* SAUCE: docs -- fix doc strings for fc_event_seq
* SAUCE: (no-up) Modularize vesafb -- fix initialization
- LP: #611471
* SAUCE: sched: update load count only once per cpu in 10 tick update window
- LP: #513848
* SAUCE: agp/intel: Add second set of PCI-IDs for B43
- LP: #640214
* SAUCE: drm/i915: Add second set of PCI-IDs for B43
- LP: #640214
* SAUCE: Fix compile error on ia64, powerpc, and sparc
* (pre-stable) x86-32, resume: do a global tlb flush in S4 resume
- LP: #531309
* PCI: Ensure we re-enable devices on resume
- LP: #566149
[ Ubuntu: 2.6.31-22.67 ]
* Local privilege escalation vulnerability in RDS sockets
- CVE-2010-3904
* v4l: disable dangerous buggy compat function
- CVE-2010-2963
* mm: Do not assume ENOMEM when looking at a split stack vma
- LP: #646114
* mm: Use helper to find real vma with stack guard page
- LP: #646114
* Fix race in tty_fasync() properly
- CVE-2009-4895
* ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files
- CVE-2010-2066
* xfs: prevent swapext from operating on write-only files
- CVE-2010-2226
* cifs: Fix a kernel BUG with remote OS/2 server (try #3)
- CVE-2010-2248
* ethtool: Fix potential user buffer overflow for ETHTOOL_{G, S}RXFH
- CVE-2010-2478
* l2tp: Fix oops in pppol2tp_xmit
- CVE-2010-2495
* nfsd4: bug in read_buf
- CVE-2010-2521
* CIFS: Fix a malicious redirect problem in the DNS lookup code
- CVE-2010-2524
* GFS2: rename causes kernel Oops
- CVE-2010-2798
* net sched: fix some kernel memory leaks
- CVE-2010-2942
* jfs: don't allow os2 xattr namespace overlap with others
- CVE-2010-2946
* irda: Correctly clean up self->ias_obj on irda_bind() failure.
- CVE-2010-2954
* wireless extensions: fix kernel heap content leak
- CVE-2010-2955
* ext4: consolidate in_range() definitions
- CVE-2010-3015
* aio: check for multiplication overflow in do_io_submit
- CVE-2010-3067
* xfs: prevent reading uninitialized stack memory
- CVE-2010-3078
* ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
- CVE-2010-3080
* niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL
- CVE-2010-3084
* rose: Fix signedness issues wrt. digi count.
- CVE-2010-3310
* sctp: Do not reset the packet during sctp_packet_config().
- CVE-2010-3432
* Fix pktcdvd ioctl dev_minor range check
- CVE-2010-3437
* ALSA: prevent heap corruption in snd_ctl_new()
- CVE-2010-3442
* net sched: fix kernel leak in act_police
- CVE-2010-3477
* Fix out-of-bounds reading in sctp_asoc_get_hmac()
- CVE-2010-3705
* ocfs2: Don't walk off the end of fast symlinks.
- CVE-2010-NNN2
-- Tim Gardner <email address hidden> Fri, 04 Feb 2011 11:39:27 -0700
This bug was fixed in the package linux-fsl-imx51 - 2.6.31-608.22
---------------
linux-fsl-imx51 (2.6.31-608.22) lucid; urgency=low
[ Tim Gardner ]
* rebased to 2.6.31-22.72
* Tracking bug
- LP: #713266
[ Upstream Kernel Changes ]
* Karmic SRU: thinkpad-acpi: lock down video output state access, CVE-2010-3448 video/sis/ sis_main. c: prevent reading uninitialized stack
- LP: #706999
- CVE-2010-3448
* USB: serial/mos*: prevent reading uninitialized stack memory,
CVE-2010-4074
- LP: #706149
- CVE-2010-4074
* KVM: Fix fs/gs reload oops with invalid ldt
- LP: #707000
- CVE-2010-3698
* drivers/
memory, CVE-2010-4078
- LP: #707579
- CVE-2010-4078
* V4L/DVB: ivtvfb: prevent reading uninitialized stack memory,
CVE-2010-4079
- LP: #707649
- CVE-2010-4079
[ Upstream Kernel Changes ]
* ipc: initialize structure memory to zero for compat functions
* tcp: Increase TCP_MAXSEG socket option minimum.
