This bug was fixed in the package linux - 2.6.32-49.111 --------------- linux (2.6.32-49.111) lucid; urgency=low [Steve Conklin] * Release Tracking Bug - LP: #1193108 [ Upstream Kernel Changes ] * Revert "pcdp: use early_ioremap/early_iounmap to access pcdp table" - LP: #1193044 * Revert "block: improve queue_should_plug() by looking at IO depths" - LP: #1193044 * kernel/signal.c: stop info leak via the tkill and the tgkill syscalls - LP: #1187732 - CVE-2013-2141 * b43: stop format string leaking into error msgs - LP: #1189833 - CVE-2013-2852 * 2.6.32.y: timekeeping: Fix nohz issue with commit 61b76840ddee647c0c223365378c3f394355b7d7 - LP: #1193044 * clockevents: Don't allow dummy broadcast timers - LP: #1193044 * posix-cpu-timers: Fix nanosleep task_struct leak - LP: #1193044 * timer: Don't reinitialize the cpu base lock during CPU_UP_PREPARE - LP: #1193044 * tick: Cleanup NOHZ per cpu data on cpu down - LP: #1193044 * kbuild: Fix gcc -x syntax - LP: #1193044 * gen_init_cpio: avoid stack overflow when expanding - LP: #1193044 * coredump: prevent double-free on an error path in core dumper - LP: #1193044 * kernel/sys.c: call disable_nonboot_cpus() in kernel_restart() - LP: #1193044 * ring-buffer: Fix race between integrity check and readers - LP: #1193044 * genalloc: stop crashing the system when destroying a pool - LP: #1193044 * kernel/resource.c: fix stack overflow in __reserve_region_with_split() - LP: #1193044 * Driver core: treat unregistered bus_types as having no devices - LP: #1193044 * cgroup: remove incorrect dget/dput() pair in cgroup_create_dir() - LP: #1193044 * Fix a dead loop in async_synchronize_full() - LP: #1193044 * tracing: Don't call page_to_pfn() if page is NULL - LP: #1193044 * tracing: Fix double free when function profile init failed - LP: #1193044 * mm: Fix PageHead when !CONFIG_PAGEFLAGS_EXTENDED - LP: #1193044 * mm: bugfix: set current->reclaim_state to NULL while returning from kswapd() - LP: #1193044 * mm: fix invalidate_complete_page2() lock ordering - LP: #1193044 * mempolicy: fix a race in shared_policy_replace() - LP: #1193044 * ALSA: hda - More ALC663 fixes and support of compatible chips - LP: #1193044 * ALSA: hda - Add a pin-fix for FSC Amilo Pi1505 - LP: #1193044 * ALSA: seq: Fix missing error handling in snd_seq_timer_open() - LP: #1193044 * ALSA: ac97 - Fix missing NULL check in snd_ac97_cvol_new() - LP: #1193044 * x86, ioapic: initialize nr_ioapic_registers early in mp_register_ioapic() - LP: #1193044 * x86: Don't use the EFI reboot method by default - LP: #1193044 * x86, random: make ARCH_RANDOM prompt if EMBEDDED, not EXPERT - LP: #1193044 * x86/mm: Check if PUD is large when validating a kernel address - LP: #1193044 * x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates - LP: #1193044 * xen/bootup: allow read_tscp call for Xen PV guests. - LP: #1193044 * xen/bootup: allow {read|write}_cr8 pvops call. - LP: #1193044 * KVM: x86: relax MSR_KVM_SYSTEM_TIME alignment check - LP: #1193044 * KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461) - LP: #1193044 * MCE: Fix vm86 handling for 32bit mce handler - LP: #1193044 * ACPI / cpuidle: Fix NULL pointer issues when cpuidle is disabled - LP: #1193044 * alpha: Add irongate_io to PCI bus resources - LP: #1193044 * PARISC: fix user-triggerable panic on parisc - LP: #1193044 * serial: 8250, increase PASS_LIMIT - LP: #1193044 * drivers/char/ipmi: memcpy, need additional 2 bytes to avoid memory overflow - LP: #1193044 * w1: fix oops when w1_search is called from netlink connector - LP: #1193044 * staging: comedi: ni_labpc: correct differential channel sequence for AI commands - LP: #1193044 * staging: comedi: ni_labpc: set up command4 register *after* command3 - LP: #1193044 * staging: comedi: comedi_test: fix race when cancelling command - LP: #1193044 * staging: comedi: fix memory leak for saved channel list - LP: #1193044 * staging: comedi: s626: don't dereference insn->data - LP: #1193044 * staging: comedi: jr3_pci: fix iomem dereference - LP: #1193044 * staging: comedi: don't dereference user memory for INSN_INTTRIG - LP: #1193044 * staging: comedi: check s->async for poll(), read() and write() - LP: #1193044 * staging: comedi: das08: Correct AO output for das08jr-16-ao - LP: #1193044 * staging: vt6656: [BUG] out of bound array reference in RFbSetPower. - LP: #1193044 * libata: fix Null pointer dereference on disk error - LP: #1193044 * scsi: Silence unnecessary warnings about ioctl to partition - LP: #1193044 * scsi: use __uX types for headers exported to user space - LP: #1193044 * fix crash in scsi_dispatch_cmd() - LP: #1193044 * SCSI: bnx2i: Fixed NULL ptr deference for 1G bnx2 Linux iSCSI offload - LP: #1193044 * crypto: cryptd - disable softirqs in cryptd_queue_worker to prevent data corruption - LP: #1193044 * xfrm_user: return error pointer