[Bug 834121] Re: CVE-2011-2918
** Changed in: linux (Ubuntu Oneiric) Status: Fix Committed = Fix Released ** Changed in: linux (Ubuntu Precise) Status: Fix Committed = Fix Released ** Changed in: linux-ti-omap4 (Ubuntu Oneiric) Status: Fix Committed = Fix Released ** Changed in: linux-ti-omap4 (Ubuntu Precise) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/834121 Title: CVE-2011-2918 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/834121/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 834121] Re: CVE-2011-2918
** Changed in: linux-lts-backport-oneiric (Ubuntu Oneiric) Status: New = Invalid ** Changed in: linux-lts-backport-oneiric (Ubuntu Oneiric) Importance: Undecided = Medium ** Changed in: linux-lts-backport-oneiric (Ubuntu Lucid) Status: New = Invalid ** Changed in: linux-lts-backport-oneiric (Ubuntu Lucid) Importance: Undecided = Medium ** Changed in: linux-lts-backport-oneiric (Ubuntu Precise) Status: New = Invalid ** Changed in: linux-lts-backport-oneiric (Ubuntu Precise) Importance: Undecided = Medium ** Changed in: linux-lts-backport-oneiric (Ubuntu Hardy) Status: New = Invalid ** Changed in: linux-lts-backport-oneiric (Ubuntu Hardy) Importance: Undecided = Medium ** Changed in: linux-lts-backport-oneiric (Ubuntu Maverick) Status: New = Invalid ** Changed in: linux-lts-backport-oneiric (Ubuntu Maverick) Importance: Undecided = Medium ** Changed in: linux-lts-backport-oneiric (Ubuntu Natty) Status: New = Invalid ** Changed in: linux-lts-backport-oneiric (Ubuntu Natty) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/834121 Title: CVE-2011-2918 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/834121/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 834121] Re: CVE-2011-2918
** Also affects: linux (Ubuntu Precise) Importance: Medium Status: Fix Committed ** Also affects: linux-ec2 (Ubuntu Precise) Importance: Medium Status: Invalid ** Also affects: linux-fsl-imx51 (Ubuntu Precise) Importance: Medium Status: Invalid ** Also affects: linux-lts-backport-maverick (Ubuntu Precise) Importance: Medium Status: Invalid ** Also affects: linux-lts-backport-natty (Ubuntu Precise) Importance: Medium Status: Invalid ** Also affects: linux-mvl-dove (Ubuntu Precise) Importance: Medium Status: Invalid ** Also affects: linux-ti-omap4 (Ubuntu Precise) Importance: Medium Status: Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/834121 Title: CVE-2011-2918 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/834121/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 834121] Re: CVE-2011-2918
This bug was fixed in the package linux - 2.6.35-30.60 --- linux (2.6.35-30.60) maverick-proposed; urgency=low [Herton R. Krzesinski] * Release Tracking Bug - LP: #854092 [ Stefan Bader ] * [Config] Force perf to use libiberty for demangling - LP: #783660 [ Tim Gardner ] * [Config] Simplify binary-udebs dependencies * [Config] kernel preparation cannot be parallelized * [Config] Linearize module/abi checks * [Config] Linearize and simplify tree preparation rules * [Config] Build kernel image in parallel with modules * [Config] Set concurrency for kmake invocations * [Config] Improve install-arch-headers speed * [Config] Fix binary-perarch dependencies * [Config] Removed stamp-flavours target * [Config] Serialize binary indep targets * [Config] Use build stamp directly * [Config] Restore prepare-% target * [Config] Fix binary-% build target [ Upstream Kernel Changes ] * Add mount option to check uid of device being mounted = expect uid, CVE-2011-1833 - LP: #732628 - CVE-2011-1833 * ipv6: make fragment identifications less predictable, CVE-2011-2699 - LP: #827685 - CVE-2011-2699 * perf: Fix software event overflow, CVE-2011-2918 - LP: #834121 - CVE-2011-2918 * cifs: fix possible memory corruption in CIFSFindNext, CVE-2011-3191 - LP: #834135 - CVE-2011-3191 * befs: Validate length of long symbolic links, CVE-2011-2928 - LP: #834124 - CVE-2011-2928 * gro: Only reset frag0 when skb can be pulled, CVE-2011-2723 - LP: #844371 - CVE-2011-2723 * Validate size of EFI GUID partition entries, CVE-2011-1776 - LP: #844365 - CVE-2011-1776 * inet_diag: fix inet_diag_bc_audit(), CVE-2011-2213 - LP: #838421 - CVE-2011-2213 * si4713-i2c: avoid potential buffer overflow on si4713, CVE-2011-2700 - LP: #844370 - CVE-2011-2700 * Bluetooth: Prevent buffer overflow in l2cap config request, CVE-2011-2497 - LP: #838423 - CVE-2011-2497 * core: Fix memory leak/corruption on VLAN GRO_DROP, CVE-2011-1576 - LP: #844361 - CVE-2011-1576 -- Herton Ronaldo Krzesinski herton.krzesin...@canonical.com Mon, 19 Sep 2011 15:10:43 -0300 ** Changed in: linux (Ubuntu Maverick) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/834121 Title: CVE-2011-2918 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/834121/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 834121] Re: CVE-2011-2918