- CVE-2010-4165
* perf_events: Fix perf_counter_mmap() hook in mprotect()
- CVE-2010-4169
* af_unix: limit unix_tot_inflight
- CVE-2010-4249
linux-fsl-imx51 (2.6.31-608.21) lucid-proposed; urgency=low
[ Leann Ogasawara ]
* Rebased to 2.6.31-22.70
[ Ubuntu: 2.6.31-22.70 ]
- LP: #683474 CLONE_RANGE net/cxgb3/ cxgb3_main. c: prevent reading uninitialized stack memory net/usb/ hso.c: prevent reading uninitialized memory
* Revert "SAUCE: AF_ECONET saddr->cookie prevent NULL pointer
dereference"
* Revert "SAUCE: AF_ECONET SIOCSIFADDR ioctl does not check privileges"
* Revert "SAUCE: AF_ECONET prevent kernel stack overflow"
* Btrfs: fix checks in BTRFS_IOC_
- CVE-2010-2538
* xfs: validate untrusted inode numbers during lookup
- CVE-2010-2943
* xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED
- CVE-2010-2943
* xfs: remove block number from inode lookup code
- CVE-2010-2943
* xfs: fix untrusted inode number lookup
- CVE-2010-2943
* drm/i915: Sanity check pread/pwrite
- CVE-2010-2962
* drm/i915: Rephrase pwrite bounds checking to avoid any potential overflow
- CVE-2010-2962
* tracing: Do not allow llseek to set_ftrace_filter
- CVE-2010-3079
* drivers/
- CVE-2010-3296
* drivers/net/eql.c: prevent reading uninitialized stack memory
- CVE-2010-3297
* drivers/
- CVE-2010-3298
* setup_arg_pages: diagnose excessive argument size
- CVE-2010-3858
* net: clear heap allocation for ETHTOOL_GRXCLSRLALL
- CVE-2010-3861
* ipc: shm: fix information leak to userland
- CVE-2010-4072
* econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849
- CVE-2010-3849
* econet: fix CVE-2010-3850
- CVE-2010-3850
* econet: fix CVE-2010-3848
- CVE-2010-3848
[ Ubuntu: 2.6.31-22.69 ]
* SAUCE: AF_ECONET prevent kernel stack overflow
- CVE-2010-3848
* SAUCE: AF_ECONET SIOCSIFADDR ioctl does not check privileges
- CVE-2010-3850
* SAUCE: AF_ECONET saddr->cookie prevent NULL pointer dereference
- CVE-2010-3849
[ Ubuntu: 2.6.31-22.68 ]
* SAUCE: docs -- fix doc strings for fc_event_seq
* SAUCE: (no-up) Modularize vesafb -- fix initialization
- LP: #611471
* SAUCE: sched: update load count only once per cpu in 10 tick update window
- LP: #513848
* SAUCE: agp/intel: Add second set of PCI-IDs for B43
- LP: #640214
* SAUCE: drm/i915: Add second set of PCI-IDs for B43
- LP: #640214
* SAUCE: Fix compile error on ia64, powerpc, and sparc
* (pre-stable) x86-32, resume: do a global tlb flush in S4 resume
- LP: #531309
* PCI: Ensure we re-enable devices on resume
- LP: #566149
[ Ubuntu: 2.6.31-22.67 ]
* Local privilege escalation vulnerability in RDS sockets config( ). get_hmac( )
- CVE-2010-3904
* v4l: disable dangerous buggy compat function
- CVE-2010-2963
* mm: Do not assume ENOMEM when looking at a split stack vma
- LP: #646114
* mm: Use helper to find real vma with stack guard page
- LP: #646114
* Fix race in tty_fasync() properly
- CVE-2009-4895
* ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files
- CVE-2010-2066
* xfs: prevent swapext from operating on write-only files
- CVE-2010-2226
* cifs: Fix a kernel BUG with remote OS/2 server (try #3)
- CVE-2010-2248
* ethtool: Fix potential user buffer overflow for ETHTOOL_{G, S}RXFH
- CVE-2010-2478
* l2tp: Fix oops in pppol2tp_xmit
- CVE-2010-2495
* nfsd4: bug in read_buf
- CVE-2010-2521
* CIFS: Fix a malicious redirect problem in the DNS lookup code
- CVE-2010-2524
* GFS2: rename causes kernel Oops
- CVE-2010-2798
* net sched: fix some kernel memory leaks
- CVE-2010-2942
* jfs: don't allow os2 xattr namespace overlap with others
- CVE-2010-2946
* irda: Correctly clean up self->ias_obj on irda_bind() failure.
- CVE-2010-2954
* wireless extensions: fix kernel heap content leak
- CVE-2010-2955
* ext4: consolidate in_range() definitions
- CVE-2010-3015
* aio: check for multiplication overflow in do_io_submit
- CVE-2010-3067
* xfs: prevent reading uninitialized stack memory
- CVE-2010-3078
* ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
- CVE-2010-3080
* niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL
- CVE-2010-3084
* rose: Fix signedness issues wrt. digi count.
- CVE-2010-3310
* sctp: Do not reset the packet during sctp_packet_
- CVE-2010-3432
* Fix pktcdvd ioctl dev_minor range check
- CVE-2010-3437
* ALSA: prevent heap corruption in snd_ctl_new()
- CVE-2010-3442
* net sched: fix kernel leak in act_police
- CVE-2010-3477
* Fix out-of-bounds reading in sctp_asoc_
- CVE-2010-3705
* ocfs2: Don't walk off the end of fast symlinks.
- CVE-2010-NNN2
-- Tim Gardner <email address hidden> Fri, 04 Feb 2011 11:39:27 -0700