instead of NULL #2 - LP: #1193044 * r8169: correct settings of rtl8102e. - LP: #1193044 * r8169: remove the obsolete and incorrect AMD workaround - LP: #1193044 * r8169: Add support for D-Link 530T rev C1 (Kernel Bug 38862) - LP: #1193044 * r8169: incorrect identifier for a 8168dp - LP: #1193044 * b43legacy: Fix crash on unload when firmware not available - LP: #1193044 * tg3: Avoid null pointer dereference in tg3_interrupt in netconsole mode - LP: #1193044 * IPoIB: Fix use-after-free of multicast object - LP: #1193044 * telephony: ijx: buffer overflow in ixj_write_cid() - LP: #1193044 * Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER) - LP: #1193044 * xhci: Make handover code more robust - LP: #1193044 * USB: whiteheat: fix memory leak in error path - LP: #1193044 * USB: serial: Fix memory leak in sierra_release() - LP: #1193044 * USB: mos7840: fix urb leak at release - LP: #1193044 * USB: mos7840: fix port-device leak in error path - LP: #1193044 * USB: garmin_gps: fix memory leak on disconnect - LP: #1193044 * USB: serial: ftdi_sio: Handle the old_termios == 0 case e.g. uart_resume_port() - LP: #1193044 * USB: ftdi_sio: Quiet sparse noise about using plain integer was NULL pointer - LP: #1193044 * epoll: prevent missed events on EPOLL_CTL_MOD - LP: #1193044 * fs/fscache/stats.c: fix memory leak - LP: #1193044 * sysfs: sysfs_pathname/sysfs_add_one: Use strlcat() instead of strcat() - LP: #1193044 * jbd: Delay discarding buffers in journal_unmap_buffer - LP: #1193044 * jbd: Fix assertion failure in commit code due to lacking transaction credits - LP: #1193044 * jbd: Fix lock ordering bug in journal_unmap_buffer() - LP: #1193044 * ext4: Fix fs corruption when make_indexed_dir() fails - LP: #1193044 * ext4: don't dereference null pointer when make_indexed_dir() fails - LP: #1193044 * ext4: fix memory leak in ext4_xattr_set_acl()'s error path - LP: #1193044 * ext4: online defrag is not supported for journaled files - LP: #1193044 * ext4: always set i_op in ext4_mknod() - LP: #1193044 * ext4: fix fdatasync() for files with only i_size changes - LP: #1193044 * ext4: lock i_mutex when truncating orphan inodes - LP: #1193044 * ext4: fix race in ext4_mb_add_n_trim() - LP: #1193044 * ext4: limit group search loop for non-extent files - LP: #1193044 * CVE-2012-4508 kernel: ext4: AIO vs fallocate stale data exposure - LP: #1193044 - CVE-2012-4508 kernel: ext4: AIO vs fallocate stale data exposure * ext4: make orphan functions be no-op in no-journal mode - LP: #1193044 * ext4: avoid hang when mounting non-journal filesystems with orphan list - LP: #1193044 * udf: fix memory leak while allocating blocks during write - LP: #1193044 * udf: Fix bitmap overflow on large filesystems with small block size - LP: #1193044 * fs/cifs/cifs_dfs_ref.c: fix potential memory leakage - LP: #1193044 * fat: Fix stat->f_namelen - LP: #1193044 * hfsplus: fix potential overflow in hfsplus_file_truncate() - LP: #1193044 * btrfs: use rcu_barrier() to wait for bdev puts at unmount - LP: #1193044 * kernel panic when mount NFSv4 - LP: #1193044 * nfsd4: fix oops on unusual readlike compound - LP: #1193044 * net/core: Fix potential memory leak in dev_set_alias() - LP: #1193044 * net: reduce net_rx_action() latency to 2 HZ - LP: #1193044 * softirq: reduce latencies - LP: #1193044 * af_packet: remove BUG statement in tpacket_destruct_skb - LP: #1193044 * bridge: set priority of STP packets - LP: #1193044 * bonding: Fix slave selection bug. - LP: #1193044 * ipv4: check rt_genid in dst_check - LP: #1193044 * net_sched: gact: Fix potential panic in tcf_gact(). - LP: #1193044 * net: sched: integer overflow fix - LP: #1193044 * net: prevent setting ttl=0 via IP_TTL - LP: #1193044 * net: guard tcp_set_keepalive() to tcp sockets - LP: #1193044 * inet: add RCU protection to inet->opt - LP: #1193044 * tcp: allow splice() to build full TSO packets - LP: #1193044 * tcp: fix MSG_SENDPAGE_NOTLAST logic - LP: #1193044 * tcp: preserve ACK clocking in TSO - LP: #1193044 * unix: fix a race condition in unix_release() - LP: #1193044 * sctp: fix memory leak in sctp_datamsg_from_user() when copy from user space fails - LP: #1193044 * net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree - LP: #1193044 * net: sctp: sctp_endpoint_free: zero out secret key data - LP: #1193044 * net: sctp: sctp_auth_key_put: use kzfree instead of kfree - LP: #1193044 * netfilter: nf_ct_ipv4: packets with wrong ihl are invalid - LP: #1193044 * ipvs: allow transmit of GRO aggregated skbs - LP: #1193044 * ipvs: IPv6 MTU checking cleanup and bugfix - LP: #1193044 * isdnloop: fix and simplify isdnloop_init() - LP: #1193044 * mpt2sas: Send default descriptor for RAID pass through in mpt2ctl - LP: #1193044 * x86, ptrace: fix build breakage with gcc 4.7 - LP: #1193044 * Linux 2.6.32.61 - LP: #1193044 -- Steve Conklin