CVE-2012-0044

Bug #917838 reported by John Johansen on 2012-01-17
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-armadaxp (Ubuntu)
Undecided
Unassigned
Precise
Undecided
Unassigned
Trusty
Undecided
Unassigned
Vivid
Undecided
Unassigned
Wily
Undecided
Unassigned
Xenial
Undecided
Unassigned
linux-ec2 (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-flo (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-fsl-imx51 (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-goldfish (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-lts-backport-maverick (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Unassigned
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Undecided
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-lts-backport-natty (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Unassigned
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Undecided
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Maverick
Medium
Unassigned
Natty
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Undecided
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-lts-quantal (Ubuntu)
Undecided
Unassigned
Precise
Undecided
Unassigned
Trusty
Undecided
Unassigned
Vivid
Undecided
Unassigned
Wily
Undecided
Unassigned
Xenial
Undecided
Unassigned
linux-lts-raring (Ubuntu)
Undecided
Unassigned
Precise
Undecided
Unassigned
Trusty
Undecided
Unassigned
Vivid
Undecided
Unassigned
Wily
Undecided
Unassigned
Xenial
Undecided
Unassigned
linux-lts-saucy (Ubuntu)
Undecided
Unassigned
Precise
Undecided
Unassigned
Trusty
Undecided
Unassigned
Vivid
Undecided
Unassigned
Wily
Undecided
Unassigned
Xenial
Undecided
Unassigned
linux-lts-trusty (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-lts-utopic (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-lts-vivid (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-lts-wily (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-lts-xenial (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Undecided
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-mako (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-manta (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-mvl-dove (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-raspi2 (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned
linux-ti-omap4 (Ubuntu)
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Vivid
Medium
Unassigned
Wily
Medium
Unassigned
Xenial
Medium
Unassigned

Bug Description

Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call.

Break-Fix: 884840aa3ce3214259e69557be5b4ce0d781ffa4 a5cd335165e31db9dbab636fd29895d41da55dd2

John Johansen (jjohansen) wrote :

CVE-2012-0044

tags: added: kernel-cve-tracking-bug
security vulnerability: no → yes
security vulnerability: no → yes
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Maverick):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
Changed in linux (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux (Ubuntu Lucid):
status: New → Invalid
Changed in linux (Ubuntu Precise):
status: New → Invalid
Changed in linux (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Maverick):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
description: updated
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Maverick):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Natty):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Maverick):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance: Undecided → Medium
Andy Whitcroft (apw) on 2012-01-18
Changed in linux (Ubuntu Maverick):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Changed in linux (Ubuntu Natty):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → In Progress
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → In Progress
Changed in linux-ti-omap4 (Ubuntu Maverick):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Changed in linux-ti-omap4 (Ubuntu Natty):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Natty):
status: In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Natty):
status: In Progress → Fix Committed
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ti-omap4 - 2.6.38-1209.21

---------------
linux-ti-omap4 (2.6.38-1209.21) natty-proposed; urgency=low

  * Release Tracking Bug
    - LP: #921724

  [ Upstream Kernel Changes ]

  * xfs: validate acl count
    - LP: #917706
    - CVE-2012-0038
  * xfs: fix acl count validation in xfs_acl_from_disk()
    - LP: #917706
    - CVE-2012-0038
  * drm: integer overflow in drm_mode_dirtyfb_ioctl()
    - LP: #917838
    - CVE-2012-0044
  * igmp: Avoid zero delay when receiving odd mixture of IGMP queries
    - LP: #917848
    - CVE-2012-0207
 -- Paolo Pisati <email address hidden> Thu, 26 Jan 2012 15:05:18 +0100

Changed in linux-ti-omap4 (Ubuntu Natty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.35-32.65

---------------
linux (2.6.35-32.65) maverick-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #920677

  [ Upstream Kernel Changes ]

  * fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message, CVE-2011-3353
    - LP: #905058
    - CVE-2011-3353
  * KVM: x86: Prevent starting PIT timers in the absence of irqchip support
    - LP: #911303
    - CVE-2011-4622
  * sched, x86: Avoid unnecessary overflow in sched_clock
    - LP: #805341
  * use cache type functions for arch_get_unmapped_area
    - LP: #861296
  * topdown mmap support
    - LP: #861296
  * xfs: validate acl count
    - LP: #917706
    - CVE-2012-0038
  * xfs: fix acl count validation in xfs_acl_from_disk()
    - LP: #917706
    - CVE-2012-0038
  * drm: integer overflow in drm_mode_dirtyfb_ioctl()
    - LP: #917838
    - CVE-2012-0044
  * x86/PCI: amd: factor out MMCONFIG discovery
    - LP: #647043
  * PNP: work around Dell 1536/1546 BIOS MMCONFIG bug that breaks USB
    - LP: #647043
 -- Brad Figg <email address hidden> Mon, 23 Jan 2012 13:40:13 -0800

Changed in linux (Ubuntu Maverick):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ti-omap4 - 2.6.35-903.30

---------------
linux-ti-omap4 (2.6.35-903.30) maverick-proposed; urgency=low

  * Release Tracking Bug
    - LP: #921471

  [ Upstream Kernel Changes ]

  * Sched: fix skip_clock_update optimization
    - LP: #911401
    - CVE-2011-4621
  * xfs: validate acl count
    - LP: #917706
    - CVE-2012-0038
  * xfs: fix acl count validation in xfs_acl_from_disk()
    - LP: #917706
    - CVE-2012-0038
  * drm: integer overflow in drm_mode_dirtyfb_ioctl()
    - LP: #917838
    - CVE-2012-0044
 -- Paolo Pisati <email address hidden> Thu, 26 Jan 2012 14:18:42 +0100

Changed in linux-ti-omap4 (Ubuntu Maverick):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.38-13.55

---------------
linux (2.6.38-13.55) natty-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #920790

  [ Upstream Kernel Changes ]

  * fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message, CVE-2011-3353
    - LP: #905058
    - CVE-2011-3353
  * KVM: x86: Prevent starting PIT timers in the absence of irqchip support
    - LP: #911303
    - CVE-2011-4622
  * sched, x86: Avoid unnecessary overflow in sched_clock
    - LP: #805341
  * use cache type functions for arch_get_unmapped_area
    - LP: #861296
  * topdown mmap support
    - LP: #861296
  * xfs: validate acl count
    - LP: #917706
    - CVE-2012-0038
  * xfs: fix acl count validation in xfs_acl_from_disk()
    - LP: #917706
    - CVE-2012-0038
  * drm: integer overflow in drm_mode_dirtyfb_ioctl()
    - LP: #917838
    - CVE-2012-0044
  * x86/PCI: amd: factor out MMCONFIG discovery
    - LP: #647043
  * PNP: work around Dell 1536/1546 BIOS MMCONFIG bug that
    - LP: #647043
 -- Brad Figg <email address hidden> Mon, 23 Jan 2012 18:31:33 -0800

Changed in linux (Ubuntu Natty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-backport-natty - 2.6.38-13.56~lucid1

---------------
linux-lts-backport-natty (2.6.38-13.56~lucid1) lucid-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #931806

  [ Upstream Kernel Changes ]

  * igmp: Avoid zero delay when receiving odd mixture of IGMP queries
    - LP: #917848
    - CVE-2012-0207
  * TOMOYO: Fix oops in tomoyo_mount_acl().
    - LP: #922377
    - CVE-2011-2518
  * oom: fix integer overflow of points in oom_badness
    - LP: #922374
    - CVE-2011-2498

linux (2.6.38-13.55) natty-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #920790

  [ Upstream Kernel Changes ]

  * fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message, CVE-2011-3353
    - LP: #905058
    - CVE-2011-3353
  * KVM: x86: Prevent starting PIT timers in the absence of irqchip support
    - LP: #911303
    - CVE-2011-4622
  * sched, x86: Avoid unnecessary overflow in sched_clock
    - LP: #805341
  * use cache type functions for arch_get_unmapped_area
    - LP: #861296
  * topdown mmap support
    - LP: #861296
  * xfs: validate acl count
    - LP: #917706
    - CVE-2012-0038
  * xfs: fix acl count validation in xfs_acl_from_disk()
    - LP: #917706
    - CVE-2012-0038
  * drm: integer overflow in drm_mode_dirtyfb_ioctl()
    - LP: #917838
    - CVE-2012-0044
  * x86/PCI: amd: factor out MMCONFIG discovery
    - LP: #647043
  * PNP: work around Dell 1536/1546 BIOS MMCONFIG bug that
    - LP: #647043

linux (2.6.38-13.54) natty-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #911195

