CVE-2010-4076, CVE-2010-4077
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Undecided
|
Tim Gardner | |||
Dapper |
Undecided
|
Tim Gardner | |||
Hardy |
Undecided
|
Tim Gardner | |||
Karmic |
Undecided
|
Tim Gardner | |||
Lucid |
Undecided
|
Tim Gardner | |||
Maverick |
Undecided
|
Tim Gardner | |||
Natty |
Undecided
|
Tim Gardner | |||
linux-lts-backport-maverick (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Tim Gardner | |||
Maverick |
Undecided
|
Unassigned | |||
Natty |
Undecided
|
Unassigned | |||
linux-mvl-dove (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Unassigned | |||
Maverick |
Undecided
|
Unassigned | |||
Natty |
Undecided
|
Unassigned | |||
linux-ti-omap4 (Ubuntu) |
Undecided
|
Unassigned | |||
Dapper |
Undecided
|
Unassigned | |||
Hardy |
Undecided
|
Unassigned | |||
Karmic |
Undecided
|
Unassigned | |||
Lucid |
Undecided
|
Unassigned | |||
Maverick |
Undecided
|
Unassigned | |||
Natty |
Undecided
|
Unassigned |
Bug Description
The rs_ioctl function in drivers/
Related branches
CVE References
- 2010-0435
- 2010-2942
- 2010-2943
- 2010-2954
- 2010-2955
- 2010-2960
- 2010-2962
- 2010-2963
- 2010-3067
- 2010-3078
- 2010-3080
- 2010-3084
- 2010-3296
- 2010-3297
- 2010-3310
- 2010-3432
- 2010-3437
- 2010-3442
- 2010-3477
- 2010-3705
- 2010-3848
- 2010-3849
- 2010-3850
- 2010-3858
- 2010-3859
- 2010-3861
- 2010-3865
- 2010-3875
- 2010-3876
- 2010-3877
- 2010-3880
- 2010-3904
- 2010-4072
- 2010-4073
- 2010-4076
- 2010-4077
- 2010-4080
- 2010-4081
- 2010-4082
- 2010-4083
- 2010-4157
- 2010-4158
- 2010-4162
- 2010-4163
- 2010-4164
- 2010-4165
- 2010-4169
- 2010-4175
- 2010-4242
- 2010-4243
- 2010-4248
- 2010-4256
- 2010-4258
- 2010-4346
- 2010-4565
- 2010-4649
- 2011-0463
- 2011-0695
- 2011-0711
- 2011-0726
- 2011-1010
- 2011-1012
- 2011-1013
- 2011-1016
- 2011-1017
- 2011-1019
- 2011-1020
- 2011-1078
- 2011-1079
- 2011-1080
- 2011-1082
- 2011-1090
- 2011-1093
- 2011-1160
- 2011-1163
- 2011-1169
- 2011-1170
- 2011-1171
- 2011-1172
- 2011-1173
- 2011-1180
- 2011-1478
- 2011-1493
- 2011-1494
- 2011-1577
- 2011-1598
- 2011-1748
- 2011-1770
- 2011-1833
- 2011-2484
- 2011-2492
- 2011-2534
- 2011-2699
- 2011-2918
visibility: | private → public |
Changed in linux (Ubuntu Natty): | |
assignee: | nobody → Tim Gardner (timg-tpi) |
status: | New → Fix Released |
Changed in linux-lts-backport-maverick (Ubuntu Dapper): | |
status: | New → Invalid |
Changed in linux-lts-backport-maverick (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-lts-backport-maverick (Ubuntu Karmic): | |
status: | New → Invalid |
Changed in linux-lts-backport-maverick (Ubuntu Maverick): | |
status: | New → Invalid |
Changed in linux-lts-backport-maverick (Ubuntu Natty): | |
status: | New → Invalid |
Changed in linux-lts-backport-maverick (Ubuntu Lucid): | |
assignee: | nobody → Tim Gardner (timg-tpi) |
status: | New → In Progress |
Changed in linux-mvl-dove (Ubuntu Dapper): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu Karmic): | |
status: | New → Invalid |
Changed in linux-mvl-dove (Ubuntu Natty): | |
status: | New → Invalid |
summary: |
- CVE-2010-4076 + CVE-2010-4076, CVE-2010-4077 |
Changed in linux (Ubuntu Dapper): | |
assignee: | nobody → Tim Gardner (timg-tpi) |
status: | New → In Progress |
Changed in linux (Ubuntu Hardy): | |
assignee: | nobody → Tim Gardner (timg-tpi) |
status: | New → In Progress |
Changed in linux (Ubuntu Karmic): | |
assignee: | nobody → Tim Gardner (timg-tpi) |
status: | New → In Progress |
Changed in linux (Ubuntu Lucid): | |
assignee: | nobody → Tim Gardner (timg-tpi) |
status: | New → In Progress |
Changed in linux (Ubuntu Maverick): | |
assignee: | nobody → Tim Gardner (timg-tpi) |
status: | New → In Progress |
Changed in linux (Ubuntu Maverick): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Lucid): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Hardy): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Karmic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Dapper): | |
status: | In Progress → Fix Committed |
