"

linux (2.6.32-34.75) lucid-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #832332

[ Upstream Kernel Changes ]

* drm/i915: Remove BUG_ON from i915_gem_evict_something
- LP: #828550

linux (2.6.32-34.74) lucid-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #828375

[ Upstream Kernel Changes ]

  * proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux (2.6.32-34.73) lucid-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #824148

[ Tim Gardner ]

  * SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
    - LP: #805494
  * [Config] Add enic/fnic to udebs
    - LP: #801610

[ Upstream Kernel Changes ]

  * tty: icount changeover for other main devices, CVE-2010-4076,
    CVE-2010-4077
    - LP: #720189
    - CVE-2010-4077
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * ftrace: Only update the function code on write to filter files
    - LP: #802383
  * kmemleak: Do not return a pointer to an object that kmemleak did not
    get
    - LP: #802383
  * CPU hotplug, re-create sysfs directory and symlinks
    - LP: #802383
  * Fix memory leak in cpufreq_stat
    - LP: #802383
  * powerpc/kexec: Fix memory corruption from unallocated slaves
    - LP: #802383
  * powerpc/oprofile: Handle events that raise an exception without
    overflowing
    - LP: #802383
  * mtd: mtdconcat: fix NAND OOB write
    - LP: #802383
  * x86, 64-bit: Fix copy_[to/from]_user() checks for the userspace address
    limit
    - LP: #802383
  * ext3: Fix fs corruption when make_indexed_dir() fails
    - LP: #802383
  * jbd: Fix forever sleeping process in do_get_write_access()
    - LP: #802383
  * jbd: fix fsync() tid wraparound bug
    - LP: #802383
  * ext4: release page cache in ext4_mb_load_buddy error path
    - LP: #802383
  * Fix Ultrastor asm snippet
    - LP: #802383
  * x86, amd: Do not enable ARAT feature on AMD processors below family
    0x12
    - LP: #802383
  * x86, ...

This bug was fixed in the package linux - 2.6.32-34.77

---------------
linux (2.6.32-34.77) lucid-proposed; urgency=low

[Steve Conklin]

* Release Tracking Bug
    - LP: #849228

[ Upstream Kernel Changes ]

* Revert "drm/i915: Remove BUG_ON from i915_gem_evict_something"
  * Revert "drm/i915: Periodically flush the active lists and requests"
  * Revert "drm/i915/evict: Ensure we completely cleanup on failure"
  * Revert "drm/i915: Maintain LRU order of inactive objects upon access by
    CPU (v2)"
  * Revert "drm/i915: Implement fair lru eviction across both rings. (v2)"
  * Revert "drm/i915: Move the eviction logic to its own file."
  * Revert "drm/i915: prepare for fair lru eviction"

linux (2.6.32-34.76) lucid-proposed; urgency=low

[Steve Conklin]

* Release Tracking Bug
    - LP: #836914

[ Upstream Kernel Changes ]

* Revert "drm/nv50-nvc0: work around an evo channel hang that some people
    see"
  * Revert "eCryptfs: Handle failed metadata read in lookup"
  * Revert "tunnels: fix netns vs proto registration ordering"

linux (2.6.32-34.75) lucid-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #832332

[ Upstream Kernel Changes ]

* drm/i915: Remove BUG_ON from i915_gem_evict_something
    - LP: #828550

linux (2.6.32-34.74) lucid-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #828375

[ Upstream Kernel Changes ]

* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020

linux (2.6.32-34.73) lucid-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
    - LP: #824148

[ Tim Gardner ]

* SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
    - LP: #805494
  * [Config] Add enic/fnic to udebs
    - LP: #801610

[ Upstream Kernel Changes ]

