lp://staging/ubuntu/lucid-security/linux-ec2
- Get this branch:
- bzr branch lp://staging/ubuntu/lucid-security/linux-ec2
Branch merges
Related bugs
Bug #511001: [i855] Lucid Freeze shortly after X startup (needs KMS blacklist?) | High | Confirmed | |
Bug #541492: MASTER: [i845] GPU lockup | Undecided | New | |
Bug #1102374: CVE-2013-0190 | Medium | New |
Related blueprints
Branch information
Recent revisions
- 62. By Stefan Bader
-
[ Stefan Bader ]
* Rebased to Ubuntu-
2.6.32- 49.111
* SAUCE: ec2: Backport x86/mm: Check if PUD is large when validating a
kernel address
- LP: #1193044
* SAUCE: ec2: Backport x86, ioapic: initialize nr_ioapic_registers early
in mp_register_ioapic( )
- LP: #1193044
* Release Tracking Bug
- LP: #1193202[ Ubuntu: 2.6.32-49.111 ]
* Revert "pcdp: use early_ioremap/
early_iounmap to access pcdp table"
- LP: #1193044
* Revert "block: improve queue_should_plug() by looking at IO depths"
- LP: #1193044
* kernel/signal.c: stop info leak via the tkill and the tgkill syscalls
- LP: #1187732
- CVE-2013-2141
* b43: stop format string leaking into error msgs
- LP: #1189833
- CVE-2013-2852
* 2.6.32.y: timekeeping: Fix nohz issue with commit
61b76840ddee647c0c223365378c 3f394355b7d7
- LP: #1193044
* clockevents: Don't allow dummy broadcast timers
- LP: #1193044
* posix-cpu-timers: Fix nanosleep task_struct leak
- LP: #1193044
* timer: Don't reinitialize the cpu base lock during CPU_UP_PREPARE
- LP: #1193044
* tick: Cleanup NOHZ per cpu data on cpu down
- LP: #1193044
* kbuild: Fix gcc -x syntax
- LP: #1193044
* gen_init_cpio: avoid stack overflow when expanding
- LP: #1193044
* coredump: prevent double-free on an error path in core dumper
- LP: #1193044
* kernel/sys.c: call disable_nonboot_ cpus() in kernel_restart()
- LP: #1193044
* ring-buffer: Fix race between integrity check and readers
- LP: #1193044
* genalloc: stop crashing the system when destroying a pool
- LP: #1193044
* kernel/resource.c: fix stack overflow in __reserve_region_ with_split( )
- LP: #1193044
* Driver core: treat unregistered bus_types as having no devices
- LP: #1193044
* cgroup: remove incorrect dget/dput() pair in cgroup_create_dir()
- LP: #1193044
* Fix a dead loop in async_synchronize_full( )
- LP: #1193044
* tracing: Don't call page_to_pfn() if page is NULL
- LP: #1193044
* tracing: Fix double free when function profile init failed
- LP: #1193044
* mm: Fix PageHead when !CONFIG_PAGEFLAGS_ EXTENDED
- LP: #1193044
* mm: bugfix: set current->reclaim_ state to NULL while returning from
kswapd()
- LP: #1193044
* mm: fix invalidate_complete_ page2() lock ordering
- LP: #1193044
* mempolicy: fix a race in shared_policy_ replace( )
- LP: #1193044
* ALSA: hda - More ALC663 fixes and support of compatible chips
- LP: #1193044
* ALSA: hda - Add a pin-fix for FSC Amilo Pi1505
- LP: #1193044
* ALSA: seq: Fix missing error handling in snd_seq_timer_open( )
- LP: #1193044
* ALSA: ac97 - Fix missing NULL check in snd_ac97_cvol_new()
- LP: #1193044
* x86, ioapic: initialize nr_ioapic_registers early in
mp_register_ioapic( )
- LP: #1193044
* x86: Don't use the EFI reboot method by default
- LP: #1193044
* x86, random: make ARCH_RANDOM prompt if EMBEDDED, not EXPERT
- LP: #1193044
* x86/mm: Check if PUD is large when validating a kernel address
- LP: #1193044
* x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates
- LP: #1193044
* xen/bootup: allow read_tscp call for Xen PV guests.
