lp://staging/ubuntu/karmic-security/linux-ec2

Created by James Westby and last modified
Get this branch:
bzr branch lp://staging/ubuntu/karmic-security/linux-ec2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

16. By Brad Figg

[ Brad Figg ]

* Release Tracking Bug
  - LP: #737761

[ Brad Figg ]

* Rebased to 2.6.31-23.75

[ Ubuntu: 2.6.31-23.75 ]

* Release Tracking Bug
  - LP: #737663
* do_exit(): make sure that we run with get_fs() == USER_DS,
  CVE-2010-4258
  - LP: #723945
  - CVE-2010-4258
* xfs: always use iget in bulkstat
  - LP: #692848
* x25: Prevent crashing when parsing bad X.25 facilities CVE-2010-4164
  - LP: #731199
  - CVE-2010-4164
* Revised [CVE-2010-4345 Karmic] install_special_mapping skips
  security_file_mmap check. CVE-2010-4346
  - LP: #731971
  - CVE-2010-4346
* econet: Fix crash in aun_incoming(). CVE-2010-4342
  - LP: #736394
  - CVE-2010-4342

15. By Steve Conklin

[ Steve Conklin ]

* Release Tracking Bug
  - LP: #726786
* Rebased to 2.6.31-23.74

[ Ubuntu: 2.6.31-23.74 ]

* Release Tracking Bug
  - LP: #725232
* bluetooth: Fix missing NULL check, CVE-2010-4242
  - LP: #714846
  - CVE-2010-4242
* bio: take care not overflow page count when mapping/copying user data,
  CVE-2010-4162
  - LP: #721441
  - CVE-2010-4162
* filter: make sure filters dont read uninitialized memory
  - LP: #721282
  - CVE-2010-4158
* tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
  - LP: #720189
  - CVE-2010-4077
* block: check for proper length of iov entries in blk_rq_map_user_iov(),
  CVE-2010-4163
  - LP: #721504
  - CVE-2010-4163
* block: check for proper length of iov entries earlier in
  blk_rq_map_user_iov(), CVE-2010-4163
  - LP: #721504
  - CVE-2010-4163
* rds: Integer overflow in RDS cmsg handling, CVE-2010-4175
  - LP: #721455
  - CVE-2010-4175

14. By Stefan Bader

[ Stefan Bader ]

* Rebased to 2.6.31-22.73

[ Ubuntu: 2.6.31-22.73 ]

* Release Tracking Bug
  - LP: #716648
* net: Limit socket I/O iovec total length to INT_MAX., CVE-2010-3859
  - LP: #708839, #711855
  - CVE-2010-4160
* net: Truncate recvfrom and sendto length to INT_MAX., CVE-2010-3859
  - LP: #708839, #711855
  - CVE-2010-4160
* net: fix rds_iovec page count overflow, CVE-2010-3865
  - LP: #709153
  - CVE-2010-3865
* net: ax25: fix information leak to userland, CVE-2010-3875
  - LP: #710714
  - CVE-2010-3875
* net: ax25: fix information leak to userland harder, CVE-2010-3875
  - LP: #710714
  - CVE-2010-3875
* can-bcm: fix minor heap overflow
  - LP: #710680
  - CVE-2010-3874
* memory corruption in X.25 facilities parsing, CVE-2010-3873
  - LP: #709372
  - CVE-2010-3873
* net: packet: fix information leak to userland, CVE-2010-3876
  - LP: #710714
  - CVE-2010-3876
* net: tipc: fix information leak to userland, CVE-2010-3877
  - LP: #711291
  - CVE-2010-3877
* KVM: VMX: fix vmx null pointer dereference on debug register access,
  CVE-2010-0435
  - LP: #712615
  - CVE-2010-0435
* gdth: integer overflow in ioctl, CVE-2010-4157
  - LP: #711797
  - CVE-2010-4157
* posix-cpu-timers: workaround to suppress the problems with mt exec,
  CVE-2010-4248
  - LP: #712609
  - CVE-2010-4248
* ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory,
  CVE-2010-4080, CVE-2010-4081
  - LP: #712723, #712737
  - CVE-2010-4081
* drivers/video/via/ioctl.c: prevent reading uninitialized stack memory,
  CVE-2010-4082
  - LP: #712744
  - CVE-2010-4082
* sys_semctl: fix kernel stack leakage, CVE-2010-4083
  - LP: #712749
  - CVE-2010-4083
* inet_diag: Make sure we actually run the same bytecode we audited,
  CVE-2010-3880
  - LP: #711865
  - CVE-2010-3880