This bug was fixed in the package linux-lts-backport-maverick - 2.6.35-30.60~lucid1 --- linux-lts-backport-maverick (2.6.35-30.60~lucid1) lucid-proposed; urgency=low [Herton R. Krzesinski] * Release Tracking Bug - LP: #854430 [ Stefan Bader ] * [Config] Force perf to use libiberty for demangling - LP: #783660 [ Tim Gardner ] * [Config] Simplify binary-udebs dependencies * [Config] kernel preparation cannot be parallelized * [Config] Linearize module/abi checks * [Config] Linearize and simplify tree preparation rules * [Config] Build kernel image in parallel with modules * [Config] Set concurrency for kmake invocations * [Config] Improve install-arch-headers speed * [Config] Fix binary-perarch dependencies * [Config] Removed stamp-flavours target * [Config] Serialize binary indep targets * [Config] Use build stamp directly * [Config] Restore prepare-% target * [Config] Fix binary-% build target [ Upstream Kernel Changes ] * Add mount option to check uid of device being mounted = expect uid, CVE-2011-1833 - LP: #732628 - CVE-2011-1833 * ipv6: make fragment identifications less predictable, CVE-2011-2699 - LP: #827685 - CVE-2011-2699 * perf: Fix software event overflow, CVE-2011-2918 - LP: #834121 - CVE-2011-2918 * cifs: fix possible memory corruption in CIFSFindNext, CVE-2011-3191 - LP: #834135 - CVE-2011-3191 * befs: Validate length of long symbolic links, CVE-2011-2928 - LP: #834124 - CVE-2011-2928 * gro: Only reset frag0 when skb can be pulled, CVE-2011-2723 - LP: #844371 - CVE-2011-2723 * Validate size of EFI GUID partition entries, CVE-2011-1776 - LP: #844365 - CVE-2011-1776 * inet_diag: fix inet_diag_bc_audit(), CVE-2011-2213 - LP: #838421 - CVE-2011-2213 * si4713-i2c: avoid potential buffer overflow on si4713, CVE-2011-2700 - LP: #844370 - CVE-2011-2700 * Bluetooth: Prevent buffer overflow in l2cap config request, CVE-2011-2497 - LP: #838423 - CVE-2011-2497 * core: Fix memory leak/corruption on VLAN GRO_DROP, CVE-2011-1576 - LP: #844361 - CVE-2011-1576 linux (2.6.35-30.59) maverick-proposed; urgency=low [Herton R. Krzesinski] * Release Tracking Bug - LP: #837449 [ Upstream Kernel Changes ] * Revert drm/nv50-nvc0: work around an evo channel hang that some people see * Revert eCryptfs: Handle failed metadata read in lookup -- Herton Ronaldo Krzesinski herton.krzesin...@canonical.com Tue, 20 Sep 2011 11:03:51 -0300 ** Changed in: linux-lts-backport-maverick (Ubuntu Lucid) Status: Fix Committed = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-1576 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-1776 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-2213 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-2497 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-2700 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-2723 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-2928 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3191 ** Changed in: linux-lts-backport-natty (Ubuntu Lucid) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/834121 Title: CVE-2011-2918 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/834121/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 834121] Re: CVE-2011-2918
This bug was fixed in the package linux-lts-backport-natty - 2.6.38-11.50~lucid1 --- linux-lts-backport-natty (2.6.38-11.50~lucid1) lucid-proposed; urgency=low [Herton R. Krzesinski] * Release Tracking Bug - LP: #848588 [ Upstream Kernel Changes ] * Revert eCryptfs: Handle failed metadata read in lookup * Revert KVM: fix kvmclock regression due to missing clock update * Revert ath9k: use split rx buffers to get rid of order-1 skb allocations linux (2.6.38-11.49) natty-proposed; urgency=low [Herton R. Krzesinski] * Release Tracking Bug - LP: #836903 [ Adam Jackson ] * SAUCE: drm/i915/pch: Fix integer math bugs in panel fitting - LP: #753994 [ Keng-Yu Lin ] * SAUCE: Input: ALPS - Enable Intellimouse mode for Lenovo Zhaoyang E47 - LP: #632884, #803005 [ Stefan Bader ] * [Config] Force perf to use libiberty for demangling - LP: #783660 [ Tim Gardner ] * [Config] Add enic/fnic to udebs - LP: #801610 [ Upstream Kernel Changes ] * eeepc-wmi: add keys found on EeePC 1215T - LP: #812644 * eCryptfs: Handle failed metadata read in lookup - LP: #509180 * pagemap: close races with suid execve, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * report errors in /proc/*/*map* sanely, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * close race in /proc/*/environ, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * auxv: require the target to be tracable (or yourself), CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * vmscan: fix a livelock in kswapd - LP: #813797 * mmc: Add PCI fixup quirks for Ricoh 1180:e823 reader - LP: #773524 * mmc: Added quirks for Ricoh 1180:e823 lower base clock frequency - LP: #773524 * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493 - LP: #816550 - CVE-2011-1493 * pata_marvell: Add support for 88SE91A0, 88SE91A4 - LP: #777325 * GFS2: make sure fallocate bytes is a multiple of blksize, CVE-2011-2689 - LP: #819572 - CVE-2011-2689 * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace. - LP: #819569 - CVE-2011-2492 * drm/nv50-nvc0: work around an evo channel hang that some people see - LP: #583760 * KVM: fix kvmclock regression due to missing clock update - LP: #795717 * Add mount option to check uid of device being mounted = expect uid, CVE-2011-1833 - LP: #732628 - CVE-2011-1833 * proc: fix oops on invalid /proc/pid/maps access, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * ipv6: make fragment identifications less predictable, CVE-2011-2699 - LP: #827685 - CVE-2011-2699 * ath9k: use split rx buffers to get rid of order-1 skb allocations - LP: #728835 * perf: Fix software event overflow, CVE-2011-2918 - LP: #834121 - CVE-2011-2918 linux (2.6.38-11.48) natty-proposed; urgency=low [Herton R. Krzesinski] * Release Tracking Bug - LP: #818175 [ Upstream Kernel Changes ] * Revert HID: magicmouse: ignore 'ivalid report id' while switching modes - LP: #814250 linux (2.6.38-11.47) natty-proposed; urgency=low [Steve Conklin] * Release Tracking Bug - LP: #811180 [ Keng-Yu Lin ] * SAUCE: Revert: dell-laptop: Toggle the unsupported hardware killswitch - LP: #775281 [ Ming Lei ] * SAUCE: fix yama_ptracer_del lockdep warning - LP: #791019 [ Stefan Bader ] * SAUCE: Re-enable RODATA for i386 virtual - LP: #809838 [ Tim Gardner ] * [Config] Add grub-efi as a recommended bootloader for server and generic - LP: #800910 * SAUCE: rtl8192se: Force a build for a 2.6/3.0 kernel - LP: #805494 [ Upstream Kernel Changes ] * Revert bridge: Forward reserved group addresses if !STP - LP: #793702 * Fix up ABI directory * bonding: Incorrect TX queue offset, CVE-2011-1581 - LP: #792312 - CVE-2011-1581 * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops - LP: #795418 - CVE-2011-1577 * usbnet/cdc_ncm: add missing .reset_resume hook - LP: #793892 * ath5k: Disable fast channel switching by default - LP: #767192 * mm: vmscan: correctly check if reclaimer should schedule during shrink_slab - LP: #755066 * mm: vmscan: correct use of pgdat_balanced in sleeping_prematurely - LP: #755066 * ALSA: hda - Use LPIB for ATI/AMD chipsets as default - LP: #741825 * ALSA: hda - Enable snoop bit for AMD controllers - LP: #741825 * ALSA: hda - Enable sync_write workaround for AMD generically - LP: #741825 * cpuidle: menu: fixed wrapping timers at 4.294 seconds - LP: #774947 * drm/i915: Fix gen6 (SNB) missed BLT ring interrupts. - LP: #761065 * USB: ehci: remove structure packing from ehci_def - LP: #791552 * drm/i915: disable PCH ports if needed when disabling a
[Bug 834121] Re: CVE-2011-2918