- LP: #1193044
* xen/bootup: allow {read|write}_cr8 pvops call.
- LP: #1193044
* KVM: x86: relax MSR_KVM_SYSTEM_TIME alignment check
- LP: #1193044
* KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set
(CVE-2012-4461)
- LP: #1193044
* MCE: Fix vm86 handling for 32bit mce handler
- LP: #1193044
* ACPI / cpuidle: Fix NULL pointer issues when cpuidle is disabled
- LP: #1193044
* alpha: Add irongate_io to PCI bus resources
- LP: #1193044
* PARISC: fix user-triggerable panic on parisc
- LP: #1193044
* serial: 8250, increase PASS_LIMIT
- LP: #1193044
* drivers/char/ipmi: memcpy, need additional 2 bytes to avoid memory
overflow
- LP: #1193044
* w1: fix oops when w1_search is called from netlink connector
- LP: #1193044
* staging: comedi: ni_labpc: correct differential channel sequence for AI
commands
- LP: #1193044
* staging: comedi: ni_labpc: set up command4 register *after* command3
- LP: #1193044
* staging: comedi: comedi_test: fix race when cancelling command
- LP: #1193044
* staging: comedi: fix memory leak for saved channel list
- LP: #1193044
* staging: comedi: s626: don't dereference insn->data
- LP: #1193044
* staging: comedi: jr3_pci: fix iomem dereference
- LP: #1193044
* staging: comedi: don't dereference user memory for INSN_INTTRIG
- LP: #1193044
* staging: comedi: check s->async for poll(), read() and write()
- LP: #1193044
* staging: comedi: das08: Correct AO output for das08jr-16-ao
- LP: #1193044
* staging: vt6656: [BUG] out of bound array reference in RFbSetPower.
- LP: #1193044
* libata: fix Null pointer dereference on disk error
- LP: #1193044
* scsi: Silence unnecessary warnings about ioctl to partition
- LP: #1193044
* scsi: use __uX types for headers exported to user space
- LP: #1193044
* fix crash in scsi_dispatch_cmd()
- LP: #1193044
* SCSI: bnx2i: Fixed NULL ptr deference for 1G bnx2 Linux iSCSI offload
- LP: #1193044
* crypto: cryptd - disable softirqs in cryptd_queue_worker to prevent
data corruption
- LP: #1193044
* xfrm_user: return error pointer instead of NULL #2
- LP: #1193044
* r8169: correct settings of rtl8102e.
- LP: #1193044
* r8169: remove the obsolete and incorrect AMD workaround
- LP: #1193044
* r8169: Add support for D-Link 530T rev C1 (Kernel Bug 38862)
- LP: #1193044
* r8169: incorrect identifier for a 8168dp
- LP: #1193044
* b43legacy: Fix crash on unload when firmware not available
- LP: #1193044
* tg3: Avoid null pointer dereference in tg3_interrupt in netconsole mode
- LP: #1193044
* IPoIB: Fix use-after-free of multicast object
- LP: #1193044
* telephony: ijx: buffer overflow in ixj_write_cid()
- LP: #1193044
* Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER)
- LP: #1193044
* xhci: Make handover code more robust
- LP: #1193044
* USB: whiteheat: fix memory leak in error path
- LP: #1193044
* USB: serial: Fix memory leak in sierra_release()
- LP: #1193044
* USB: mos7840: fix urb leak at release
- LP: #1193044
* USB: mos7840: fix port-device leak in error path
- LP: #1193044
* USB: garmin_gps: fix memory leak on disconnect
- LP: #1193044
* USB: serial: ftdi_sio: Handle the old_termios == 0 case e.g.