* tty: icount changeover for other main devices, CVE-2010-4076,
    CVE-2010-4077
    - LP: #720189
    - CVE-2010-4077
  * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
    oops
    - LP: #795418
    - CVE-2011-1577
  * ftrace: Only update the function code on write to filter files
    - LP: #802383
  * kmemleak: Do not return a pointer to an object that kmemleak did not
    get
    - LP: #802383
  * CPU hotplug, re-create sysfs directory and symlinks
    - LP: #802383
  * Fix memory leak in cpufreq_stat
    - LP: #802383
  * powerpc/kexec: Fix memory corruption from unallocated slaves
    - LP: #802383
  * powerpc/oprofile: Handle events that raise an exception without
    overflowing
    - LP: #802383
  * mtd: mtdconcat: fix NAND OOB write
    - LP: #802383
  * x86, 64-bit: Fix copy_[to/from]_user() checks for the userspace address
    limit
    - LP: #802383
  * ext3: Fix fs corruption when make_indexed_dir() fails
    - LP: #802383
  * jbd: Fix forever sleeping process in do_get_write_access()
    - LP: #802383
  * jbd: fix fsync() tid wraparound bug
    - LP: #802383
  * ext4: release page cache in ext4_mb_load_buddy error path
    - LP: #802383
  * Fix Ultrastor asm snippet
    - LP: #802383
  * x86, amd: Do not enable ARAT feature on AMD processors below family
    0x12
    - LP: #802383
  * x86, amd: Use _safe() msr access for GartTlbWlk disable code
    - LP: #802383
  * rcu: Fix unpaired rcu_irq_enter() from locking selftests
    - LP: #802383
  * staging: usbip: fix wrong endian conversion
    - LP: #802383
  * Fix for buffer overflow in ldm_frag_add not sufficient
    - LP: #802383
  * seqlock: Don't smp_rmb in seqlock reader spin loop
    - LP: #802383
  * ALSA: HDA: Use one dmic only for Dell Studio 1558
    - LP: #731706, #802383
  * ASoC: Ensure output PGA is enabled for line outputs in wm_hubs
    - LP: #802383
  * ASoC: Add some missing volume update bit sets for wm_hubs devices
    - LP: #802383
  * mm/page_alloc.c: prevent unending loop in __alloc_pages_slowpath()
    - LP: #802383
  * loop: limit 'max_part' module param to DISK_MAX_PARTS
    - LP: #802383
  * loop: handle on-demand devices correctly
    - LP: #802383
  * USB: CP210x Add 4 Device IDs for AC-Services Devices
    - LP: #802383
  * USB: moto_modem: Add USB identifier for the Motorola VE240.
    - LP: #802383
  * USB: serial: ftdi_sio: adding support for TavIR STK500
    - LP: #802383
  * USB: gamin_gps: Fix for data transfer problems in native mode
    - LP: #802383
  * usb/gadget: at91sam9g20 fix end point max packet size
    - LP: #802383
  * usb: gadget: rndis: don't test against req->length
    - LP: #802383
  * OHCI: fix regression caused by nVidia shutdown workaround
    - LP: #802383
  * p54usb: add zoom 4410 usbid
    - LP: #802383
  * eCryptfs: Allow 2 scatterlist entries for encrypted filenames
    - LP: #802383
  * UBIFS: fix a rare memory leak in ro to rw remounting path
    - LP: #802383
  * i8k: Avoid lahf in 64-bit code
    - LP: #802383
  * cpuidle: menu: fixed wrapping timers at 4.294 seconds
    - LP: #802383
  * dm table: reject devices without request fns
    - LP: #802383
  * atm: expose ATM device index in sysfs
    - LP: #802383
  * brd: limit 'max_part' module param to DISK_MAX_PARTS
    - LP: #802383
  * brd: handle on-demand devices correctly
    - LP: #802383
  * SUNRPC: Deal with the lack of a SYN_SENT sk->sk_state_change
    callback...
    - LP: #802383
  * PCI: Add quirk for setting valid class for TI816X Endpoint
    - LP: #802383
  * xen mmu: fix a race window causing leave_mm BUG()
    - LP: #802383
  * netfilter: nf_conntrack_reasm: properly handle packets fragmented into
    a single fragment
    - LP: #802383
  * fix memory leak in scsi_report_lun_scan
    - LP: #802383
  * fix refcounting bug in scsi_get_host_dev
    - LP: #802383
  * fix duplicate removal on error path in scsi_sysfs_add_sdev
    - LP: #802383
  * UBIFS: fix shrinker object count reports
    - LP: #802383
  * UBIFS: fix memory leak on error path
    - LP: #802383
  * nbd: limit module parameters to a sane value
    - LP: #802383
  * mm: fix ENOSPC returned by handle_mm_fault()
    - LP: #802383
  * PCI: Set PCIE maxpayload for card during hotplug insertion
    - LP: #802383
  * nl80211: fix check for valid SSID size in scan operations
    - LP: #802383
  * lockdep: Fix lock_is_held() on recursion
    - LP: #802383
  * drm/i915: Add a no lvds quirk for the Asus EeeBox PC EB1007
    - LP: #802383
  * drm/radeon/kms: fix for radeon on systems >4GB without hardware iommu
    - LP: #802383
  * fat: Fix corrupt inode flags when remove ATTR_SYS flag
    - LP: #802383
  * xen: off by one errors in multicalls.c
    - LP: #802383
  * x86/amd-iommu: Fix 3 possible endless loops
    - LP: #802383
  * USB: cdc-acm: Adding second ACM channel support for Nokia E7 and C7
    - LP: #802383
  * USB: core: Tolerate protocol stall during hub and port status read
    - LP: #802383
  * USB: serial: add another 4N-GALAXY.DE PID to ftdi_sio driver