tags: | added: kernel-cve-tracker |
Launchpad Janitor (janitor) wrote : | #2 |
This bug was fixed in the package linux - 2.6.31-23.74
---------------
linux (2.6.31-23.74) karmic-proposed; urgency=low
[ Steve Conklin ]
* Release Tracking Bug
- LP: #725232
[ Upstream Kernel Changes ]
* bluetooth: Fix missing NULL check, CVE-2010-4242
- LP: #714846
- CVE-2010-4242
* bio: take care not overflow page count when mapping/copying user data,
CVE-2010-4162
- LP: #721441
- CVE-2010-4162
* filter: make sure filters dont read uninitialized memory
- LP: #721282
- CVE-2010-4158
* tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
- LP: #720189
- CVE-2010-4077
* block: check for proper length of iov entries in blk_rq_
CVE-2010-4163
- LP: #721504
- CVE-2010-4163
* block: check for proper length of iov entries earlier in
blk_
- LP: #721504
- CVE-2010-4163
* rds: Integer overflow in RDS cmsg handling, CVE-2010-4175
- LP: #721455
- CVE-2010-4175
-- Steve Conklin <email address hidden> Fri, 25 Feb 2011 14:20:16 -0600
Changed in linux (Ubuntu Karmic): | |
status: | Fix Committed → Fix Released |
Launchpad Janitor (janitor) wrote : | #3 |
This bug was fixed in the package linux - 2.6.32-30.59
---------------
linux (2.6.32-30.59) lucid-proposed; urgency=low
[ Steve Conklin ]
* Release Tracking Bug
- LP: #727336
[ Tim Gardner ]
* [Config] CONFIG_
- LP: #723819
[ Upstream Kernel Changes ]
* virtio_net: Add schedule check to napi_enable call
- LP: #579276
* NFS: fix the return value of nfs_file_fsync()
- LP: #585657
* block: check for proper length of iov entries earlier in
blk_
- LP: #721504
- CVE-2010-4163
* filter: make sure filters dont read uninitialized memory
- LP: #721282
- CVE-2010-4158
* tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
- LP: #720189
- CVE-2010-4077
* staging: usbip: remove double giveback of URB
- LP: #723819
* USB: EHCI: ASPM quirk of ISOC on AMD SB800
- LP: #723819
* rt2x00: add device id for windy31 usb device
- LP: #723819
* ALSA: snd-usb-us122l: Fix missing NULL checks
- LP: #723819
* hwmon: (via686a) Initialize fan_div values
- LP: #723819
* USB: serial: handle Data Carrier Detect changes
- LP: #723819
* USB: CP210x Add two device IDs
- LP: #723819
* USB: CP210x Removed incorrect device ID
- LP: #723819
* USB: usb-storage: unusual_devs update for Cypress ATACB
- LP: #723819
* USB: usb-storage: unusual_devs update for TrekStor DataStation maxi g.u
external hard drive enclosure
- LP: #723819
* USB: usb-storage: unusual_devs entry for CamSport Evo
- LP: #723819
* USB: usb-storage: unusual_devs entry for Coby MP3 player
- LP: #723819
* USB: serial: Updated support for ICOM devices
- LP: #723819
* USB: adding USB support for Cinterion's HC2x, EU3 and PH8 products
- LP: #723819
* USB: EHCI: ASPM quirk of ISOC on AMD Hudson
- LP: #723819
* USB: EHCI: fix DMA deallocation bug
- LP: #723819
* USB: g_printer: fix bug in module parameter definitions
- LP: #723819
* USB: io_edgeport: fix the reported firmware major and minor
- LP: #723819
* USB: ti_usb: fix module removal
- LP: #723819
* USB: Storage: Add unusual_devs entry for VTech Kidizoom
- LP: #723819
* USB: ftdi_sio: add ST Micro Connect Lite uart support
- LP: #723819
* USB: cdc-acm: Adding second ACM channel support for Nokia N8
- LP: #723819
* USB: ftdi_sio: Add VID=0x0647, PID=0x0100 for Acton Research
spectrograph
- LP: #723819
* USB: prevent buggy hubs from crashing the USB stack
- LP: #723819
* staging: comedi: add support for newer jr3 1-channel pci board
- LP: #723819
* staging: comedi: ni_labpc: Use shared IRQ for PCMCIA card
- LP: #723819
* Staging: hv: fix sysfs symlink on hv block device
- LP: #723819
* staging: hv: Enable sending GARP packet after live migration
- LP: #723819
* hvc_iucv: allocate memory buffers for IUCV in zone DMA
- LP: #723819
* iwlagn: enable only rfkill interrupt when device is down
- LP: #723819
* ath9k: Fix bug in delimiter padding computation
- LP: #723819
* correct vdso version string
- LP: #723819
* fix medium error problems with so...
