FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 02-11-2011, 07:35 PM
Brad Figg
 
Default CVE-2010-4242

Following this email will be 3 patches associated with this CVE. The patches
apply cleanly to Dapper, Hardy and Karmic. Lucid, Maverick and Natty have
already received this patch as part of upstream stable commits (or just
regular upstream commits).

CVE-2010-4242

The hci_uart_tty_open function in the HCI UART driver
(drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly
other versions, does not verify whether the tty has a write operation,
which allows local users to cause a denial of service (NULL pointer
dereference) via vectors related to the Bluetooth driver.

Alan Cox (1):
bluetooth: Fix missing NULL check, CVE-2010-4242

drivers/bluetooth/hci_ldisc.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 02-11-2011, 08:15 PM
Tim Gardner
 
Default CVE-2010-4242

On 02/11/2011 01:35 PM, Brad Figg wrote:

Following this email will be 3 patches associated with this CVE. The patches
apply cleanly to Dapper, Hardy and Karmic. Lucid, Maverick and Natty have
already received this patch as part of upstream stable commits (or just
regular upstream commits).

CVE-2010-4242

The hci_uart_tty_open function in the HCI UART driver
(drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly
other versions, does not verify whether the tty has a write operation,
which allows local users to cause a denial of service (NULL pointer
dereference) via vectors related to the Bluetooth driver.

Alan Cox (1):
bluetooth: Fix missing NULL check, CVE-2010-4242

drivers/bluetooth/hci_ldisc.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)




Acked-by: Tim Gardner <tim.gardner@canonical.com>

--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 02-14-2011, 08:54 AM
Stefan Bader
 
Default CVE-2010-4242

On 02/11/2011 09:35 PM, Brad Figg wrote:
> Following this email will be 3 patches associated with this CVE. The patches
> apply cleanly to Dapper, Hardy and Karmic. Lucid, Maverick and Natty have
> already received this patch as part of upstream stable commits (or just
> regular upstream commits).
>
> CVE-2010-4242
>
> The hci_uart_tty_open function in the HCI UART driver
> (drivers/bluetooth/hci_ldisc.c) in the Linux kernel 2.6.36, and possibly
> other versions, does not verify whether the tty has a write operation,
> which allows local users to cause a denial of service (NULL pointer
> dereference) via vectors related to the Bluetooth driver.
>
> Alan Cox (1):
> bluetooth: Fix missing NULL check, CVE-2010-4242
>
> drivers/bluetooth/hci_ldisc.c | 7 +++++++
> 1 files changed, 7 insertions(+), 0 deletions(-)
>
>
Acked-by: Stefan Bader <stefan.bader@canonical.com>

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 02-14-2011, 09:02 AM
Stefan Bader
 
Default CVE-2010-4242

Applied and pushed to karmic,hardy,dapper master-next.

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 06:22 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org