    - LP: #802383
  * ALSA: hda: Fix quirk for Dell Inspiron 910
    - LP: #792712, #802383
  * oprofile, dcookies: Fix possible circular locking dependency
    - LP: #802383
  * CPUFREQ: Remove cpufreq_stats sysfs entries on module unload.
    - LP: #802383
  * md: check ->hot_remove_disk when removing disk
    - LP: #802383
  * md/raid5: fix raid5_set_bi_hw_segments
    - LP: #802383
  * md/raid5: fix FUA request handling in ops_run_io()
    - LP: #802383
  * ata: use pci_dev->revision
    - LP: #802383
  * pata_cmd64x: fix PIO setup
    - LP: #802383
  * pata_cmd64x: cmd648_bmdma_stop() fix
    - LP: #802383
  * pata_cmd64x: remove unused definitions
    - LP: #802383
  * pata_cm64x: fix boot crash on parisc
    - LP: #802383
  * ACPI: use _HID when supplied by root-level devices
    - LP: #802383
  * xfs: properly account for reclaimed inodes
    - LP: #802383
  * exec: delay address limit change until point of no return
    - LP: #802383
  * netfilter: IPv6: initialize TOS field in REJECT target module
    - LP: #802383
  * netfilter: IPv6: fix DSCP mangle code
    - LP: #802383
  * genirq: Add IRQF_FORCE_RESUME
    - LP: #802383
  * xen: Use IRQF_FORCE_RESUME
    - LP: #802383
  * time: Compensate for rounding on odd-frequency clocksources
    - LP: #802383
  * Linux 2.6.32.42
    - LP: #802383
  * taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * drm_mm: extract check_free_mm_node
    - LP: #599017, #807508
  * drm: implement helper functions for scanning lru list
    - LP: #599017, #807508
  * drm/i915: prepare for fair lru eviction
    - LP: #599017, #807508
  * drm/i915: Move the eviction logic to its own file.
    - LP: #599017, #807508
  * drm/i915: Implement fair lru eviction across both rings. (v2)
    - LP: #599017, #807508
  * drm/i915: Maintain LRU order of inactive objects upon access by CPU
    (v2)
    - LP: #599017, #807508
  * drm/i915/evict: Ensure we completely cleanup on failure
    - LP: #599017, #807508
  * drm/i915: Periodically flush the active lists and requests
    - LP: #599017, #807508
  * Linux 2.6.32.42+drm33.19
    - LP: #807508
  * net: add limit for socket backlog CVE-2010-4251
    - LP: #807462
  * tcp: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * ipv6: udp: Optimise multicast reception
    - LP: #807462
  * ipv4: udp: Optimise multicast reception
    - LP: #807462
  * udp: multicast RX should increment SNMP/sk_drops counter in allocation
    failures CVE-2010-4251
    - LP: #807462
  * udp: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * llc: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * sctp: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * tipc: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * x25: use limited socket backlog CVE-2010-4251
    - LP: #807462
  * net: backlog functions rename CVE-2010-4251
    - LP: #807462
  * net: sk_add_backlog() take rmem_alloc into account CVE-2010-4805
    - LP: #809318
  * ksm: fix NULL pointer dereference in scan_get_next_rmap_item()
    - LP: #810425
  * migrate: don't account swapcache as shmem
    - LP: #810425
  * clocksource: Make watchdog robust vs. interruption
    - LP: #810425
  * TTY: ldisc, do not close until there are readers
    - LP: #810425
  * xhci: Reject double add of active endpoints.
    - LP: #810425
  * PM: Free memory bitmaps if opening /dev/snapshot fails
    - LP: #810425
  * ath5k: fix memory leak when fewer than N_PD_CURVES are in use
    - LP: #810425
  * mm: fix negative commitlimit when gigantic hugepages are allocated
    - LP: #810425
  * uvcvideo: Remove buffers from the queues when freeing
    - LP: #810425
  * watchdog: mtx1-wdt: request gpio before using it
    - LP: #810425
  * debugobjects: Fix boot crash when kmemleak and debugobjects enabled
    - LP: #810425
  * cfq-iosched: fix locking around ioc->ioc_data assignment
    - LP: #810425
  * cfq-iosched: fix a rcu warning
    - LP: #810425
  * i2c-taos-evm: Fix log messages
    - LP: #810425
  * md: avoid endless recovery loop when waiting for fail device to
    complete.
    - LP: #810425
  * SUNRPC: Ensure the RPC client only quits on fatal signals
    - LP: #810425
  * 6pack,mkiss: fix lock inconsistency
    - LP: #810425
  * USB: don't let errors prevent system sleep
    - LP: #810425
  * USB: don't let the hub driver prevent system sleep
    - LP: #810425
  * uml: fix CONFIG_STATIC_LINK=y build failure with newer glibc
    - LP: #810425
  * um: os-linux/mem.c needs sys/stat.h
    - LP: #810425
  * inet_diag: fix inet_diag_bc_audit()
    - LP: #810425
  * PM / Hibernate: Avoid hitting OOM during preallocation of memory
    - LP: #810425
  * PM / Hibernate: Fix free_unnecessary_pages()
    - LP: #810425
  * bug.h: Add WARN_RATELIMIT
    - LP: #810425
  * net: filter: Use WARN_RATELIMIT
    - LP: #810425
  * af_packet: prevent information leak
    - LP: #810425
  * net/ipv4: Check for mistakenly passed in non-IPv4 address
    - LP: #810425