Changed in linux (Ubuntu Lucid): | |
status: | Fix Committed → Fix Released |
Launchpad Janitor (janitor) wrote : | #4 |
This bug was fixed in the package linux - 2.6.35-28.49
---------------
linux (2.6.35-28.49) maverick-proposed; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #726796
[ Colin Ian King ]
* SAUCE: Dell All-In-One: Remove need for Dell module alias
[ Manoj Iyer ]
* SAUCE: add ricoh 0xe823 pci id.
- LP: #717435
[ Upstream Kernel Changes ]
* virtio_net: Add schedule check to napi_enable call
- LP: #579276
* mmc: make sdhci work with ricoh mmc controller
- LP: #717435
* NFS: fix the return value of nfs_file_fsync()
- LP: #585657
* rt2x00: Pad beacon to multiple of 32 bits.
- LP: #659143
* rt2x00: Fix firmware loading regression on x86_64.
- LP: #659143
* rt2x00: Check for errors from skb_pad() calls
- LP: #659143
* block: check for proper length of iov entries earlier in
blk_
- LP: #721504
- CVE-2010-4163
* tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
- LP: #720189
- CVE-2010-4077
- CVE-2010-4076
* rds: Integer overflow in RDS cmsg handling, CVE-2010-4175
- LP: #721455
- CVE-2010-4175
-- Brad Figg <email address hidden> Mon, 28 Feb 2011 13:02:53 -0800
Changed in linux (Ubuntu Maverick): | |
status: | Fix Committed → Fix Released |
Launchpad Janitor (janitor) wrote : | #5 |
This bug was fixed in the package linux-mvl-dove - 2.6.32-216.33
---------------
linux-mvl-dove (2.6.32-216.33) lucid-proposed; urgency=low
[ Ubuntu: 2.6.32-31.60 ]
* Release Tracking Bug
- LP: #734950
* SAUCE: Clear new_profile in error path
- LP: #732700
* [Config] CONFIG_
- LP: #733191
* Revert "drm/radeon/bo: add some fallback placements for VRAM only
objects."
- LP: #652934
* drm/radeon: fall back to GTT if bo creation/validation in VRAM fails.
- LP: #652934
* drm/radeon/kms: Fix retrying ttm_bo_init() after it failed once.