** Changed in: linux (Ubuntu Lucid) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/834121 Title: CVE-2011-2918 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/834121/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 834121] Re: CVE-2011-2918
** Changed in: linux-ec2 (Ubuntu Lucid) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/834121 Title: CVE-2011-2918 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/834121/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 834121] Re: CVE-2011-2918
** Branch linked: lp:ubuntu/lucid-proposed/linux-lts-backport-maverick -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/834121 Title: CVE-2011-2918 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/834121/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 834121] Re: CVE-2011-2918
This bug was fixed in the package linux-ti-omap4 - 2.6.38-1209.15 --- linux-ti-omap4 (2.6.38-1209.15) natty-proposed; urgency=low * Release tracking bug - LP: #837761 [ Paolo Pisati ] * [Config] Turn on CONFIG_USER_NS and DEVPTS_MULTIPLE_INSTANCES. - LP: #787749 [ Tim Gardner ] * [Config] Add enic/fnic to nic-modules udeb, CVE-2011-1020 - LP: #801610 [ Upstream Kernel Changes ] * mpt2sas: prevent heap overflows and unchecked reads - LP: #780546 * agp: fix arbitrary kernel memory writes - LP: #775809 * can: add missing socket check in can/raw release - LP: #780546 * agp: fix OOM and buffer overflow - LP: #775809 * bonding: Incorrect TX queue offset, CVE-2011-1581 - LP: #792312 - CVE-2011-1581 * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops - LP: #795418 - CVE-2011-1577 * can: Add missing socket check in can/bcm release. - LP: #796502 - CVE-2011-1598 * USB: ehci: remove structure packing from ehci_def - LP: #791552 * taskstats: don't allow duplicate entries in listener mode, CVE-2011-2484 - LP: #806390 - CVE-2011-2484 * ext4: init timer earlier to avoid a kernel panic in __save_error_info, CVE-2011-2493 - LP: #806929 - CVE-2011-2493 * dccp: handle invalid feature options length, CVE-2011-1770 - LP: #806375 - CVE-2011-1770 * pagemap: close races with suid execve, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * report errors in /proc/*/*map* sanely, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * close race in /proc/*/environ, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * auxv: require the target to be tracable (or yourself), CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493 - LP: #816550 - CVE-2011-1493 * GFS2: make sure fallocate bytes is a multiple of blksize, CVE-2011-2689 - LP: #819572 - CVE-2011-2689 * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace. - LP: #819569 - CVE-2011-2492 * Add mount option to check uid of device being mounted = expect uid, CVE-2011-1833 - LP: #732628 - CVE-2011-1833 * ipv6: make fragment identifications less predictable, CVE-2011-2699 - LP: #827685 - CVE-2011-2699 * perf: Fix software event overflow, CVE-2011-2918 - LP: #834121 - CVE-2011-2918 * proc: fix oops on invalid /proc/pid/maps access, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 linux-ti-omap4 (2.6.38-1209.13) natty; urgency=low [ Tim Gardner ] * Release Tracking Bug - LP: #772381 [ Brad Figg ] * Ubuntu-2.6.38-9.43 [ Bryan Wu ] * merge Ubuntu-2.6.38-9.43 * cherry-pick 6 patches from u2 of 'for-ubuntu' branch * [Config] Sync up configs for 2.6.38.4 [ Herton Ronaldo Krzesinski ] * SAUCE: Revert x86, hibernate: Initialize mmu_cr4_features during boot - LP: #764758 [ Leann Ogasawara ] * [Config] updateconfigs for 2.6.38.4 [ Paolo Pisati ] * [Config] s/USB_MUSB_TUSB6010/USB_MUSB_OMAP2PLUS/ on omap3 to get musb - LP: #759913 [ Serge E. Hallyn ] * SAUCE: kvm: fix push of wrong eip when doing softint - LP: #747090 [ Tim Gardner ] * [Config] Add cachefiles.ko to virtual flavour - LP: #770430 [ Upstream Kernel Changes ] * Revert net/sunrpc: Use static const char arrays - LP: #761134 * Revert x86: Cleanup highmap after brk is concluded - LP: #761134 * ALSA: hda - Fix SPDIF out regression on ALC889 - LP: #761134 * ALSA: Fix yet another race in disconnection - LP: #761134 * ALSA: vmalloc buffers should use normal mmap - LP: #761134 * perf: Better fit max unprivileged mlock pages for tools needs - LP: #761134 * myri10ge: fix rmmod crash - LP: #761134 * cciss: fix lost command issue - LP: #761134 * ath9k: Fix kernel panic in AR2427 - LP: #761134 * sound/oss/opl3: validate voice and channel indexes - LP: #761134 * mac80211: initialize sta-last_rx in sta_info_alloc - LP: #761134 * ses: show devices for enclosures with no page 7 - LP: #761134 * ses: Avoid kernel panic when lun 0 is not mapped - LP: #761134 * PCI/ACPI: Report ASPM support to BIOS if not disabled from command line - LP: #761134 * eCryptfs: Unlock page in write_begin error path - LP: #761134 * eCryptfs: ecryptfs_keyring_auth_tok_for_sig() bug fix - LP: #761134 * crypto: aesni-intel - fixed problem with packets that are not multiple of 64bytes - LP: #761134 * staging: usbip: bugfixes related to kthread conversion - LP: #761134 * staging: usbip: bugfix add number of packets for isochronous frames - LP: #761134 * staging: usbip: bugfix for isochronous packets and optimization - LP: #761134 * staging: hv: use
[Bug 834121] Re: CVE-2011-2918
This bug was fixed in the package linux - 2.6.38-11.50 --- linux (2.6.38-11.50) natty-proposed; urgency=low [Herton R. Krzesinski] * Release Tracking Bug - LP: #848246 [ Upstream Kernel Changes ] * Revert eCryptfs: Handle failed metadata read in lookup * Revert KVM: fix kvmclock regression due to missing clock update * Revert ath9k: use split rx buffers to get rid of order-1 skb allocations linux (2.6.38-11.49) natty-proposed; urgency=low [Herton R. Krzesinski] * Release Tracking Bug - LP: #836903 [ Adam Jackson ] * SAUCE: drm/i915/pch: Fix integer math bugs in panel fitting - LP: #753994 [ Keng-Yu Lin ] * SAUCE: Input: ALPS - Enable Intellimouse mode for Lenovo Zhaoyang E47 - LP: #632884, #803005 [ Stefan Bader ] * [Config] Force perf to use libiberty for demangling - LP: #783660 [ Tim Gardner ] * [Config] Add enic/fnic to udebs - LP: #801610 [ Upstream Kernel Changes ] * eeepc-wmi: add keys found on EeePC 1215T - LP: #812644 * eCryptfs: Handle failed metadata read in lookup - LP: #509180 * pagemap: close races with suid execve, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * report errors in /proc/*/*map* sanely, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * close race in /proc/*/environ, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * auxv: require the target to be tracable (or yourself), CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * vmscan: fix a livelock in kswapd - LP: #813797 * mmc: Add PCI fixup quirks for Ricoh 1180:e823 reader - LP: #773524 * mmc: Added quirks for Ricoh 1180:e823 lower base clock frequency - LP: #773524 * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493 - LP: #816550 - CVE-2011-1493 * pata_marvell: Add support for 88SE91A0, 88SE91A4 - LP: #777325 * GFS2: make sure fallocate bytes is a multiple of blksize, CVE-2011-2689 - LP: #819572 - CVE-2011-2689 * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace. - LP: #819569 - CVE-2011-2492 * drm/nv50-nvc0: work around an evo channel hang that some people see - LP: #583760 * KVM: fix kvmclock regression due to missing clock update - LP: #795717 * Add mount option to check uid of device being mounted = expect uid, CVE-2011-1833 - LP: #732628 - CVE-2011-1833 * proc: fix oops on invalid /proc/pid/maps access, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * ipv6: make fragment identifications less predictable, CVE-2011-2699 - LP: #827685 - CVE-2011-2699 * ath9k: use split rx buffers to get rid of order-1 skb allocations - LP: #728835 * perf: Fix software event overflow, CVE-2011-2918 - LP: #834121 - CVE-2011-2918 -- Herton Ronaldo Krzesinski herton.krzesin...@canonical.com Mon, 12 Sep 2011 17:23:38 -0300 ** Changed in: linux (Ubuntu Natty) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/834121 Title: CVE-2011-2918 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/834121/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 834121] Re: CVE-2011-2918
** Changed in: linux-mvl-dove (Ubuntu Maverick) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/834121 Title: CVE-2011-2918 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/834121/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 834121] Re: CVE-2011-2918
This bug was fixed in the package linux-fsl-imx51 - 2.6.31-610.28 --- linux-fsl-imx51 (2.6.31-610.28) lucid-proposed; urgency=low * Release tracking bug - LP: #837802 [ Upstream Kernel Changes ] * ipv6: make fragment identifications less predictable, CVE-2011-2699 - LP: #827685 - CVE-2011-2699 * perf: Fix software event overflow, CVE-2011-2918 - LP: #834121 - CVE-2011-2918 * proc: fix oops on invalid /proc/pid/maps access, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 linux-fsl-imx51 (2.6.31-610.27) lucid-proposed; urgency=low * Release tracking bug - LP: #829160 [ Upstream Kernel Changes ] * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops - LP: #795418 - CVE-2011-1577 * Fix corrupted OSF partition table parsing - LP: #796606 - CVE-2011-1163 * can: Add missing socket check in can/bcm release. - LP: #796502 - CVE-2011-1598 * proc: protect mm start_code/end_code in /proc/pid/stat - LP: #799906 - CVE-2011-0726 * sctp: Fix a race between ICMP protocol unreachable and connect() * tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077 - LP: #794034 - CVE-2010-4077 * filter: make sure filters dont read uninitialized memory CVE-2010-4158 - LP: #721282 - CVE-2010-4158 * bio: take care not overflow page count when mapping/copying user data CVE-2010-4162 - LP: #721441 - CVE-2010-4162 * block: check for proper length of iov entries in blk_rq_map_user_iov() - LP: #721504 - CVE-2010-4163 * block: check for proper length of iov entries earlier in blk_rq_map_user_iov(), CVE-2010-4163 - LP: #721504 - CVE-2010-4163 * rds: Integer overflow in RDS cmsg handling, CVE-2010-4175 - LP: #721455 - CVE-2010-4175 * bluetooth: Fix missing NULL check CVE-2010-4242 - LP: #714846 - CVE-2010-4242 * IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649 - LP: #800121 - CVE-2010-4649 * epoll: prevent creating circular epoll structures CVE-2011-1082 - LP: #800758 - CVE-2011-1082 * nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab (v3) CVE-2011-1090 - LP: #800775 * ldm: corrupted partition table can cause kernel oops CVE-2011-1012 - LP: #801083 - CVE-2011-1012 * netfilter: ipt_CLUSTERIP: fix buffer overflow CVE-2011-2534 - LP: #801473 - CVE-2011-2534 * netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170 - LP: #801480 - CVE-2011-1170 * netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171 - LP: #801482 - CVE-2011-1171 * ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172 - LP: #801483 - CVE-2011-1172 * econet: 4 byte infoleak to the network CVE-2011-1173 - LP: #801484 - CVE-2011-1173 * net: Limit socket I/O iovec total length to INT_MAX. - LP: #708839 * fs/partitions: Validate map_count in Mac partition tables - CVE-2011-1010 - LP: #804225 - CVE-2011-1010 * drm: fix unsigned vs signed comparison issue in modeset ctl ioctl, CVE-2011-1013 - LP: #804229 - CVE-2011-1013 * exec: copy-and-paste the fixes into compat_do_execve() paths - CVE-2010-4243 - LP: #804234 - CVE-2010-4243 * taskstats: don't allow duplicate entries in listener mode, CVE-2011-2484 - LP: #806390 - CVE-2011-2484 * dccp: handle invalid feature options length, CVE-2011-1770 - LP: #806375 - CVE-2011-1770 * pagemap: close races with suid execve, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * report errors in /proc/*/*map* sanely, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * close race in /proc/*/environ, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * auxv: require the target to be tracable (or yourself), CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 * dccp: fix oops on Reset after close, CVE-2011-1093 - LP: #814087 - CVE-2011-1093 * net: add limit for socket backlog CVE-2010-4251 - LP: #807462 * tcp: use limited socket backlog CVE-2010-4251 - LP: #807462 * ipv6: udp: Optimise multicast reception - LP: #807462 * ipv4: udp: Optimise multicast reception - LP: #807462 * udp: multicast RX should increment SNMP/sk_drops counter in allocation failures CVE-2010-4251 - LP: #807462 * udp: use limited socket backlog CVE-2010-4251 - LP: #807462 * llc: use limited socket backlog CVE-2010-4251 - LP: #807462 * sctp: use limited socket backlog CVE-2010-4251 - LP: #807462 * tipc: use limited socket backlog CVE-2010-4251 - LP: #807462 * x25: use limited socket backlog CVE-2010-4251 - LP: #807462 * net: backlog functions rename CVE-2010-4251 - LP: #807462 * net: sk_add_backlog() take rmem_alloc into account CVE-2010-4805
[Bug 834121] Re: CVE-2011-2918
This bug was fixed in the package linux-ti-omap4 - 2.6.35-903.24 --- linux-ti-omap4 (2.6.35-903.24) maverick-proposed; urgency=low * Release tracking bug - LP: #838037 [ Upstream Kernel Changes ] * ipv6: make fragment identifications less predictable, CVE-2011-2699 - LP: #827685 - CVE-2011-2699 * perf: Fix software event overflow, CVE-2011-2918 - LP: #834121 - CVE-2011-2918 * proc: fix oops on invalid /proc/pid/maps access, CVE-2011-1020 - LP: #813026 - CVE-2011-1020 linux-ti-omap4 (2.6.35-903.23) maverick-proposed; urgency=low * Release tracking bug - LP: #829655 [ Upstream Kernel Changes ] * drm/radeon/kms: check AA resolve registers on r300, CVE-2011-1016 - LP: #745686 - CVE-2011-1016 * drm/radeon: fix regression with AA resolve checking, CVE-2011-1016 - LP: #745686 - CVE-2011-1016 * can-bcm: fix minor heap overflow - LP: #690730 * CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565 - LP: #765007 - CVE-2010-4565 * av7110: check for negative array offset - LP: #747520 * xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711 - LP: #767740 - CVE-2011-0711 * ALSA: caiaq - Fix possible string-buffer overflow - LP: #747520 * IB/cm: Bump reference count on cm_id before invoking callback, CVE-2011-0695 - LP: #770369 - CVE-2011-0695 * RDMA/cma: Fix crash in request handlers, CVE-2011-0695 - LP: #770369 - CVE-2011-0695 * Treat writes as new when holes span across page boundaries, CVE-2011-0463 - LP: #770483 - CVE-2011-0463 * net: clear heap allocations for privileged ethtool actions - LP: #686158 * usb: iowarrior: don't trust report_size for buffer size - LP: #747520 * fs/partitions/ldm.c: fix oops caused by corrupted partition table, CVE-2011-1017 - LP: #771382 - CVE-2011-1017 * Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code - LP: #747520 * Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo - LP: #747520 * exec: make argv/envp memory visible to oom-killer - LP: #690730 * next_pidmap: fix overflow condition - LP: #772560 * proc: do proper range check on readdir offset - LP: #772560 * ALSA: sound/pci/asihpi: check adapter index in hpi_ioctl, CVE-2011-1169 - LP: #785331 - CVE-2011-1169 * mpt2sas: prevent heap overflows and unchecked reads, CVE-2011-1494 - LP: #787145 - CVE-2011-1494 * agp: fix arbitrary kernel memory writes, CVE-1011-2022 - LP: #788684 - CVE-1011-2022 * can: add missing socket check in can/raw release, CVE-2011-1748 - LP: #788694 - CVE-2011-1748 * agp: fix OOM and buffer overflow - LP: #788700 * drivers/net/cxgb3/cxgb3_main.c: prevent reading uninitialized stack memory - CVE-2010-3296 - CVE-2010-3296 * drivers/net/eql.c: prevent reading uninitialized stack memory - CVE-2010-3297 - CVE-2010-3297 * inet_diag: Make sure we actually run the same bytecode we audited, CVE-2010-3880 - LP: #711865 - CVE-2010-3880 * setup_arg_pages: diagnose excessive argument size - CVE-2010-3858 - LP: #672664 - CVE-2010-3858 * net: Truncate recvfrom and sendto length to INT_MAX - CVE-2010-3859 - LP: #690730 - CVE-2010-3859 * net: Limit socket I/O iovec total length to INT_MAX - CVE-2010-3859 - LP: #690730 - CVE-2010-3859 * ipc: initialize structure memory to zero for compat functions - CVE-2010-4073 - LP: #690730 - CVE-2010-4073 * ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory - CVE-2010-4080, CVE-2010-4081 - LP: #672664 - CVE-2010-4080, CVE-2010-4081 * drivers/video/via/ioctl.c: prevent reading uninitialized stack memory - CVE-2010-4082 - CVE-2010-4082 * sys_semctl: fix kernel stack leakage, CVE-2010-4083 - LP: #712749 - CVE-2010-4083 * gdth: integer overflow in ioctl - CVE-2010-4157 - LP: #686158 - CVE-2010-4157 * bio: take care not overflow page count when mapping/copying user data - CVE-2010-4162 - LP: #721441 - CVE-2010-4162 * bluetooth: Fix missing NULL check - CVE-2010-4242 - LP: #686158 * rds: Integer overflow in RDS cmsg handling, CVE-2010-4175 - LP: #721455 - CVE-2010-4175 * perf_events: Fix perf_counter_mmap() hook in mprotect() - CVE-2010-4169 - LP: #690730 - CVE-2010-4169 * block: check for proper length of iov entries in blk_rq_map_user_iov() - CVE-2010-4163 - LP: #690730 - CVE-2010-4163 * block: check for proper length of iov entries earlier in blk_rq_map_user_iov(), CVE-2010-4163 - LP: #721504 - CVE-2010-4163 * fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops - LP: #795418 - CVE-2011-1577 * Fix corrupted OSF partition table parsing - LP: #796606 - CVE-2011-1163 * can: Add missing socket check in
[Bug 834121] Re: CVE-2011-2918
** Changed in: linux-mvl-dove (Ubuntu Lucid) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/834121 Title: CVE-2011-2918 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/834121/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 834121] Re: CVE-2011-2918
** Branch linked: lp:ubuntu/maverick-proposed/linux-ti-omap4 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/834121 Title: CVE-2011-2918 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/834121/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 834121] Re: CVE-2011-2918
** Branch linked: lp:ubuntu/lucid-proposed/linux-lts-backport-natty ** Branch linked: lp:ubuntu/natty-proposed/linux-ti-omap4 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/834121 Title: CVE-2011-2918 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/834121/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 834121] Re: CVE-2011-2918
** Changed in: linux-ti-omap4 (Ubuntu Natty) Status: New = Fix Committed ** Changed in: linux (Ubuntu Natty) Status: New = Fix Committed ** Changed in: linux-ti-omap4 (Ubuntu Maverick) Status: New = Fix Committed ** Changed in: linux (Ubuntu Maverick) Status: New = Fix Committed ** Changed in: linux-fsl-imx51 (Ubuntu Lucid) Status: New = Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/834121 Title: CVE-2011-2918 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/834121/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 834121] Re: CVE-2011-2918
** Changed in: linux-ec2 (Ubuntu Lucid) Status: New = Fix Committed ** Changed in: linux-lts-backport-natty (Ubuntu Lucid) Status: New = Fix Committed ** Changed in: linux-mvl-dove (Ubuntu Lucid) Status: New = Fix Committed ** Changed in: linux-mvl-dove (Ubuntu Maverick) Status: New = Fix Committed ** Changed in: linux-lts-backport-maverick (Ubuntu Lucid) Status: New = Fix Committed ** Changed in: linux (Ubuntu Lucid) Status: New = Fix Committed ** Changed in: linux (Ubuntu Oneiric) Status: New = Fix Committed ** Changed in: linux (Ubuntu Hardy) Status: New = Invalid ** Changed in: linux-ti-omap4 (Ubuntu Oneiric) Status: New = Fix Committed ** Description changed: Under certain circumstances software event overflows go wrong and deadlock. Avoid trying to delete a timer from the timer callback. - Break-Fix: - a8b0ca17b80e92faab46ee7179ba9e99ccb61233 + Break-Fix: 0793a61d4df8daeac6492dbf8d2f3e5713caae5e + a8b0ca17b80e92faab46ee7179ba9e99ccb61233 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/834121 Title: CVE-2011-2918 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/834121/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 834121] Re: CVE-2011-2918
CVE-2011-2918 ** Also affects: linux (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: linux-lts-backport-natty (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-lts-backport-natty (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: linux-lts-backport-natty (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-lts-backport-natty (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-fsl-imx51 (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-lts-backport-maverick (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-lts-backport-natty (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-mvl-dove (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: linux-ti-omap4 (Ubuntu Hardy) Importance: Undecided Status: New ** Changed in: linux-ec2 (Ubuntu Oneiric) Status: New = Invalid ** Changed in: linux-ec2 (Ubuntu Hardy) Status: New = Invalid ** Changed in: linux-ec2 (Ubuntu Natty) Status: New = Invalid ** Changed in: linux-lts-backport-natty (Ubuntu Oneiric) Status: New = Invalid ** Changed in: linux-lts-backport-natty (Ubuntu Hardy) Status: New = Invalid ** Changed in: linux-lts-backport-natty (Ubuntu Maverick) Status: New = Invalid ** Changed in: linux-lts-backport-natty (Ubuntu Natty) Status: New = Invalid ** Changed in: linux-mvl-dove (Ubuntu Oneiric) Status: New = Invalid ** Changed in: linux-mvl-dove (Ubuntu Hardy) Status: New = Invalid ** Changed in: linux-mvl-dove (Ubuntu Natty) Status: New = Invalid ** Changed in: linux-lts-backport-maverick (Ubuntu Oneiric) Status: New = Invalid ** Changed in: linux-lts-backport-maverick (Ubuntu Hardy) Status: New = Invalid ** Changed in: linux-lts-backport-maverick (Ubuntu Maverick) Status: New = Invalid ** Changed in: linux-lts-backport-maverick (Ubuntu Natty) Status: New = Invalid ** Changed in: linux-ti-omap4 (Ubuntu Lucid) Status: New = Invalid ** Changed in: linux-ti-omap4 (Ubuntu Hardy) Status: New = Invalid ** Changed in: linux-fsl-imx51 (Ubuntu Oneiric) Status: New = Invalid ** Changed in: linux-fsl-imx51 (Ubuntu Hardy) Status: New = Invalid ** Changed in: linux-fsl-imx51 (Ubuntu Maverick) Status: New = Invalid ** Changed in: linux-fsl-imx51 (Ubuntu Natty) Status: New = Invalid ** Description changed: - Placeholder + Under certain circumstances software event overflows go wrong and + deadlock. Avoid trying to delete a timer from the timer callback. + + Break-Fix: - a8b0ca17b80e92faab46ee7179ba9e99ccb61233 ** Changed in: linux-ec2 (Ubuntu Lucid) Importance: Undecided = Medium ** Changed in: linux-ec2 (Ubuntu Oneiric) Importance: Undecided = Medium ** Changed in: linux-ec2 (Ubuntu Hardy) Importance: Undecided = Medium ** Changed in: linux-ec2 (Ubuntu Maverick)