  * ipv6/udp: Use the correct variable to determine non-blocking condition
    - LP: #810425
  * udp/recvmsg: Clear MSG_TRUNC flag when starting over for a new packet
    - LP: #810425
  * mm: prevent concurrent unmap_mapping_range() on the same inode
    - LP: #810425
  * xen: set max_pfn_mapped to the last pfn mapped
    - LP: #810425
  * xen: partially revert "xen: set max_pfn_mapped to the last pfn mapped"
    - LP: #810425
  * Linux 2.6.32.43
    - LP: #810425
  * eCryptfs: Handle failed metadata read in lookup
    - LP: #509180
  * pagemap: close races with suid execve, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * report errors in /proc/*/*map* sanely, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * close race in /proc/*/environ, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * auxv: require the target to be tracable (or yourself), CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * rose_loopback_timer sets VC number <= ROSE_DEFAULT_MAXVC, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
  * drm/nv50-nvc0: work around an evo channel hang that some people see
    - LP: #583760
  * ASoC: Fix Blackfin I2S _pointer() implementation return in bounds
    values
    - LP: #823296
  * v4l2-ioctl.c: prefill tuner type for g_frequency and g/s_tuner
    - LP: #823296
  * pvrusb2: fix g/s_tuner support
    - LP: #823296
  * bttv: fix s_tuner for radio
    - LP: #823296
  * gro: Only reset frag0 when skb can be pulled
    - LP: #823296
  * NFSv4.1: update nfs4_fattr_bitmap_maxsz
    - LP: #823296
  * SUNRPC: Fix a race between work-queue and rpc_killall_tasks
    - LP: #823296
  * SUNRPC: Fix use of static variable in rpcb_getport_async
    - LP: #823296
  * si4713-i2c: avoid potential buffer overflow on si4713
    - LP: #823296
  * hwmon: (max1111) Fix race condition causing NULL pointer exception
    - LP: #823296
  * bridge: send proper message_age in config BPDU
    - LP: #823296
  * davinci: DM365 EVM: fix video input mux bits
    - LP: #823296
  * libata: fix unexpectedly frozen port after ata_eh_reset()
    - LP: #823296
  * x86: Make Dell Latitude E5420 use reboot=pci
    - LP: #823296
  * USB: pl2303: add AdLink ND-6530 USB IDs
    - LP: #823296
  * USB: pl2303.h: checkpatch cleanups
    - LP: #823296
  * USB: serial: add IDs for WinChipHead USB->RS232 adapter
    - LP: #823296
  * staging: comedi: fix infoleak to userspace
    - LP: #823296
  * USB: OHCI: fix another regression for NVIDIA controllers
    - LP: #823296
  * usb: musb: restore INDEX register in resume path
    - LP: #823296
  * USB: dummy-hcd needs the has_tt flag
    - LP: #823296
  * ARM: pxa/cm-x300: fix V3020 RTC functionality
    - LP: #823296
  * jme: Fix unmap error (Causing system freeze)
    - LP: #823296
  * libsas: remove expander from dev list on error
    - LP: #823296
  * mac80211: Restart STA timers only on associated state
    - LP: #823296
  * Blacklist Traxdata CDR4120 and IOMEGA Zip drive to avoid lock ups.
    - LP: #823296
  * ses: requesting a fault indication
    - LP: #823296
  * pmcraid: reject negative request size
    - LP: #823296
  * kexec, x86: Fix incorrect jump back address if not preserving context
    - LP: #823296
  * powerpc/kdump: Fix timeout in crash_kexec_wait_realmode
    - LP: #823296
  * PCI: ARI is a PCIe v2 feature
    - LP: #823296
  * cciss: do not attempt to read from a write-only register
    - LP: #823296
  * xtensa: prevent arbitrary read in ptrace
    - LP: #823296
  * ext3: Fix oops in ext3_try_to_allocate_with_rsv()
    - LP: #823296
  * svcrpc: fix list-corrupting race on nfsd shutdown
    - LP: #823296
  * EHCI: only power off port if over-current is active
    - LP: #823296
  * EHCI: fix direction handling for interrupt data toggles
    - LP: #823296
  * powerpc/pseries/hvconsole: Fix dropped console output
    - LP: #823296
  * x86: Hpet: Avoid the comparator readback penalty
    - LP: #823296
  * x86: HPET: Chose a paranoid safe value for the ETIME check
    - LP: #823296
  * cifs: clean up cifs_find_smb_ses (try #2)
    - LP: #823296
  * cifs: fix NULL pointer dereference in cifs_find_smb_ses
    - LP: #823296
  * cifs: check for NULL session password
    - LP: #823296
  * gre: fix netns vs proto registration ordering
    - LP: #823296
  * netns xfrm: fixup xfrm6_tunnel error propagation
    - LP: #823296
  * tunnels: fix netns vs proto registration ordering
    - LP: #823296
  * alpha: fix several security issues
    - LP: #823296
  * proc: restrict access to /proc/PID/io
    - LP: #823296
  * ALSA: sound/core/pcm_compat.c: adjust array index
    - LP: #823296
  * dm mpath: fix potential NULL pointer in feature arg processing
    - LP: #823296
  * dm: fix idr leak on module removal
    - LP: #823296
  * perf: overflow/perf_count_sw_cpu_clock crashes recent kernels
    - LP: #823296
  * atm: [br2684] allow routed mode operation again
    - LP: #823296
  * Linux 2.6.32.44
    - LP: #823296
 -- Steve Conklin <sconklin@canonical.com>   Tue, 13 Sep 2011 13:04:10 -0500