uart_resume_ port()
- LP: #1193044
* USB: ftdi_sio: Quiet sparse noise about using plain integer was NULL
pointer
- LP: #1193044
* epoll: prevent missed events on EPOLL_CTL_MOD
- LP: #1193044
* fs/fscache/stats.c: fix memory leak
- LP: #1193044
* sysfs: sysfs_pathname/sysfs_add_ one: Use strlcat() instead of strcat()
- LP: #1193044
* jbd: Delay discarding buffers in journal_unmap_buffer
- LP: #1193044
* jbd: Fix assertion failure in commit code due to lacking transaction
credits
- LP: #1193044
* jbd: Fix lock ordering bug in journal_unmap_buffer( )
- LP: #1193044
* ext4: Fix fs corruption when make_indexed_dir() fails
- LP: #1193044
* ext4: don't dereference null pointer when make_indexed_dir() fails
- LP: #1193044
* ext4: fix memory leak in ext4_xattr_set_acl( )'s error path
- LP: #1193044
* ext4: online defrag is not supported for journaled files
- LP: #1193044
* ext4: always set i_op in ext4_mknod()
- LP: #1193044
* ext4: fix fdatasync() for files with only i_size changes
- LP: #1193044
* ext4: lock i_mutex when truncating orphan inodes
- LP: #1193044
* ext4: fix race in ext4_mb_add_n_trim( )
- LP: #1193044
* ext4: limit group search loop for non-extent files
- LP: #1193044
* CVE-2012-4508 kernel: ext4: AIO vs fallocate stale data exposure
- LP: #1193044
- CVE-2012-4508 kernel: ext4: AIO vs fallocate stale data exposure
* ext4: make orphan functions be no-op in no-journal mode
- LP: #1193044
* ext4: avoid hang when mounting non-journal filesystems with orphan list
- LP: #1193044
* udf: fix memory leak while allocating blocks during write
- LP: #1193044
* udf: Fix bitmap overflow on large filesystems with small block size
- LP: #1193044
* fs/cifs/cifs_dfs_ ref.c: fix potential memory leakage
- LP: #1193044
* fat: Fix stat->f_namelen
- LP: #1193044
* hfsplus: fix potential overflow in hfsplus_file_truncate( )
- LP: #1193044
* btrfs: use rcu_barrier() to wait for bdev puts at unmount
- LP: #1193044
* kernel panic when mount NFSv4
- LP: #1193044
* nfsd4: fix oops on unusual readlike compound
- LP: #1193044
* net/core: Fix potential memory leak in dev_set_alias()
- LP: #1193044
* net: reduce net_rx_action() latency to 2 HZ
- LP: #1193044
* softirq: reduce latencies
- LP: #1193044
* af_packet: remove BUG statement in tpacket_destruct_ skb
- LP: #1193044
* bridge: set priority of STP packets
- LP: #1193044
* bonding: Fix slave selection bug.
- LP: #1193044
* ipv4: check rt_genid in dst_check
- LP: #1193044
* net_sched: gact: Fix potential panic in tcf_gact().
- LP: #1193044
* net: sched: integer overflow fix
- LP: #1193044
* net: prevent setting ttl=0 via IP_TTL
- LP: #1193044
* net: guard tcp_set_keepalive() to tcp sockets
- LP: #1193044
* inet: add RCU protection to inet->opt
- LP: #1193044
* tcp: allow splice() to build full TSO packets
- LP: #1193044
* tcp: fix MSG_SENDPAGE_NOTLAST logic
- LP: #1193044
* tcp: preserve ACK clocking in TSO
- LP: #1193044
* unix: fix a race condition in unix_release()
- LP: #1193044
* sctp: fix memory leak in sctp_datamsg_from_user( ) when copy from user
space fails
- LP: #1193044
* net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree
- LP: #1193044
* net: sctp: sctp_endpoint_free: zero out secret key data
- LP: #1193044
* net: sctp: sctp_auth_key_put: use kzfree instead of kfree
- LP: #1193044
* netfilter: nf_ct_ipv4: packets with wrong ihl are invalid
- LP: #1193044