- LP: #652934
* xfs: always use iget in bulkstat
- LP: #692848
* drm/radeon/kms: make the mac rv630 quirk generic
- LP: #728687
* drm/radeon/kms: add pll debugging output
- LP: #728687
* drm/radeon: remove 0x4243 pci id
- LP: #728687
* drm/radeon/kms: fix s/r issues with bios scratch regs
- LP: #728687
* drm/i915/lvds: Add AOpen i915GMm-HFS to the list of false-positive LVDS
- LP: #728687
* drm/i915: Add dependency on CONFIG_TMPFS
- LP: #728687
* Linux 2.6.32.29+drm33.14
- LP: #728687
* NFSD: memory corruption due to writing beyond the stat array
- LP: #728687
* mptfusion: mptctl_release is required in mptctl.c
- LP: #728687
* mptfusion: Fix Incorrect return value in mptscsih_dev_reset
- LP: #728687
* ocfs2_connectio
- LP: #728687
* x25: decrement netdev reference counts on unload
- LP: #728687
* x86, hpet: Disable per-cpu hpet timer if ARAT is supported
- LP: #728687
* OHCI: work around for nVidia shutdown problem
- LP: #728687
* x86/pvclock: Zero last_value on resume
- LP: #728687
* av7110: check for negative array offset
- LP: #728687
* CRED: Fix get_task_cred() and task_state() to not resurrect dead
credentials
- LP: #728687
* bonding/vlan: Avoid mangled NAs on slaves without VLAN tag insertion
- LP: #728687
* CRED: Fix kernel panic upon security_
- LP: #728687
* CRED: Fix BUG() upon security_
- LP: #728687
* CRED: Fix memory and refcount leaks upon security_
failure
- LP: #728687
* sendfile(): check f_op.splice_write() rather than f_op.sendpage()
- LP: #728687
* isdn: hisax: Replace the bogus access to irq stats
- LP: #728687
* ixgbe: add support for 82599 based Express Module X520-P2
- LP: #728687
* ixgbe: prevent speculative processing of descriptors before ready
- LP: #728687
* scsi_dh_alua: add netapp to dev list
- LP: #728687
* scsi_dh_alua: Add IBM Power Virtual SCSI ALUA device to dev list
- LP: #728687
* dm raid1: fail writes if errors are not handled and log fails
- LP: #728687
* GFS2: Fix bmap allocation corner-case bug
- LP: #728687
* dm raid1: fix null pointer dereference in suspend
- LP: #728687
* sunrpc/cache: fix module refcnt leak in a failure path
- LP: #728687
* be2net: Maintain tx and rx counters in driver
- LP: #728687
* tcp: Make TCP_MAXSEG minimum more correct.
- LP: #728687
* nfsd: correctly handle return value from ...
Changed in linux-mvl-dove (Ubuntu Lucid): | |
status: | New → Fix Released |
Launchpad Janitor (janitor) wrote : | #6 |
This bug was fixed in the package linux-mvl-dove - 2.6.32-416.33
---------------
linux-mvl-dove (2.6.32-416.33) maverick; urgency=low
[ Ubuntu: 2.6.32-31.60 ]
* Release Tracking Bug
- LP: #734950
* SAUCE: Clear new_profile in error path
- LP: #732700
* [Config] CONFIG_
- LP: #733191
* Revert "drm/radeon/bo: add some fallback placements for VRAM only
objects."
- LP: #652934
* drm/radeon: fall back to GTT if bo creation/validation in VRAM fails.
- LP: #652934
* drm/radeon/kms: Fix retrying ttm_bo_init() after it failed once.
- LP: #652934
* xfs: always use iget in bulkstat
- LP: #692848
* drm/radeon/kms: make the mac rv630 quirk generic
- LP: #728687
* drm/radeon/kms: add pll debugging output
- LP: #728687
* drm/radeon: remove 0x4243 pci id
- LP: #728687
* drm/radeon/kms: fix s/r issues with bios scratch regs
- LP: #728687
* drm/i915/lvds: Add AOpen i915GMm-HFS to the list of false-positive LVDS
- LP: #728687
* drm/i915: Add dependency on CONFIG_TMPFS
- LP: #728687
* Linux 2.6.32.29+drm33.14
- LP: #728687
* NFSD: memory corruption due to writing beyond the stat array
- LP: #728687
* mptfusion: mptctl_release is required in mptctl.c
- LP: #728687
* mptfusion: Fix Incorrect return value in mptscsih_dev_reset
- LP: #728687
* ocfs2_connectio
- LP: #728687
* x25: decrement netdev reference counts on unload
- LP: #728687
* x86, hpet: Disable per-cpu hpet timer if ARAT is supported
- LP: #728687
* OHCI: work around for nVidia shutdown problem
- LP: #728687
* x86/pvclock: Zero last_value on resume
- LP: #728687
* av7110: check for negative array offset
- LP: #728687
* CRED: Fix get_task_cred() and task_state() to not resurrect dead
credentials
- LP: #728687
* bonding/vlan: Avoid mangled NAs on slaves without VLAN tag insertion
- LP: #728687
* CRED: Fix kernel panic upon security_
- LP: #728687
* CRED: Fix BUG() upon security_
- LP: #728687
* CRED: Fix memory and refcount leaks upon security_
failure
- LP: #728687
* sendfile(): check f_op.splice_write() rather than f_op.sendpage()
- LP: #728687
* isdn: hisax: Replace the bogus access to irq stats
- LP: #728687
* ixgbe: add support for 82599 based Express Module X520-P2
- LP: #728687
* ixgbe: prevent speculative processing of descriptors before ready
- LP: #728687
* scsi_dh_alua: add netapp to dev list
- LP: #728687
* scsi_dh_alua: Add IBM Power Virtual SCSI ALUA device to dev list
- LP: #728687
* dm raid1: fail writes if errors are not handled and log fails
- LP: #728687
* GFS2: Fix bmap allocation corner-case bug
- LP: #728687
* dm raid1: fix null pointer dereference in suspend
- LP: #728687
* sunrpc/cache: fix module refcnt leak in a failure path
- LP: #728687
* be2net: Maintain tx and rx counters in driver
- LP: #728687
* tcp: Make TCP_MAXSEG minimum more correct.