Changed in linux (Ubuntu Lucid):
status:	Fix Committed → Fix Released

Jamie Strandboge (jdstrand) on 2013-05-21

Changed in linux (Ubuntu Hardy):
status:	New → Won't Fix

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	Undecided	Unassigned
Hardy	Won't Fix	Undecided	Unassigned
Lucid	Fix Released	Undecided	Paolo Pisati
Maverick	Fix Released	Undecided	Unassigned
Natty	Fix Released	Undecided	Unassigned
Oneiric	Fix Released	Undecided	Unassigned
linux-fsl-imx51 (Ubuntu)	Invalid	Undecided	Unassigned
Hardy	Invalid	Undecided	Unassigned
Lucid	Fix Released	Undecided	Unassigned
Maverick	Invalid	Undecided	Unassigned
Natty	Invalid	Undecided	Unassigned
Oneiric	Invalid	Undecided	Unassigned
linux-lts-backport-maverick (Ubuntu)	Invalid	Undecided	Unassigned
Hardy	Invalid	Undecided	Unassigned
Lucid	Fix Released	Undecided	Unassigned
Maverick	Invalid	Undecided	Unassigned
Natty	Invalid	Undecided	Unassigned
Oneiric	Invalid	Undecided	Unassigned
linux-lts-backport-natty (Ubuntu)	Invalid	Undecided	Unassigned
Hardy	Invalid	Undecided	Unassigned
Lucid	Fix Released	Undecided	Unassigned
Maverick	Invalid	Undecided	Unassigned
Natty	Invalid	Undecided	Unassigned
Oneiric	Invalid	Undecided	Unassigned
linux-mvl-dove (Ubuntu)	Invalid	Undecided	Unassigned
Hardy	Invalid	Undecided	Unassigned
Lucid	Fix Released	Undecided	Unassigned
Maverick	Fix Released	Undecided	Unassigned
Natty	Invalid	Undecided	Unassigned
Oneiric	Invalid	Undecided	Unassigned
linux-ti-omap4 (Ubuntu)	Fix Released	Undecided	Unassigned
Hardy	Invalid	Undecided	Unassigned
Lucid	Invalid	Undecided	Unassigned
Maverick	Fix Released	Undecided	Unassigned
Natty	Fix Released	Undecided	Unassigned
Oneiric	Fix Released	Undecided	Unassigned

Ubuntu
linux-fsl-imx51 package

CVE-2010-4251

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

Ubuntulinux-fsl-imx51 package

CVE-2010-4251

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux-fsl-imx51 package