* ipvs: allow transmit of GRO aggregated skbs
- LP: #1193044
* ipvs: IPv6 MTU checking cleanup and bugfix
- LP: #1193044
* isdnloop: fix and simplify isdnloop_init()
- LP: #1193044
* mpt2sas: Send default descriptor for RAID pass through in mpt2ctl
- LP: #1193044
* x86, ptrace: fix build breakage with gcc 4.7
- LP: #1193044
* Linux 2.6.32.61
- LP: #1193044 - 61. By Stefan Bader
-
[ Stefan Bader ]
* Rebased to Ubuntu-
2.6.32- 48.110
* Release Tracking Bug
- LP: #1186479[ Ubuntu: 2.6.32-48.110 ]
* (config) Import Xen specific config options from ec2
- LP: #1177431
* SAUCE: xen: Send spinlock IPI to all waiters
- LP: #1011792, #1177431
* ax25: fix info leak via msg_name in ax25_recvmsg()
- LP: #1172366
- CVE-2013-3223
* Bluetooth: fix possible info leak in bt_sock_recvmsg()
- LP: #1172368
- CVE-2013-3224
* tipc: fix info leaks via msg_name in recv_msg/recv_stream
- LP: #1172403
- CVE-2013-3235
* rose: fix info leak via msg_name in rose_recvmsg()
- LP: #1172394
- CVE-2013-3234
* Bluetooth: RFCOMM - Fix missing msg_namelen update in
rfcomm_sock_recvmsg( )
- LP: #1172369
- CVE-2013-3225
* atm: update msg_namelen in vcc_recvmsg()
- LP: #1172365
- CVE-2013-3222
* KVM: Fix bounds checking in ioapic indirect register reads
(CVE-2013-1798)
- LP: #1158262
- CVE-2013-1798
* llc: Fix missing msg_namelen update in llc_ui_recvmsg()
- LP: #1172385
- CVE-2013-3231
* netrom: fix info leak via msg_name in nr_recvmsg()
- LP: #1172386
- CVE-2013-3232
* irda: Fix missing msg_namelen update in irda_recvmsg_dgram()
- LP: #1172380
- CVE-2013-3228
* iucv: Fix missing msg_namelen update in iucv_sock_recvmsg()
- LP: #1172381
- CVE-2013-3229 - 60. By Stefan Bader
-
[ Stefan Bader ]
* Rebased to Ubuntu-
2.6.32- 47.109
* Release Tracking Bug
- LP: #1177308[ Ubuntu: 2.6.32-47.109 ]
* [packaging] Bump ABI for every new release
* fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check
- LP: #1167061
- CVE-2013-1928
* dcbnl: fix various netlink info leaks
- LP: #1158965
- CVE-2013-2634
* USB: cdc-wdm: fix buffer overflow
- LP: #1156784
- CVE-2013-1860
* isofs: avoid info leak on export
- LP: #1156774
- CVE-2012-6549
* xfrm_user: return error pointer instead of NULL
- LP: #1155026
- CVE-2013-1826 - 59. By Stefan Bader
-
[ Stefan Bader ]
* Rebased to Ubuntu-
2.6.32- 46.108
* Release Tracking Bug
- LP: #1168185[ Ubuntu: 2.6.32-46.108 ]
* SAUCE: (no-up) apparmor: Fix quieting of audit messages for network
mediation
- LP: #1163259
* llc: fix info leak via getsockname()
- LP: #1156743
- CVE-2012-6542
* Bluetooth: L2CAP - Fix info leak via getsockname()
- LP: #1156751
- CVE-2012-6544
* Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER)
- LP: #1156751
- CVE-2012-6544
* Bluetooth: RFCOMM - Fix info leak via getsockname()
- LP: #1156757
- CVE-2012-6545
* Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST)
- LP: #1156757
- CVE-2012-6545
* atm: fix info leak via getsockname()
- LP: #1156759
- CVE-2012-6546
* atm: fix info leak in getsockopt(SO_ATMPVC)
- LP: #1156759
- CVE-2012-6546
* udf: avoid info leak on export
- LP: #1156768
- CVE-2012-6548
* KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME
(CVE-2013-1796)
- LP: #1158254
- CVE-2013-1796
* Bluetooth: Fix incorrect strncpy() in hidp_setup_hid()
- LP: #1134503
- CVE-2013-0349
* USB: io_ti: Fix NULL dereference in chase_port()
- LP: #1143817
- CVE-2013-1774
* x86/xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS.