13. By Brad Figg

[ Brad Figg ]

- LP: #698298

[ Brad Figg ]

* Rebased to 2.6.31-22.71

[ Ubuntu: 2.6.31-22.71 ]

* ipc: initialize structure memory to zero for compat functions
* tcp: Increase TCP_MAXSEG socket option minimum.
  - CVE-2010-4165
* perf_events: Fix perf_counter_mmap() hook in mprotect()
  - CVE-2010-4169
* af_unix: limit unix_tot_inflight
  - CVE-2010-4249

12. By Stefan Bader

[ Stefan Bader ]

* Rebased to 2.6.31-22.70

[ Upstream Kernel Changes ]

* xen, compat: Test %rax for the syscall number, not %eax
  - CVE-2010-3301
* xen, compat: Retruncate rax after ia32 syscall entry tracing
  - CVE-2010-3301

[ Ubuntu: 2.6.31-22.70 ]

* Revert "SAUCE: AF_ECONET saddr->cookie prevent NULL pointer
  dereference"
* Revert "SAUCE: AF_ECONET SIOCSIFADDR ioctl does not check privileges"
* Revert "SAUCE: AF_ECONET prevent kernel stack overflow"
* Btrfs: fix checks in BTRFS_IOC_CLONE_RANGE
  - CVE-2010-2538
* xfs: validate untrusted inode numbers during lookup
  - CVE-2010-2943
* xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED
  - CVE-2010-2943
* xfs: remove block number from inode lookup code
  - CVE-2010-2943
* xfs: fix untrusted inode number lookup
  - CVE-2010-2943
* drm/i915: Sanity check pread/pwrite
  - CVE-2010-2962
* drm/i915: Rephrase pwrite bounds checking to avoid any potential
  overflow
  - CVE-2010-2962
* tracing: Do not allow llseek to set_ftrace_filter
  - CVE-2010-3079
* drivers/net/cxgb3/cxgb3_main.c: prevent reading uninitialized stack
  memory
  - CVE-2010-3296
* drivers/net/eql.c: prevent reading uninitialized stack memory
  - CVE-2010-3297
* drivers/net/usb/hso.c: prevent reading uninitialized memory
  - CVE-2010-3298
* setup_arg_pages: diagnose excessive argument size
  - CVE-2010-3858
* net: clear heap allocation for ETHTOOL_GRXCLSRLALL
  - CVE-2010-3861
* ipc: shm: fix information leak to userland
  - CVE-2010-4072
* econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849
  - CVE-2010-3849
* econet: fix CVE-2010-3850
  - CVE-2010-3850
* econet: fix CVE-2010-3848
  - CVE-2010-3848

11. By Stefan Bader

[ Stefan Bader ]

* Rebased to 2.6.31-22.66

[ Ubuntu: 2.6.31-22.66 ]

* SAUCE: (no-up) Modularize vesafb -- fix initialization
  - LP: #611471
* SAUCE: sched: update load count only once per cpu in 10 tick update
  window
  - LP: #513848
* (pre-stable) x86-32, resume: do a global tlb flush in S4 resume
  - LP: #531309
* PCI: Ensure we re-enable devices on resume
  - LP: #566149

[ Ubuntu: 2.6.31-22.65 ]

