Package: src:linux-2.6 Version: 2.6.32-39 Severity: important [Actually based on 2.6.32.49-rc1.]
[SCSI] st: fix race in st_scsi_execute_end Fixes use of freed memory in the st (SCSI tape) driver which could result in a crash or other unpleasant results. [SCSI] Make scsi_free_queue() kill pending SCSI commands Fixes potential I/O hang after SCSI device removal. NFS/sunrpc: don't use a credential with extra groups. Fixes a bug in matching of cached credentials for SunRPC requests, including file access as an NFS client. If process A has the same uid and primary gid as B and a superset of its secondary gids, and B accesses an NFS server after A, then A's credentials including the extra gids may be used for B's file access. This seems to be primarily interesting if A has different real and effective uid, as otherwise B could always hijack A's credentials using ptrace. netlink: validate NLA_MSECS length I think this fixes an information leak or (unlikely) local DoS exploitable with CAP_NET_ADMIN. mtd: mtdchar: add missing initializer on raw write Fixes raw NAND write functionality. PM / Suspend: Off by one in pm_suspend() Fixes validation of requested suspend state. So far as I can see, user-space cannot provide an arbitrary state value (except possibly through OOT modules) and this has no security impact. hfs: add sanity check for file name length Fixes potential buffer overflow when accessing an HFS filesystem (CVE-2011-4330). kbuild: Disable -Wunused-but-set-variable for gcc 4.6.0 kbuild: Fix passing -Wno-* options to gcc 4.4+ Suppresses widespread compiler warnings when building with gcc 4.6. Should have no effect otherwise. ASoC: wm8940: Properly set codec->dapm.bias_level No effect on Debian kernel configurations. md/raid5: abort any pending parity operations when array fails. Fixes potential crash if an md-raid RAID5/6 array loses enough disks that it is no longer usable (>1 or >2 respectively). [media] Remove the old V4L1 v4lgrab.c file Removes outdated example code. Revert "ALSA: hda: Fix quirk for Dell Inspiron 910" Reverts change in 2.6.32.42 (our 2.6.32-36) that resulted in a regression (no audio output) for this specific model. drm/i915: Sanity check pread/pwrite drm/i915: Rephrase pwrite bounds checking to avoid any potential overflow Fixes CVE-2010-2962. We don't normally take drm fixes from this series and we already applied these in 2.6.32-25. genirq: Add IRQF_RESUME_EARLY and resume such IRQs earlier Fixes #644604, a regression which caused Xen domU to hang after suspend/resume (including migration). We already fixed this by reverting the change that introduced the regression, but this should be better. mm: avoid null pointer access in vm_struct via /proc/vmallocinfo Fixes potential DoS by local user. ipv6: udp: fix the wrong headroom check Fixes remote DoS (most likely from a VM guest) by sending UDP/IPv6 to a bridge that has UFO enabled while the output port does not (CVE-2011-4326). I'm not convinced that this configuration is possible in 2.6.32, but I could be wrong. USB: serial: pl2303: rm duplicate id Stops this driver binding to a 'WinChipHead' branded device that should be handled by the ch341 driver. USB: Fix Corruption issue in USB ftdi driver ftdi_sio.c Fixes corruption of data transmitted through this serial driver during reconfiguration. (Changing e.g. the bit rate can be expected to to this, but this bug affected any reconfiguration.) usb-storage: Accept 8020i-protocol commands longer than 12 bytes Enables support for some USB drives >2 TB. USB: add quirk for Logitech C600 web cam USB: quirks: adding more quirky webcams to avoid squeaky audio Workaround for more buggy webcams that tend to fail after suspend/resume. tty: Make tiocgicount a handler tty: icount changeover for other main devices This is the general fix for CVE-2010-4075, CVE-2010-4076 and CVE-2010-4077 which we already applied in 2.6.32-31. Ben. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (x86_64) Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/20111127051151.31657.5053.reportbug@deadeye
