FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Kernel

 
 
LinkBack Thread Tools
 
Old 02-12-2012, 05:18 AM
Ben Hutchings
 
Default Bug#659562: Changes from longterm 2.6.32.56

Package: src:linux-2.6
Version: 2.6.32-41
Severity: important

- eCryptfs: Sanitize write counts of /dev/ecryptfs

Limits the size of message writeable to this filesystem control device.
A large message could otherwise result in OOM. I don't think this is
much of a security issue as access to the control device is already
privileged.

- ecryptfs: Improve metadata read failure logging

Logging improvement, may aid recovery from filesystem damage.

- eCryptfs: Make truncate path killable

Allows a task truncating or extending a file on encrypts to be killed
(with signal 9, SIGKILL). Currently this may be a lengthy and
uninterruptible operation, hence a potential DoS.

- drm: Fix authentication kernel crash

Fixes use-after-free, possibly exploitable for privilege escalation.

- crypto: sha512 - make it work, undo percpu message schedule
- crypto: sha512 - reduce stack usage to safe number

SHA-512 normally requires substantial temporary space, which was
allocated per-CPU. This is safe iff the function is not reentrant.
However, since it can actually be used in both process context and in
soft-interrupt context, this may result in incorrect hashes and
consequent data loss.

These changes replace the per-CPU space with a smaller space on the
stack. However, gcc still allocates a lot of stack space on 32-bit
machines, so this requires an additional fix.

- Revert "ARM: 7220/1: mmc: mmci: Fixup error handling for dma"

This has no effect on Debian configurations.

- block: fail SCSI passthrough ioctls on partition devices
- dm: do not forward ioctls from logical volumes to the underlying device

The rest of the fix for CVE-2011-4127, which we already have.

- USB: ftdi_sio: fix TIOCSSERIAL baud_base handling

Rejects an invalid setting for this serial driver. It looks like the
invalid setting would in any case be ignored, so I'm not sure why this
is important.

- USB: ftdi_sio: add PID for TI XDS100v2 / BeagleBone A3
- USB: serial: ftdi additional IDs
- USB: ftdi_sio: Add more identifiers

New hardware support.

- USB: cdc-wdm: updating desc->length must be protected by spin_lock

Fixes part of a data race in this driver, used for some USB-connected
cellular modems (and phones acting as modems), which would lead to
corruption of received data. It doesn't appear to fix the whole
problem, though.

- usb: io_ti: Make edge_remove_sysfs_attrs the port_remove method.

Fixes memory leak on removal of this device (or it might result in a
crash, but I don't think so).

- USB: usbsevseg: fix max length

Adds support for a new variant of the USB seven-segment displays using
longer packets.

- hwmon: (f71805f) Fix clamping of temperature limits

Fixes handling of temperature limit settings that are outside the
hardware range. Previously they would be replaced with 0, which could
potentially trigger the system to shut down.

- hwmon: (sht15) fix bad error code

This driver would leak memory if loaded on a system that did not
specifically support it, and would crash if then removed.

- USB: serial: CP210x: Added USB-ID for the Link Instruments MSO-19

New hardware support.

- USB: cp210x: do not map baud rates to B0

Fixes handling of requests for low baud rates. Not sure why this is
important.

- USB: ftdi_sio: fix initial baud rate

Fixes our bug #658164.

Ben.

--
Ben Hutchings
Horngren's Observation:
Among economists, the real world is often a special case.
 

Thread Tools




All times are GMT. The time now is 05:59 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org