- LP: #728687
* nfsd: correctly handle return value from nfsd_m...
Changed in linux-mvl-dove (Ubuntu Maverick): | |
status: | New → Fix Released |
Launchpad Janitor (janitor) wrote : | #7 |
This bug was fixed in the package linux - 2.6.24-29.88
---------------
linux (2.6.24-29.88) hardy-proposed; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #736290
[Steve Conklin]
* Ubuntu-2.6.24-29.87
* [Config] Allow insertchanges to work in later version chroots
[Upstream Kernel Changes]
* do_exit(): make sure that we run with get_fs() == USER_DS,
CVE-2010-4258
- LP: #723945
- CVE-2010-4258
* Make the bulkstat_one compat ioctl handling more sane
- LP: #692848
* Fix xfs_bulkstat_one size checks & error handling
- LP: #692848
* xfs: always use iget in bulkstat
- LP: #692848
* x25: Prevent crashing when parsing bad X.25 facilities CVE-2010-4164
- LP: #731199
- CVE-2010-4164
* Revised [CVE-2010-4346 Hardy] install_
security_
- LP: #731971
- CVE-2010-4346
linux (2.6.24-29.87) hardy-proposed; urgency=low
[ Steve Conklin ]
* Release Tracking Bug
- LP: #725138
[Upstream Kernel Changes]
* bluetooth: Fix missing NULL check, CVE-2010-4242
- LP: #714846
- CVE-2010-4242
* NFS: fix the return value of nfs_file_fsync()
- LP: #585657
* bio: take care not overflow page count when mapping/copying user data,
CVE-2010-4162
- LP: #721441
- CVE-2010-4162
* filter: make sure filters dont read uninitialized memory
- LP: #721282
- CVE-2010-4158
* tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
- LP: #720189
- CVE-2010-4077
* block: check for proper length of iov entries earlier in
blk_
- LP: #721504
- CVE-2010-4163
-- Brad Figg <email address hidden> Wed, 16 Mar 2011 09:43:35 -0700
Changed in linux (Ubuntu Hardy): | |
status: | Fix Committed → Fix Released |
Changed in linux-lts-backport-maverick (Ubuntu Lucid): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Hardy): | |
status: | Fix Released → Confirmed |
Changed in linux (Ubuntu Karmic): | |
status: | Fix Released → Confirmed |
Changed in linux (Ubuntu Lucid): | |
status: | Fix Released → Confirmed |
Changed in linux-lts-backport-maverick (Ubuntu Lucid): | |
status: | Fix Committed → Confirmed |
Changed in linux-mvl-dove (Ubuntu Lucid): | |
status: | Fix Released → New |
Changed in linux-mvl-dove (Ubuntu Maverick): | |
status: | Fix Released → New |
Changed in linux (Ubuntu Karmic): | |
status: | Confirmed → Won't Fix |
Changed in linux (Ubuntu Maverick): | |
status: | Fix Released → Confirmed |
Changed in linux (Ubuntu Hardy): | |
status: | Confirmed → Fix Released |
Changed in linux (Ubuntu Karmic): | |
status: | Won't Fix → Fix Released |
Changed in linux (Ubuntu Lucid): | |
status: | Confirmed → Fix Released |
Changed in linux (Ubuntu Maverick): | |
status: | Confirmed → Fix Released |
Changed in linux-lts-backport-maverick (Ubuntu Lucid): | |
status: | Confirmed → Fix Released |
Changed in linux-mvl-dove (Ubuntu Lucid): | |
status: | New → Fix Released |
Changed in linux-mvl-dove (Ubuntu Maverick): | |
status: | New → Fix Released |
Changed in linux-ti-omap4 (Ubuntu): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Dapper): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Hardy): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Karmic): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in linux-ti-omap4 (Ubuntu Maverick): | |