- LP: #1143796
- CVE-2013-0228 - 58. By Stefan Bader
-
[ Stefan Bader ]
* Rebased to Ubuntu-
2.6.32- 46.107
* Release Tracking Bug
- LP: #1159191[ Ubuntu: 2.6.32-46.107 ]
* SAUCE: signal: Fix use of missing sa_restorer field
- LP: #1153813
- CVE-2013-0914
* ipvs: fix info leak in getsockopt(IP_VS_SO_ GET_TIMEOUT)
- LP: #1156732
- CVE-2012-6540
* kernel/signal.c: use __ARCH_HAS_SA_ RESTORER instead of SA_RESTORER
- LP: #1153813
- CVE-2013-0914[ Ubuntu: 2.6.32-46.106 ]
* tmpfs: fix use-after-free of mempolicy object
- LP: #1143815
- CVE-2013-1767
* keys: fix race with concurrent install_user_keyrings( )
- LP: #1152788
- CVE-2013-1792
* signal: always clear sa_restorer on execve
- LP: #1153813
- CVE-2013-0914
* Fix ptrace when task is in task_is_stopped(), state
- LP: #1145234
* xfrm_user: fix info leak in copy_to_user_tmpl()
- LP: #1156716
- CVE-2012-6537
* xfrm_user: fix info leak in copy_to_user_policy( )
- LP: #1156716
- CVE-2012-6537
* xfrm_user: fix info leak in copy_to_user_state( )
- LP: #1156716
- CVE-2012-6537
* net: fix info leak in compat dev_ifconf()
- LP: #1156728
- CVE-2012-6539 - 57. By Stefan Bader
-
[ Stefan Bader ]
* Rebased to Ubuntu-
2.6.32- 46.105
* XEN: fix pmd_present for split_huge_page and PROT_NONE with THP
- LP: #1130943
- CVE-2013-0309
* (buildenv) arch/x86/kernel/ msr.c is not deviated
* Release Tracking Bug
- LP: #1137197[ Ubuntu: 2.6.32-46.105 ]
* x86/msr: Add capabilities check
- LP: #1123049
- CVE-2013-0268
* mm: thp: fix pmd_present for split_huge_page and PROT_NONE with THP
- LP: #1130943
- CVE-2013-0309
* NLS: improve UTF8 -> UTF16 string conversion routine
- LP: #1134523
- CVE-2013-1773 - 56. By Stefan Bader
-
[ Stefan Bader ]
* Rebased to Ubuntu-
2.6.32- 45.104
* Release Tracking Bug
- LP: #1119764[ Ubuntu: 2.6.32-45.104 ]
* ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread
- LP: #1129192
- CVE-2013-0871
* ptrace: introduce signal_wake_up_ state() and ptrace_ signal_ wake_up( )
- LP: #1129192
- CVE-2013-0871
* ptrace: ensure arch_ptrace/ptrace_ request can never race with SIGKILL
- LP: #1129192
- CVE-2013-0871
* wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED
task
- LP: #1129192
- CVE-2013-0871 - 55. By Stefan Bader
-
[ Stefan Bader ]
* Rebased to Ubuntu-
2.6.32- 45.103
* Release Tracking Bug
- LP: #1119764[ Ubuntu: 2.6.32-45.103 ]
* [debian] Remove dangling symlink from headers package
- LP: #1112442
* xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS
guests.
- LP: #1102374
- CVE-2013-0190 - 54. By Stefan Bader
-
[ Stefan Bader ]
* Rebased to Ubuntu-
2.6.32- 45.102
* Release Tracking Bug
- LP: #1095803[ Ubuntu: 2.6.32-45.102 ]
* SAUCE: exec: do not leave bprm->interp on stack
- LP: #1068888
- CVE-2012-4530
* exec: use -ELOOP for max recursion depth
- LP: #1068888
- CVE-2012-4530 - 53. By Stefan Bader
-
[ Stefan Bader ]
* Rebased to Ubuntu-
2.6.32- 45.101
* Release Tracking Bug
- LP: #1086183[ Ubuntu: 2.6.32-45.101 ]
* ipv6: discard overlapping fragment
- LP: #1079859
- CVE-2012-4444
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/maverick/linux-ec2