* x86-64, compat: Test %rax for the syscall number, not %eax
  - CVE-2010-3301
* x86-64, compat: Retruncate rax after ia32 syscall entry tracing
  - CVE-2010-3301
* compat: Make compat_alloc_user_space() incorporate the access_ok()
  - CVE-2010-3081

10. By Stefan Bader

[ Stefan Bader ]

* Rebased to 2.6.31-22.64

[ Ubuntu: 2.6.31-22.64 ]

* SAUCE: (no-up) Modularize vesafb -- fix initialization
  - LP: #611471
* SAUCE: sched: update load count only once per cpu in 10 tick update
  window
  - LP: #513848
* (pre-stable) x86-32, resume: do a global tlb flush in S4 resume
  - LP: #531309
* PCI: Ensure we re-enable devices on resume
  - LP: #566149

9. By Stefan Bader

[ Stefan Bader ]

* Rebased to 2.6.31-21.59

[ Ubuntu: 2.6.31-21.59 ]

* [Config] generic-pae switch to M586TSC
  - LP: #519448
* (pre-stable) drm/i915: Increase fb alignment to 64k
  - LP: #404064
* Input: i8042 - bypass AUX IRQ delivery test on laptops
  - LP: #534448
* SAUCE: Fix volume hotkeys for Dell Studio 1557
  - LP: #465250
* SAUCE: aufs: Fix header files inclusion in debug.h
  - LP: #517151
* [Config] Enable all CGROUP configuration options
  - LP: #480739
* Revert "[Upstream] acerhdf: Limit modalias matching to supported
  boards"
  - LP: #509730
* [Config] ext3 defaults to ordered mode
  - LP: #510067
* [Config] Fix sub-flavours package conflicts
  - LP: #454827
* PCI/cardbus: Add a fixup hook and fix powerpc
  - LP: #455723
* fnctl: f_modown should call write_lock_irqsave/restore
  - LP: #519436
* ACPI: enable C2 and Turbo-mode on Nehalem notebooks on A/C
  - LP: #516325
* tg3: Add 57788, remove 57720
  - LP: #515390
* HID: ignore all recent SoundGraph iMON devices
  - LP: #488443
* Input: ALPS - add interleaved protocol support (Dell E6x00 series)
  - LP: #296610
* acerhdf: limit modalias matching to supported
  - LP: #509730
* ASoC: Do not write to invalid registers on the wm9712.
  - LP: #509730
* cifs: NULL out tcon, pSesInfo, and srvTcp pointers when chasing DFS
  referrals
  - LP: #509730
* clockevents: Prevent clockevent_devices list corruption on cpu hotplug
  - LP: #509730
* dma: at_hdmac: correct incompatible type for argument 1 of
  'spin_lock_bh'
  - LP: #509730
* drivers/net/usb: Correct code taking the size of a pointer
  - LP: #509730
* Libertas: fix buffer overflow in lbs_get_essid()
  - LP: #509730
* md: Fix unfortunate interaction with evms
  - LP: #509730
* pata_cmd64x: fix overclocking of UDMA0-2 modes
  - LP: #509730
* pata_hpt3x2n: fix clock turnaround
  - LP: #509730
* SCSI: fc class: fix fc_transport_init error handling
  - LP: #509730
* sound: sgio2audio/pdaudiocf/usb-audio: initialize PCM buffer
  - LP: #509730
* USB: emi62: fix crash when trying to load EMI 6|2 firmware
  - LP: #509730
* USB: Fix a bug on appledisplay.c regarding signedness
  - LP: #509730
* USB: musb: gadget_ep0: avoid SetupEnd interrupt
  - LP: #509730
* USB: option: support hi speed for modem Haier CE100
  - LP: #490068, #509730
* x86, cpuid: Add "volatile" to asm in native_cpuid()
  - LP: #509730
* e100: Use pci pool to work around GFP_ATOMIC order 5 memory allocation
  failure
  - LP: #509730
* e100: Fix broken cbs accounting due to missing memset.
  - LP: #509730
* hostap: Revert a toxic part of the conversion to net_device_ops
  - LP: #509730
* hwmon: (fschmd) Fix check on unsigned in watchdog_write()
  - LP: #509730
* hwmon: (sht15) Off-by-one error in array index + incorrect constants
  - LP: #509730
* i2c/tsl2550: Fix lux value in extended mode
  - LP: #509730
* ipv6: reassembly: use seperate reassembly queues for conntrack and
  local delivery
  - LP: #509730
* S390: dasd: support DIAG access for read-only devices
  - LP: #509730
* udf: Try harder when looking for VAT inode
  - LP: #509730
* V4L/DVB (13596): ov511.c typo: lock => unlock
  - LP: #509730
* x86/ptrace: make genregs[32]_get/set more robust
  - LP: #509730
* XFS bug in log recover with quota (bugzilla id 855)
  - LP: #509730
* generic_permission: MAY_OPEN is not write access
  - LP: #509730
* memcg: avoid oom-killing innocent task in case of use_hierarchy
  - LP: #509730
* Input: atkbd - add force relese key quirk for Samsung R59P/R60P/R61P
  - LP: #253874, #509730
* Add unlocked version of inode_add_bytes() function
  - LP: #509730
* ext4: fix sleep inside spinlock issue with quota and dealloc (#14739)
  - LP: #509730
* Linux 2.6.31.10
  - LP: #509730
* Linux 2.6.31.11
  - LP: #509730
* quota: decouple fs reserved space from quota reservation
  - LP: #510674
* ext4: Convert to generic reserved quota's space management.
  - LP: #510674
* hwmon: (adt7462) Fix pin 28 monitoring
  - LP: #510674
* netfilter: nf_ct_ftp: fix out of bounds read in update_nl_seq()
  - LP: #510674
* quota: Fix dquot_transfer for filesystems different from ext4
  - LP: #510674
* fix braindamage in audit_tree.c untag_chunk()
  - LP: #510674
* fix more leaks in audit_tree.c tag_chunk()
  - LP: #510674
* ACPI: sleep: another HP DMI entry for init_set_sci_en_on_resume
  - LP: #453963, #510674
* ACPI: add DMI entry for SCI_EN resume quirk on HP dv4
  - LP: #453963, #510674
* ACPI: sleep: another HP/Compaq DMI entries for
  init_set_sci_en_on_resume
  - LP: #453963, #510674
* ACPI: DMI init_set_sci_en_on_resume for HP-Compaq C700
  - LP: #453963, #510674
* Linux 2.6.31.12
  - LP: #510674