  [ Alex Bligh ]

  * (config) Change Xen paravirt drivers to be built-in
    - LP: #886521

  [ Paolo Pisati ]

  * [Config] DEFAULT_MMAP_MIN_ADDR=32k on arm
    - LP: #903346

  [ Seth Forshee ]

  * SAUCE: dell-wmi: Demote unknown WMI event message to pr_debug
    - LP: #581312

  [ Upstream Kernel Changes ]

  * VFS: Fix vfsmount overput on simultaneous automount
    - LP: #769927
  * TPM: Zero buffer after copying to userspace, CVE-2011-1162
    - LP: #899463
    - CVE-2011-1162
  * hfs: fix hfs_find_init() sb->ext_tree NULL ptr oops, CVE-2011-2203
    - LP: #899466
    - CVE-2011-2203
  * KEYS: Fix a NULL pointer deref in the user-defined key type,
    CVE-2011-4110
    - LP: #894369
    - CVE-2011-4110
  * nfsd4: permit read opens of executable-only files
    - LP: #833300
  * Support for Terratec G1
    - LP: #821061
 -- Brad Figg <email address hidden> Mon, 13 Feb 2012 15:58:51 -0800

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (18.0 KiB)

This bug was fixed in the package linux-lts-backport-maverick - 2.6.35-32.66~lucid1

---------------
linux-lts-backport-maverick (2.6.35-32.66~lucid1) lucid-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #931795

  [ Upstream Kernel Changes ]

  * net: ip_expire() must revalidate route
    - LP: #922051
    - CVE-2011-1927
  * bridge: Fix mglist corruption that leads to memory corruption
    - LP: #917813
    - CVE-2011-0716
  * AppArmor: fix oops in apparmor_setprocattr
    - LP: #789409
    - CVE-2011-3619

linux (2.6.35-32.65) maverick-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #920677

  [ Upstream Kernel Changes ]

  * fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message, CVE-2011-3353
    - LP: #905058
    - CVE-2011-3353
  * KVM: x86: Prevent starting PIT timers in the absence of irqchip support
    - LP: #911303
    - CVE-2011-4622
  * sched, x86: Avoid unnecessary overflow in sched_clock
    - LP: #805341
  * use cache type functions for arch_get_unmapped_area
    - LP: #861296
  * topdown mmap support
    - LP: #861296
  * xfs: validate acl count
    - LP: #917706
    - CVE-2012-0038
  * xfs: fix acl count validation in xfs_acl_from_disk()
    - LP: #917706
    - CVE-2012-0038
  * drm: integer overflow in drm_mode_dirtyfb_ioctl()
    - LP: #917838
    - CVE-2012-0044
  * x86/PCI: amd: factor out MMCONFIG discovery
    - LP: #647043
  * PNP: work around Dell 1536/1546 BIOS MMCONFIG bug that breaks USB
    - LP: #647043

linux (2.6.35-32.64) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #910919

  [ Seth Forshee ]

  * SAUCE: dell-wmi: Demote unknown WMI event message to pr_debug
    - LP: #581312

  [ Upstream Kernel Changes ]

  * Revert "Revert "xen: set max_pfn_mapped to the last pfn mapped""
    - LP: #898139
  * Revert "core: Fix memory leak/corruption on VLAN GRO_DROP,
    CVE-2011-1576"
    - LP: #844361
  * kbuild: Disable -Wunused-but-set-variable for gcc 4.6.0
    - LP: #898139
  * kbuild: Fix passing -Wno-* options to gcc 4.4+
    - LP: #898139
  * maintainer
    - LP: #898139
  * Remove the old V4L1 v4lgrab.c file
    - LP: #898139
  * i8k: Tell gcc that *regs gets clobbered
    - LP: #898139
  * Fix gcc 4.5.1 miscompiling drivers/char/i8k.c (again)
    - LP: #898139
  * USB: serial/usb_wwan, fix tty NULL dereference
    - LP: #898139
  * ipv6: add special mode accept_ra=2 to accept RA while configured as
    router
    - LP: #898139
  * set memory ranges in N_NORMAL_MEMORY when onlined
    - LP: #898139
  * FLEXCOP-PCI: fix __xlate_proc_name-warning for flexcop-pci
    - LP: #898139
  * m68k/mm: Set all online nodes in N_NORMAL_MEMORY
    - LP: #898139
  * nfs: don't lose MS_SYNCHRONOUS on remount of noac mount
    - LP: #898139
  * NFSv4.1: Ensure state manager thread dies on last umount
    - LP: #898139
  * Input: xen-kbdfront - fix mouse getting stuck after save/restore
    - LP: #898139
  * pmcraid: reject negative request size
    - LP: #898139
  * mmc: sdhci-pci: Fix error case in sdhci_pci_probe_slot()
    - LP: #898139
  * mmc: sdhci: Check mrq->cmd in sdhci_tasklet_finish
    - LP: #898139
  * mmc: sdhci: Check...

Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Maverick):
status: New → Invalid
description: updated
Andy Whitcroft (apw) on 2012-08-09
Changed in linux (Ubuntu Lucid):
status: Invalid → In Progress
Changed in linux-ec2 (Ubuntu Lucid):
status: Invalid → In Progress
Changed in linux-ec2 (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Lucid):
status: In Progress → Fix Committed

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-42.96

---------------
linux (2.6.32-42.96) lucid-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1036553

  [ Andy Whitcroft ]

  * SAUCE: rds_ib_send() -- prevent local pings triggering BUG_ON()
    - LP: #1016299
    - CVE-2012-2372

  [ Upstream Kernel Changes ]

  * udf: Fortify loading of sparing table
    - LP: #1024497
    - CVE-2012-3400
  * udf: Avoid run away loop when partition table length is corrupted
    - LP: #1024497
    - CVE-2012-3400
  * eCryptfs: Gracefully refuse miscdev file ops on inherited/passed files
    - LP: #994247
  * eCryptfs: Copy up POSIX ACL and read-only flags from lower mount
    - LP: #1009207
  * drm: integer overflow in drm_mode_dirtyfb_ioctl()
    - LP: #917838
    - CVE-2012-0044
 -- Luis Henriques <email address hidden> Tue, 14 Aug 2012 09:51:58 +0100

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ec2 - 2.6.32-347.53

---------------
linux-ec2 (2.6.32-347.53) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-42.96
  * Release Tracking Bug
    - LP: #1038971

  [ Ubuntu: 2.6.32-42.96 ]

  * SAUCE: rds_ib_send() -- prevent local pings triggering BUG_ON()
    - LP: #1016299
    - CVE-2012-2372
  * udf: Fortify loading of sparing table
    - LP: #1024497
    - CVE-2012-3400
  * udf: Avoid run away loop when partition table length is corrupted
    - LP: #1024497
    - CVE-2012-3400
  * eCryptfs: Gracefully refuse miscdev file ops on inherited/passed files
    - LP: #994247
  * eCryptfs: Copy up POSIX ACL and read-only flags from lower mount
    - LP: #1009207
  * drm: integer overflow in drm_mode_dirtyfb_ioctl()
    - LP: #917838
    - CVE-2012-0044
 -- Stefan Bader <email address hidden> Mon, 20 Aug 2012 18:32:20 +0200

Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Ike Panhc (ikepanhc) wrote :

Patch 884840aa3ce3214259e69557be5b4ce0d781ffa4 a5cd335165e31db9dbab636fd29895d41da55dd2 in upstream 3.5 already

Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Released
Changed in linux-armadaxp (Ubuntu Hardy):
status: New → Won't Fix
Changed in linux-armadaxp (Ubuntu Natty):
status: New → Won't Fix
Changed in linux-armadaxp (Ubuntu Oneiric):
status: New → Won't Fix
no longer affects: linux-lts-trusty (Ubuntu Hardy)
no longer affects: linux-lts-trusty (Ubuntu Lucid)
no longer affects: linux-lts-trusty (Ubuntu Maverick)
no longer affects: linux-lts-trusty (Ubuntu Natty)
no longer affects: linux-lts-trusty (Ubuntu Oneiric)
no longer affects: linux-lts-trusty (Ubuntu Quantal)
no longer affects: linux-armadaxp (Ubuntu Hardy)
no longer affects: linux-armadaxp (Ubuntu Lucid)
no longer affects: linux-armadaxp (Ubuntu Maverick)
no longer affects: linux-armadaxp (Ubuntu Natty)
no longer affects: linux-armadaxp (Ubuntu Oneiric)
no longer affects: linux-armadaxp (Ubuntu Quantal)
no longer affects: linux-ec2 (Ubuntu Hardy)
no longer affects: linux-ec2 (Ubuntu Lucid)
no longer affects: linux-ec2 (Ubuntu Maverick)
no longer affects: linux-ec2 (Ubuntu Natty)
no longer affects: linux-ec2 (Ubuntu Oneiric)
no longer affects: linux-ec2 (Ubuntu Quantal)
no longer affects: linux-goldfish (Ubuntu Hardy)
no longer affects: linux-goldfish (Ubuntu Lucid)
no longer affects: linux-goldfish (Ubuntu Maverick)
no longer affects: linux-goldfish (Ubuntu Natty)
no longer affects: linux-goldfish (Ubuntu Oneiric)
no longer affects: linux-goldfish (Ubuntu Quantal)
no longer affects: linux-lts-saucy (Ubuntu Hardy)
no longer affects: linux-lts-saucy (Ubuntu Lucid)
no longer affects: linux-lts-saucy (Ubuntu Maverick)
no longer affects: linux-lts-saucy (Ubuntu Natty)
no longer affects: linux-lts-saucy (Ubuntu Oneiric)
no longer affects: linux-lts-saucy (Ubuntu Quantal)
no longer affects: linux-lts-quantal (Ubuntu Hardy)
no longer affects: linux-lts-quantal (Ubuntu Lucid)
no longer affects: linux-lts-quantal (Ubuntu Maverick)
no longer affects: linux-lts-quantal (Ubuntu Natty)
no longer affects: linux-lts-quantal (Ubuntu Oneiric)
no longer affects: linux-lts-quantal (Ubuntu Quantal)
no longer affects: linux-mvl-dove (Ubuntu Hardy)
no longer affects: linux-mvl-dove (Ubuntu Lucid)
no longer affects: linux-mvl-dove (Ubuntu Maverick)
no longer affects: linux-mvl-dove (Ubuntu Natty)
no longer affects: linux-mvl-dove (Ubuntu Oneiric)
no longer affects: linux-mvl-dove (Ubuntu Quantal)
no longer affects: linux-ti-omap4 (Ubuntu Hardy)
no longer affects: linux-ti-omap4 (Ubuntu Lucid)
no longer affects: linux-ti-omap4 (Ubuntu Maverick)
no longer affects: linux-ti-omap4 (Ubuntu Natty)
no longer affects: linux-ti-omap4 (Ubuntu Oneiric)
no longer affects: linux-ti-omap4 (Ubuntu Quantal)
no longer affects: linux-lts-vivid (Ubuntu Hardy)
no longer affects: linux-lts-vivid (Ubuntu Lucid)
no longer affects: linux-lts-vivid (Ubuntu Maverick)
no longer affects: linux-lts-vivid (Ubuntu Natty)
no longer affects: linux-lts-vivid (Ubuntu Oneiric)
no longer affects: linux-lts-vivid (Ubuntu Quantal)
no longer affects: linux (Ubuntu Hardy)
no longer affects: linux (Ubuntu Lucid)
no longer affects: linux (Ubuntu Maverick)
no longer affects: linux (Ubuntu Natty)
no longer affects: linux (Ubuntu Oneiric)
no longer affects: linux (Ubuntu Quantal)
no longer affects: linux-mako (Ubuntu Hardy)
no longer affects: linux-mako (Ubuntu Lucid)
no longer affects: linux-mako (Ubuntu Maverick)
no longer affects: linux-mako (Ubuntu Natty)
no longer affects: linux-mako (Ubuntu Oneiric)
no longer affects: linux-mako (Ubuntu Quantal)
no longer affects: linux-fsl-imx51 (Ubuntu Hardy)
no longer affects: linux-fsl-imx51 (Ubuntu Lucid)
no longer affects: linux-fsl-imx51 (Ubuntu Maverick)
no longer affects: linux-fsl-imx51 (Ubuntu Natty)
no longer affects: linux-fsl-imx51 (Ubuntu Oneiric)
no longer affects: linux-fsl-imx51 (Ubuntu Quantal)
no longer affects: linux-lts-utopic (Ubuntu Hardy)
no longer affects: linux-lts-utopic (Ubuntu Lucid)
no longer affects: linux-lts-utopic (Ubuntu Maverick)
no longer affects: linux-lts-utopic (Ubuntu Natty)
no longer affects: linux-lts-utopic (Ubuntu Oneiric)
no longer affects: linux-lts-utopic (Ubuntu Quantal)
