[Bug 869203] Re: CVE-2011-1479

Launchpad Bug Tracker Mon, 24 Oct 2011 22:47:16 -0700

This bug was fixed in the package linux-lts-backport-maverick -
2.6.35-30.61~lucid1


---------------
linux-lts-backport-maverick (2.6.35-30.61~lucid1) lucid-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #872660

  [ Stefan Bader ]

  * [Config] Include all filesystem modules for virtual
    - LP: #761809

  [ Upstream Kernel Changes ]

  * crypto: Move md5_transform to lib/md5.c, CVE-2011-3188
    - LP: #834129
    - CVE-2011-3188
  * net: Compute protocol sequence numbers and fragment IDs using MD5,
    CVE-2011-3188
    - LP: #834129
    - CVE-2011-3188
  * ext4: Fix max file size and logical block counting of extent format
    file, CVE-2011-2695
    - LP: #819574
    - CVE-2011-2695
  * cifs: add fallback in is_path_accessible for old servers, CVE-2011-3363
    - LP: #866034
    - CVE-2011-3363
  * Make TASKSTATS require root access, CVE-2011-2494
    - LP: #866021
    - CVE-2011-2494
  * proc: restrict access to /proc/PID/io, CVE-2011-2495
    - LP: #866025
    - CVE-2011-2495
  * proc: fix a race in do_io_accounting(), CVE-2011-2495
    - LP: #866025
    - CVE-2011-2495
  * inotify: fix double free/corruption of stuct user
    - LP: #869203
    - CVE-2011-1479
  * staging: comedi: fix infoleak to userspace, CVE-2011-2909
    - LP: #869261
    - CVE-2011-2909
  * perf tools: do not look at ./config for configuration, CVE-2011-2905
    - LP: #869259
    - CVE-2011-2905

linux (2.6.35-30.60) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #854092

  [ Stefan Bader ]

  * [Config] Force perf to use libiberty for demangling
    - LP: #783660

  [ Tim Gardner ]

  * [Config] Simplify binary-udebs dependencies
  * [Config] kernel preparation cannot be parallelized
  * [Config] Linearize module/abi checks
  * [Config] Linearize and simplify tree preparation rules
  * [Config] Build kernel image in parallel with modules
  * [Config] Set concurrency for kmake invocations
  * [Config] Improve install-arch-headers speed
  * [Config] Fix binary-perarch dependencies
  * [Config] Removed stamp-flavours target
  * [Config] Serialize binary indep targets
  * [Config] Use build stamp directly
  * [Config] Restore prepare-% target
  * [Config] Fix binary-% build target

  [ Upstream Kernel Changes ]

  * Add mount option to check uid of device being mounted = expect uid,
    CVE-2011-1833
    - LP: #732628
    - CVE-2011-1833
  * ipv6: make fragment identifications less predictable, CVE-2011-2699
    - LP: #827685
    - CVE-2011-2699
  * perf: Fix software event overflow, CVE-2011-2918
    - LP: #834121
    - CVE-2011-2918
  * cifs: fix possible memory corruption in CIFSFindNext, CVE-2011-3191
    - LP: #834135
    - CVE-2011-3191
  * befs: Validate length of long symbolic links, CVE-2011-2928
    - LP: #834124
    - CVE-2011-2928
  * gro: Only reset frag0 when skb can be pulled, CVE-2011-2723
    - LP: #844371
    - CVE-2011-2723
  * Validate size of EFI GUID partition entries, CVE-2011-1776
    - LP: #844365
    - CVE-2011-1776
  * inet_diag: fix inet_diag_bc_audit(), CVE-2011-2213
    - LP: #838421
    - CVE-2011-2213
  * si4713-i2c: avoid potential buffer overflow on si4713, CVE-2011-2700
    - LP: #844370
    - CVE-2011-2700
  * Bluetooth: Prevent buffer overflow in l2cap config request,
    CVE-2011-2497
    - LP: #838423
    - CVE-2011-2497
  * core: Fix memory leak/corruption on VLAN GRO_DROP, CVE-2011-1576
    - LP: #844361
    - CVE-2011-1576
 -- Herton Ronaldo Krzesinski <[email protected]>   Thu, 13 Oct 
2011 14:45:27 -0300

** Changed in: linux-lts-backport-maverick (Ubuntu Lucid)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1576

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1776

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1833

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2213

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2497

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2699

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2700

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2723

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2918

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2928

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3191

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/869203

Title:
  CVE-2011-1479

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/869203/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 869203] Re: CVE-2011-1479

Reply via email to