8. By Leann Ogasawara

[ John Johansen ]

* [Config] enable ext4 and block loop
  - LP: #428692

7. By Leann Ogasawara

[ Leann Ogasawara ]

* Rebase to 2.6.31-19.56
* XEN: untangle the do_mremap() mess

[ Ubuntu: 2.6.31-19.56 ]

* [Upstream] e1000: enhance frame fragment detection
  - CVE-2009-4536
* [Upstream] e1000e: enhance frame fragment detection
  - CVE-2009-4538
* hfs: fix a potential buffer overflow
  - CVE-2009-4020
* KVM: x86 emulator: limit instructions to 15 bytes
  - CVE-2009-4031
* ext4: Avoid null pointer dereference when decoding EROFS w/o a journal
  - CVE-2009-4308
* firewire: ohci: handle receive packets with a data length of zero
  - CVE-2009-4138
* fasync: split 'fasync_helper()' into separate add/remove functions
  - CVE-2009-4141
* ipv6: skb_dst() can be NULL in ipv6_hop_jumbo().
  - CVE-2010-0006
* kernel/signal.c: fix kernel information leak with print-fatal-signals=1
  - CVE-2010-0003
* netfilter: ebtables: enforce CAP_NET_ADMIN
  - CVE-2010-0007
* untangle the do_mremap() mess
  - CVE-2010-0291

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/lucid/linux-ec2
This branch contains Public information 
Everyone can see this information.

Subscribers