status: | New → In Progress |
Changed in linux-ti-omap4 (Ubuntu Natty): | |
status: | New → Fix Released |
Changed in linux-ti-omap4 (Ubuntu Maverick): | |
status: | In Progress → Fix Committed |
Launchpad Janitor (janitor) wrote : | #8 |
This bug was fixed in the package linux-ti-omap4 - 2.6.35-903.24
---------------
linux-ti-omap4 (2.6.35-903.24) maverick-proposed; urgency=low
* Release tracking bug
- LP: #838037
[ Upstream Kernel Changes ]
* ipv6: make fragment identifications less predictable, CVE-2011-2699
- LP: #827685
- CVE-2011-2699
* perf: Fix software event overflow, CVE-2011-2918
- LP: #834121
- CVE-2011-2918
* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
linux-ti-omap4 (2.6.35-903.23) maverick-proposed; urgency=low
* Release tracking bug
- LP: #829655
[ Upstream Kernel Changes ]
* drm/radeon/kms: check AA resolve registers on r300, CVE-2011-1016
- LP: #745686
- CVE-2011-1016
* drm/radeon: fix regression with AA resolve checking, CVE-2011-1016
- LP: #745686
- CVE-2011-1016
* can-bcm: fix minor heap overflow
- LP: #690730
* CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565
- LP: #765007
- CVE-2010-4565
* av7110: check for negative array offset
- LP: #747520
* xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1,
CVE-2011-0711
- LP: #767740
- CVE-2011-0711
* ALSA: caiaq - Fix possible string-buffer overflow
- LP: #747520
* IB/cm: Bump reference count on cm_id before invoking callback,
CVE-2011-0695
- LP: #770369
- CVE-2011-0695
* RDMA/cma: Fix crash in request handlers, CVE-2011-0695
- LP: #770369
- CVE-2011-0695
* Treat writes as new when holes span across page boundaries,
CVE-2011-0463
- LP: #770483
- CVE-2011-0463
* net: clear heap allocations for privileged ethtool actions
- LP: #686158
* usb: iowarrior: don't trust report_size for buffer size
- LP: #747520
* fs/partitions/
CVE-2011-1017
- LP: #771382
- CVE-2011-1017
* Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal
code
- LP: #747520
* Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
- LP: #747520
* exec: make argv/envp memory visible to oom-killer
- LP: #690730
* next_pidmap: fix overflow condition
- LP: #772560
* proc: do proper range check on readdir offset
- LP: #772560
* ALSA: sound/pci/asihpi: check adapter index in hpi_ioctl, CVE-2011-1169
- LP: #785331
- CVE-2011-1169
* mpt2sas: prevent heap overflows and unchecked reads, CVE-2011-1494
- LP: #787145
- CVE-2011-1494
* agp: fix arbitrary kernel memory writes, CVE-1011-2022
- LP: #788684
- CVE-1011-2022
* can: add missing socket check in can/raw release, CVE-2011-1748
- LP: #788694
- CVE-2011-1748
* agp: fix OOM and buffer overflow
- LP: #788700
* drivers/
memory - CVE-2010-3296
- CVE-2010-3296
* drivers/net/eql.c: prevent reading uninitialized stack memory -
CVE-2010-3297
- CVE-2010-3297
* inet_diag: Make sure we actually run the same bytecode we audited,
CVE-2010-3880
- LP: #711865
- CVE-2010-3880
* setup_arg_pages: diagnose excessive argume...
Changed in linux-ti-omap4 (Ubuntu Maverick): | |
status: | Fix Committed → Fix Released |
Changed in linux (Ubuntu Dapper): | |
status: | Fix Committed → Fix Released |
Accepted linux-ec2 into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you in advance!