no longer affects: linux-flo (Ubuntu Hardy)
no longer affects: linux-flo (Ubuntu Lucid)
no longer affects: linux-flo (Ubuntu Maverick)
no longer affects: linux-flo (Ubuntu Natty)
no longer affects: linux-flo (Ubuntu Oneiric)
no longer affects: linux-flo (Ubuntu Quantal)
no longer affects: linux-lts-raring (Ubuntu Hardy)
no longer affects: linux-lts-raring (Ubuntu Lucid)
no longer affects: linux-lts-raring (Ubuntu Maverick)
no longer affects: linux-lts-raring (Ubuntu Natty)
no longer affects: linux-lts-raring (Ubuntu Oneiric)
no longer affects: linux-lts-raring (Ubuntu Quantal)
no longer affects: linux-manta (Ubuntu Hardy)
no longer affects: linux-manta (Ubuntu Lucid)
no longer affects: linux-manta (Ubuntu Maverick)
no longer affects: linux-manta (Ubuntu Natty)
no longer affects: linux-manta (Ubuntu Oneiric)
no longer affects: linux-manta (Ubuntu Quantal)
Changed in linux-lts-trusty (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-vivid (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-vivid (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-vivid (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-vivid (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-vivid (Ubuntu Trusty):
status: New → Fix Committed
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Steve Beattie (sbeattie) on 2015-12-03
no longer affects: linux-lts-trusty (Ubuntu Utopic)
no longer affects: linux-armadaxp (Ubuntu Utopic)
no longer affects: linux-ec2 (Ubuntu Utopic)
no longer affects: linux-lts-wily (Ubuntu Utopic)
no longer affects: linux-goldfish (Ubuntu Utopic)
no longer affects: linux-lts-saucy (Ubuntu Utopic)
no longer affects: linux-lts-quantal (Ubuntu Utopic)
no longer affects: linux-raspi2 (Ubuntu Utopic)
no longer affects: linux-mvl-dove (Ubuntu Utopic)
no longer affects: linux-ti-omap4 (Ubuntu Utopic)
no longer affects: linux-lts-vivid (Ubuntu Utopic)
no longer affects: linux (Ubuntu Utopic)
no longer affects: linux-mako (Ubuntu Utopic)
no longer affects: linux-fsl-imx51 (Ubuntu Utopic)
no longer affects: linux-lts-utopic (Ubuntu Utopic)
no longer affects: linux-flo (Ubuntu Utopic)
no longer affects: linux-lts-raring (Ubuntu Utopic)
no longer affects: linux-manta (Ubuntu Utopic)
Changed in linux-raspi2 (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-raspi2 (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-raspi2 (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-raspi2 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-wily (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-wily (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-wily (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-wily (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Steve Beattie (sbeattie) on 2015-12-03
Changed in linux-raspi2 (Ubuntu Xenial):
status: New → Fix Committed
importance: Undecided → Medium
Changed in linux-lts-wily (Ubuntu Xenial):
status: New → Invalid
importance: Undecided → Medium
Steve Beattie (sbeattie) on 2016-02-09
Changed in linux-lts-xenial (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-xenial (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-xenial (Ubuntu Xenial):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-xenial (Ubuntu Trusty):
status: New → Fix Committed
importance: Undecided → Medium
Rolf Leggewie (r0lf) on 2016-04-24
Changed in linux-lts-backport-maverick (Ubuntu Utopic):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Utopic):
status: New → Won't Fix
Changed in linux-lts-backport-oneiric (Ubuntu Utopic):
status: New → Won't Fix

This bug was nominated against a series that is no longer supported, ie vivid. The bug task representing the vivid nomination is being closed as Won't Fix.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux-armadaxp (Ubuntu Vivid):
status: New → Won't Fix
Andy Whitcroft (apw) on 2017-10-17
Changed in linux-lts-quantal (Ubuntu Vivid):
status: New → Won't Fix
Andy Whitcroft (apw) on 2017-10-17
Changed in linux-lts-saucy (Ubuntu Vivid):
status: New → Won't Fix
Andy Whitcroft (apw) on 2017-10-17
Changed in linux-lts-xenial (Ubuntu Vivid):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers