[Bug 792312] Re: CVE-2011-1581
** Changed in: linux-ti-omap4 (Ubuntu Oneiric) Status: Fix Committed => Fix Released ** Changed in: linux-ti-omap4 (Ubuntu Precise) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/792312 Title: CVE-2011-1581 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/792312/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 792312] Re: CVE-2011-1581
** Changed in: linux-lts-backport-oneiric (Ubuntu Oneiric) Status: New => Invalid ** Changed in: linux-lts-backport-oneiric (Ubuntu Oneiric) Importance: Undecided => Medium ** Changed in: linux-lts-backport-oneiric (Ubuntu Lucid) Status: New => Invalid ** Changed in: linux-lts-backport-oneiric (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: linux-lts-backport-oneiric (Ubuntu Precise) Status: New => Invalid ** Changed in: linux-lts-backport-oneiric (Ubuntu Precise) Importance: Undecided => Medium ** Changed in: linux-lts-backport-oneiric (Ubuntu Hardy) Status: New => Invalid ** Changed in: linux-lts-backport-oneiric (Ubuntu Hardy) Importance: Undecided => Medium ** Changed in: linux-lts-backport-oneiric (Ubuntu Maverick) Status: New => Invalid ** Changed in: linux-lts-backport-oneiric (Ubuntu Maverick) Importance: Undecided => Medium ** Changed in: linux-lts-backport-oneiric (Ubuntu Natty) Status: New => Invalid ** Changed in: linux-lts-backport-oneiric (Ubuntu Natty) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/792312 Title: CVE-2011-1581 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/792312/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 792312] Re: CVE-2011-1581
** Also affects: linux (Ubuntu Precise) Importance: Medium Status: Fix Released ** Also affects: linux-ec2 (Ubuntu Precise) Importance: Medium Status: Invalid ** Also affects: linux-fsl-imx51 (Ubuntu Precise) Importance: Medium Status: Invalid ** Also affects: linux-lts-backport-maverick (Ubuntu Precise) Importance: Medium Status: Invalid ** Also affects: linux-lts-backport-natty (Ubuntu Precise) Importance: Medium Status: Invalid ** Also affects: linux-mvl-dove (Ubuntu Precise) Importance: Medium Status: Invalid ** Also affects: linux-ti-omap4 (Ubuntu Precise) Importance: Medium Status: Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/792312 Title: CVE-2011-1581 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/792312/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 792312] Re: CVE-2011-1581
This bug was fixed in the package linux-lts-backport-natty -
2.6.38-11.50~lucid1
---
linux-lts-backport-natty (2.6.38-11.50~lucid1) lucid-proposed; urgency=low
[Herton R. Krzesinski]
* Release Tracking Bug
- LP: #848588
[ Upstream Kernel Changes ]
* Revert "eCryptfs: Handle failed metadata read in lookup"
* Revert "KVM: fix kvmclock regression due to missing clock update"
* Revert "ath9k: use split rx buffers to get rid of order-1 skb
allocations"
linux (2.6.38-11.49) natty-proposed; urgency=low
[Herton R. Krzesinski]
* Release Tracking Bug
- LP: #836903
[ Adam Jackson ]
* SAUCE: drm/i915/pch: Fix integer math bugs in panel fitting
- LP: #753994
[ Keng-Yu Lin ]
* SAUCE: Input: ALPS - Enable Intellimouse mode for Lenovo Zhaoyang E47
- LP: #632884, #803005
[ Stefan Bader ]
* [Config] Force perf to use libiberty for demangling
- LP: #783660
[ Tim Gardner ]
* [Config] Add enic/fnic to udebs
- LP: #801610
[ Upstream Kernel Changes ]
* eeepc-wmi: add keys found on EeePC 1215T
- LP: #812644
* eCryptfs: Handle failed metadata read in lookup
- LP: #509180
* pagemap: close races with suid execve, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* report errors in /proc/*/*map* sanely, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* close race in /proc/*/environ, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* auxv: require the target to be tracable (or yourself), CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* vmscan: fix a livelock in kswapd
- LP: #813797
* mmc: Add PCI fixup quirks for Ricoh 1180:e823 reader
- LP: #773524
* mmc: Added quirks for Ricoh 1180:e823 lower base clock frequency
- LP: #773524
* rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
- LP: #816550
- CVE-2011-1493
* pata_marvell: Add support for 88SE91A0, 88SE91A4
- LP: #777325
* GFS2: make sure fallocate bytes is a multiple of blksize, CVE-2011-2689
- LP: #819572
- CVE-2011-2689
* Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
- LP: #819569
- CVE-2011-2492
* drm/nv50-nvc0: work around an evo channel hang that some people see
- LP: #583760
* KVM: fix kvmclock regression due to missing clock update
- LP: #795717
* Add mount option to check uid of device being mounted = expect uid,
CVE-2011-1833
- LP: #732628
- CVE-2011-1833
* proc: fix oops on invalid /proc//maps access, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* ipv6: make fragment identifications less predictable, CVE-2011-2699
- LP: #827685
- CVE-2011-2699
* ath9k: use split rx buffers to get rid of order-1 skb allocations
- LP: #728835
* perf: Fix software event overflow, CVE-2011-2918
- LP: #834121
- CVE-2011-2918
linux (2.6.38-11.48) natty-proposed; urgency=low
[Herton R. Krzesinski]
* Release Tracking Bug
- LP: #818175
[ Upstream Kernel Changes ]
* Revert "HID: magicmouse: ignore 'ivalid report id' while switching
modes"
- LP: #814250
linux (2.6.38-11.47) natty-proposed; urgency=low
[Steve Conklin]
* Release Tracking Bug
- LP: #811180
[ Keng-Yu Lin ]
* SAUCE: Revert: "dell-laptop: Toggle the unsupported hardware
killswitch"
- LP: #775281
[ Ming Lei ]
* SAUCE: fix yama_ptracer_del lockdep warning
- LP: #791019
[ Stefan Bader ]
* SAUCE: Re-enable RODATA for i386 virtual
- LP: #809838
[ Tim Gardner ]
* [Config] Add grub-efi as a recommended bootloader for server and
generic
- LP: #800910
* SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel
- LP: #805494
[ Upstream Kernel Changes ]
* Revert "bridge: Forward reserved group addresses if !STP"
- LP: #793702
* Fix up ABI directory
* bonding: Incorrect TX queue offset, CVE-2011-1581
- LP: #792312
- CVE-2011-1581
* fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
oops
- LP: #795418
- CVE-2011-1577
* usbnet/cdc_ncm: add missing .reset_resume hook
- LP: #793892
* ath5k: Disable fast channel switching by default
- LP: #767192
* mm: vmscan: correctly check if reclaimer should schedule during
shrink_slab
- LP: #755066
* mm: vmscan: correct use of pgdat_balanced in sleeping_prematurely
- LP: #755066
* ALSA: hda - Use LPIB for ATI/AMD chipsets as default
- LP: #741825
* ALSA: hda - Enable snoop bit for AMD controllers
- LP: #741825
* ALSA: hda - Enable sync_write workaround for AMD generically
- LP: #741825
* cpuidle: menu: fixed wrapping timers at 4.294 seconds
- LP: #774947
* drm/i915: Fix gen6 (SNB) missed BLT ring interrupts.
- LP: #761065
* USB: ehci: remove structure packing from ehci_def
- LP: #791552
* drm/i915: disable PCH ports if needed when disabl
[Bug 792312] Re: CVE-2011-1581
This bug was fixed in the package linux-ti-omap4 - 2.6.38-1209.15
---
linux-ti-omap4 (2.6.38-1209.15) natty-proposed; urgency=low
* Release tracking bug
- LP: #837761
[ Paolo Pisati ]
* [Config] Turn on CONFIG_USER_NS and DEVPTS_MULTIPLE_INSTANCES.
- LP: #787749
[ Tim Gardner ]
* [Config] Add enic/fnic to nic-modules udeb, CVE-2011-1020
- LP: #801610
[ Upstream Kernel Changes ]
* mpt2sas: prevent heap overflows and unchecked reads
- LP: #780546
* agp: fix arbitrary kernel memory writes
- LP: #775809
* can: add missing socket check in can/raw release
- LP: #780546
* agp: fix OOM and buffer overflow
- LP: #775809
* bonding: Incorrect TX queue offset, CVE-2011-1581
- LP: #792312
- CVE-2011-1581
* fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
oops
- LP: #795418
- CVE-2011-1577
* can: Add missing socket check in can/bcm release.
- LP: #796502
- CVE-2011-1598
* USB: ehci: remove structure packing from ehci_def
- LP: #791552
* taskstats: don't allow duplicate entries in listener mode,
CVE-2011-2484
- LP: #806390
- CVE-2011-2484
* ext4: init timer earlier to avoid a kernel panic in __save_error_info,
CVE-2011-2493
- LP: #806929
- CVE-2011-2493
* dccp: handle invalid feature options length, CVE-2011-1770
- LP: #806375
- CVE-2011-1770
* pagemap: close races with suid execve, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* report errors in /proc/*/*map* sanely, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* close race in /proc/*/environ, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* auxv: require the target to be tracable (or yourself), CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
- LP: #816550
- CVE-2011-1493
* GFS2: make sure fallocate bytes is a multiple of blksize, CVE-2011-2689
- LP: #819572
- CVE-2011-2689
* Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
- LP: #819569
- CVE-2011-2492
* Add mount option to check uid of device being mounted = expect uid,
CVE-2011-1833
- LP: #732628
- CVE-2011-1833
* ipv6: make fragment identifications less predictable, CVE-2011-2699
- LP: #827685
- CVE-2011-2699
* perf: Fix software event overflow, CVE-2011-2918
- LP: #834121
- CVE-2011-2918
* proc: fix oops on invalid /proc//maps access, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
linux-ti-omap4 (2.6.38-1209.13) natty; urgency=low
[ Tim Gardner ]
* Release Tracking Bug
- LP: #772381
[ Brad Figg ]
* Ubuntu-2.6.38-9.43
[ Bryan Wu ]
* merge Ubuntu-2.6.38-9.43
* cherry-pick 6 patches from u2 of 'for-ubuntu' branch
* [Config] Sync up configs for 2.6.38.4
[ Herton Ronaldo Krzesinski ]
* SAUCE: Revert "x86, hibernate: Initialize mmu_cr4_features during boot"
- LP: #764758
[ Leann Ogasawara ]
* [Config] updateconfigs for 2.6.38.4
[ Paolo Pisati ]
* [Config] s/USB_MUSB_TUSB6010/USB_MUSB_OMAP2PLUS/ on omap3 to get musb
- LP: #759913
[ Serge E. Hallyn ]
* SAUCE: kvm: fix push of wrong eip when doing softint
- LP: #747090
[ Tim Gardner ]
* [Config] Add cachefiles.ko to virtual flavour
- LP: #770430
[ Upstream Kernel Changes ]
* Revert "net/sunrpc: Use static const char arrays"
- LP: #761134
* Revert "x86: Cleanup highmap after brk is concluded"
- LP: #761134
* ALSA: hda - Fix SPDIF out regression on ALC889
- LP: #761134
* ALSA: Fix yet another race in disconnection
- LP: #761134
* ALSA: vmalloc buffers should use normal mmap
- LP: #761134
* perf: Better fit max unprivileged mlock pages for tools needs
- LP: #761134
* myri10ge: fix rmmod crash
- LP: #761134
* cciss: fix lost command issue
- LP: #761134
* ath9k: Fix kernel panic in AR2427
- LP: #761134
* sound/oss/opl3: validate voice and channel indexes
- LP: #761134
* mac80211: initialize sta->last_rx in sta_info_alloc
- LP: #761134
* ses: show devices for enclosures with no page 7
- LP: #761134
* ses: Avoid kernel panic when lun 0 is not mapped
- LP: #761134
* PCI/ACPI: Report ASPM support to BIOS if not disabled from command line
- LP: #761134
* eCryptfs: Unlock page in write_begin error path
- LP: #761134
* eCryptfs: ecryptfs_keyring_auth_tok_for_sig() bug fix
- LP: #761134
* crypto: aesni-intel - fixed problem with packets that are not multiple
of 64bytes
- LP: #761134
* staging: usbip: bugfixes related to kthread conversion
- LP: #761134
* staging: usbip: bugfix add number of packets for isochronous frames
- LP: #761134
* staging: usbip: bugfix for isochronous packets and optimization
- LP: #761134
* staging: hv: use syn
[Bug 792312] Re: CVE-2011-1581
** Branch linked: lp:ubuntu/natty-proposed/linux-ti-omap4 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/792312 Title: CVE-2011-1581 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/792312/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 792312] Re: CVE-2011-1581
This bug was fixed in the package linux - 2.6.38-11.48 --- linux (2.6.38-11.48) natty-proposed; urgency=low [Herton R. Krzesinski] * Release Tracking Bug - LP: #818175 [ Upstream Kernel Changes ] * Revert "HID: magicmouse: ignore 'ivalid report id' while switching modes" - LP: #814250 linux (2.6.38-11.47) natty-proposed; urgency=low [Steve Conklin] * Release Tracking Bug - LP: #811180 [ Keng-Yu Lin ] * SAUCE: Revert: "dell-laptop: Toggle the unsupported hardware killswitch" - LP: #775281 [ Ming Lei ] * SAUCE: fix yama_ptracer_del lockdep warning - LP: #791019 [ Stefan Bader ] * SAUCE: Re-enable RODATA for i386 virtual - LP: #809838 [ Tim Gardner ] * [Config] Add grub-efi as a recommended bootloader for server and generic - LP: #800910 * SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel - LP: #805494 [ Upstream Kernel Changes ] * Revert "bridge: Forward reserved group addresses if !STP" - LP: #793702 * Fix up ABI directory * bonding: Incorrect TX queue offset, CVE-2011-1581 - LP: #792312 - CVE-2011-1581 * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops - LP: #795418 - CVE-2011-1577 * usbnet/cdc_ncm: add missing .reset_resume hook - LP: #793892 * ath5k: Disable fast channel switching by default - LP: #767192 * mm: vmscan: correctly check if reclaimer should schedule during shrink_slab - LP: #755066 * mm: vmscan: correct use of pgdat_balanced in sleeping_prematurely - LP: #755066 * ALSA: hda - Use LPIB for ATI/AMD chipsets as default - LP: #741825 * ALSA: hda - Enable snoop bit for AMD controllers - LP: #741825 * ALSA: hda - Enable sync_write workaround for AMD generically - LP: #741825 * cpuidle: menu: fixed wrapping timers at 4.294 seconds - LP: #774947 * drm/i915: Fix gen6 (SNB) missed BLT ring interrupts. - LP: #761065 * USB: ehci: remove structure packing from ehci_def - LP: #791552 * drm/i915: disable PCH ports if needed when disabling a CRTC - LP: #791752 * kmemleak: Do not return a pointer to an object that kmemleak did not get - LP: #793702 * kmemleak: Initialise kmemleak after debug_objects_mem_init() - LP: #793702 * Fix _OSC UUID in pcc-cpufreq - LP: #793702 * CPU hotplug, re-create sysfs directory and symlinks - LP: #793702 * Fix memory leak in cpufreq_stat - LP: #793702 * net: recvmmsg: Strip MSG_WAITFORONE when calling recvmsg - LP: #793702 * ftrace: Only update the function code on write to filter files - LP: #793702 * qla2xxx: Fix hang during driver unload when vport is active. - LP: #793702 * qla2xxx: Fix virtual port failing to login after chip reset. - LP: #793702 * qla2xxx: Fix vport delete hang when logins are outstanding. - LP: #793702 * powerpc/kdump64: Don't reference freed memory as pacas - LP: #793702 * powerpc/kexec: Fix memory corruption from unallocated slaves - LP: #793702 * x86, cpufeature: Fix cpuid leaf 7 feature detection - LP: #793702 * ath9k_hw: do noise floor calibration only on required chains - LP: #793702 * ath9k_hw: fix power for the HT40 duplicate frames - LP: #793702 * ath9k_hw: fix dual band assumption for XB113 - LP: #793702 * ath9k_hw: Fix STA connection issues with AR9380 (XB113). - LP: #793702 * powerpc: Set nr_cpu_ids early and use it to free PACAs - LP: #793702 * powerpc/oprofile: Handle events that raise an exception without overflowing - LP: #793702 * iwlagn: fix iwl_is_any_associated - LP: #793702 * block: rescan partitions on invalidated devices on -ENOMEDIA too - LP: #793702 * block: move bd_set_size() above rescan_partitions() in __blkdev_get() - LP: #793702 * paride: Convert to bdops->check_events() - LP: #793702 * gdrom,viocd: Convert to bdops->check_events() - LP: #793702 * ide: Convert to bdops->check_events() - LP: #793702 * block: don't block events on excl write for non-optical devices - LP: #793702 * block: Fix discard topology stacking and reporting - LP: #793702 * block: add proper state guards to __elv_next_request - LP: #793702 * block: always allocate genhd->ev if check_events is implemented - LP: #793702 * mtd: mtdconcat: fix NAND OOB write - LP: #793702 * mtd: return badblockbits back - LP: #793702 * x86, 64-bit: Fix copy_[to/from]_user() checks for the userspace address limit - LP: #793702 * ext4: fix possible use-after-free in ext4_remove_li_request() - LP: #793702 * iwlwifi: fix bugs in change_interface - LP: #793702 * nl80211: Fix set_key regression with some drivers - LP: #793702 * mac80211: fix a few RCU issues - LP: #793702 * wire up fanotify syscalls - LP: #793702 * wire up clock_adjtime syscall - LP: #793702 * drm: Send pending vblank events before disabling v
[Bug 792312] Re: CVE-2011-1581
** Changed in: linux-ec2 (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: linux-ec2 (Ubuntu Oneiric) Importance: Undecided => Medium ** Changed in: linux-ec2 (Ubuntu Hardy) Importance: Undecided => Medium ** Changed in: linux-ec2 (Ubuntu Maverick) Importance: Undecided => Medium ** Changed in: linux-ec2 (Ubuntu Natty) Importance: Undecided => Medium ** Changed in: linux-lts-backport-natty (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: linux-lts-backport-natty (Ubuntu Oneiric) Importance: Undecided => Medium ** Changed in: linux-lts-backport-natty (Ubuntu Hardy) Importance: Undecided => Medium ** Changed in: linux-lts-backport-natty (Ubuntu Maverick) Importance: Undecided => Medium ** Changed in: linux-lts-backport-natty (Ubuntu Natty) Importance: Undecided => Medium ** Changed in: linux-mvl-dove (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: linux-mvl-dove (Ubuntu Oneiric) Importance: Undecided => Medium ** Changed in: linux-mvl-dove (Ubuntu Hardy) Importance: Undecided => Medium ** Changed in: linux-mvl-dove (Ubuntu Maverick) Importance: Undecided => Medium ** Changed in: linux-mvl-dove (Ubuntu Natty) Importance: Undecided => Medium ** Changed in: linux-lts-backport-maverick (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: linux-lts-backport-maverick (Ubuntu Oneiric) Importance: Undecided => Medium ** Changed in: linux-lts-backport-maverick (Ubuntu Hardy) Importance: Undecided => Medium ** Changed in: linux-lts-backport-maverick (Ubuntu Maverick) Importance: Undecided => Medium ** Changed in: linux-lts-backport-maverick (Ubuntu Natty) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Oneiric) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Hardy) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Maverick) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Natty) Importance: Undecided => Medium ** Changed in: linux-ti-omap4 (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: linux-ti-omap4 (Ubuntu Oneiric) Importance: Undecided => Medium ** Changed in: linux-ti-omap4 (Ubuntu Hardy) Importance: Undecided => Medium ** Changed in: linux-ti-omap4 (Ubuntu Maverick) Importance: Undecided => Medium ** Changed in: linux-ti-omap4 (Ubuntu Natty) Importance: Undecided => Medium ** Changed in: linux-fsl-imx51 (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: linux-fsl-imx51 (Ubuntu Oneiric) Importance: Undecided => Medium ** Changed in: linux-fsl-imx51 (Ubuntu Hardy) Importance: Undecided => Medium ** Changed in: linux-fsl-imx51 (Ubuntu Maverick) Importance: Undecided => Medium ** Changed in: linux-fsl-imx51 (Ubuntu Natty) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/792312 Title: CVE-2011-1581 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/792312/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 792312] Re: CVE-2011-1581
** Changed in: linux-ec2 (Ubuntu Lucid) Status: New => Invalid ** Changed in: linux-ec2 (Ubuntu Oneiric) Status: New => Invalid ** Changed in: linux-ec2 (Ubuntu Hardy) Status: New => Invalid ** Changed in: linux-ec2 (Ubuntu Maverick) Status: New => Invalid ** Changed in: linux-ec2 (Ubuntu Natty) Status: New => Invalid ** Changed in: linux-lts-backport-natty (Ubuntu Lucid) Status: New => Fix Committed ** Changed in: linux-lts-backport-natty (Ubuntu Oneiric) Status: New => Invalid ** Changed in: linux-lts-backport-natty (Ubuntu Hardy) Status: New => Invalid ** Changed in: linux-lts-backport-natty (Ubuntu Maverick) Status: New => Invalid ** Changed in: linux-lts-backport-natty (Ubuntu Natty) Status: New => Invalid ** Description changed: The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a denial of service (BUG and system crash) or possibly have unspecified other impact by sending network traffic. - Fixed-by: fd0e435b0fe85622f167b84432552885a4856ac8 + Break-Fix: - fd0e435b0fe85622f167b84432552885a4856ac8 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/792312 Title: CVE-2011-1581 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/792312/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 792312] Re: CVE-2011-1581
** Changed in: linux-ti-omap4 (Ubuntu Oneiric) Status: Confirmed => Fix Committed ** Description changed: - Fixed By: + The bond_select_queue function in drivers/net/bonding/bond_main.c in the + Linux kernel before 2.6.39, when a network device with a large number of + receive queues is installed but the default tx_queues setting is used, + does not properly restrict queue indexes, which allows remote attackers + to cause a denial of service (BUG and system crash) or possibly have + unspecified other impact by sending network traffic. - commit fd0e435b0fe85622f167b84432552885a4856ac8 - Author: Phil Oester - Date: Mon Mar 14 06:22:04 2011 + - - bonding: Incorrect TX queue offset - - When packets come in from a device with >= 16 receive queues - headed out a bonding interface, syslog gets filled with this: - - kernel: bond0 selects TX queue 16, but real number of TX queues is 16 - - because queue_mapping is offset by 1. Adjust return value - to account for the offset. - - This is a revision of my earlier patch (which did not use the - skb_rx_queue_* helpers - thanks to Ben for the suggestion). - Andy submitted a similar patch which emits a pr_warning on - invalid queue selection, but I believe the log spew is - not useful. We can revisit that question in the future, - but in the interim I believe fixing the core problem is - worthwhile. - - Signed-off-by: Phil Oester - Signed-off-by: Andy Gospodarek - Signed-off-by: David S. Miller - - Introduced By: - - commit bb1d912323d5dd50e1079e389f4e964be14f0ae3 - Author: Andy Gospodarek - Date: Wed Jun 2 08:40:18 2010 + - - bonding: allow user-controlled output slave selection + Fixed-by: fd0e435b0fe85622f167b84432552885a4856ac8 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/792312 Title: CVE-2011-1581 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/792312/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 792312] Re: CVE-2011-1581
** Changed in: linux (Ubuntu Natty) Status: In Progress => Fix Committed ** Changed in: linux-ti-omap4 (Ubuntu Natty) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/792312 Title: CVE-2011-1581 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 792312] Re: CVE-2011-1581
Maverick is unaffected therefore the lts-backport is unaffected. ** Changed in: linux-ti-omap4 (Ubuntu Hardy) Status: New => Incomplete ** Changed in: linux-ti-omap4 (Ubuntu Hardy) Status: Incomplete => Invalid ** Changed in: linux-ti-omap4 (Ubuntu Lucid) Status: New => Invalid ** Changed in: linux-ti-omap4 (Ubuntu Maverick) Status: New => Invalid ** Changed in: linux-ti-omap4 (Ubuntu Natty) Status: New => Confirmed ** Changed in: linux-ti-omap4 (Ubuntu Oneiric) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/792312 Title: CVE-2011-1581 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 792312] Re: CVE-2011-1581
Fixed in mainline v2.6.39, introduced in v2.6.36-rc1. Therefore Oneiric is fixed; Hardy, Lucid, and Maverick are not affected, Natty needs this fix. For ARM fsl-imx51 and mvl-dove are not affected. ** Changed in: linux-lts-backport-maverick (Ubuntu Hardy) Status: New => Invalid ** Changed in: linux-lts-backport-maverick (Ubuntu Lucid) Status: New => Invalid ** Changed in: linux-lts-backport-maverick (Ubuntu Maverick) Status: New => Invalid ** Changed in: linux-lts-backport-maverick (Ubuntu Natty) Status: New => Invalid ** Changed in: linux-lts-backport-maverick (Ubuntu Oneiric) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/792312 Title: CVE-2011-1581 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
