Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Ubuntu Kernel Team (http://www.linux-archive.org/ubuntu-kernel-team/)
-   -   First round of CVE fixes (http://www.linux-archive.org/ubuntu-kernel-team/533507-first-round-cve-fixes.html)

Paolo Pisati 06-01-2011 10:23 AM

First round of CVE fixes
 
The following changes since commit 50173a10506485bd731f62bcbd7c9410a1fb5b43:

UBUNTU: Ubuntu-2.6.31-608.25 (2011-05-27 18:41:05 +0200)

are available in the git repository at:
git://kernel.ubuntu.com/ppisati/ubuntu-lucid.git fsl-imx51

Andy Whitcroft (1):
net: packet: fix information leak to userland, CVE-2010-3876

Dan Carpenter (1):
gdth: integer overflow in ioctl

Dan Rosenberg (4):
ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory
drivers/video/via/ioctl.c: prevent reading uninitialized stack memory
sys_semctl: fix kernel stack leakage
mpt2sas: prevent heap overflows and unchecked reads

John Hughes (1):
x25: Patch to fix bug 15678 - x25 accesses fields beyond end of
packet.

Julien Tinnes (1):
Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the
signal code

Kees Cook (2):
net: ax25: fix information leak to userland harder, CVE-2010-3875
net: clear heap allocations for privileged ethtool actions

Kulikov Vasiliy (1):
net: tipc: fix information leak to userland, CVE-2010-3877

Linus Torvalds (4):
net: fix rds_iovec page count overflow, CVE-2010-3865
net: Truncate recvfrom and sendto length to INT_MAX.
next_pidmap: fix overflow condition
proc: do proper range check on readdir offset

Nelson Elhage (1):
inet_diag: Make sure we actually run the same bytecode we audited,
CVE-2010-3880

Oleg Nesterov (2):
posix-cpu-timers: workaround to suppress the problems with mt exec
exec: make argv/envp memory visible to oom-killer

Oliver Hartkopp (2):
can-bcm: fix minor heap overflow
can: add missing socket check in can/raw release

Paolo Pisati (1):
UBUNTU: Start new release

Roland Dreier (1):
Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo

Timo Warns (1):
fs/partitions/ldm.c: fix oops caused by corrupted partition table,
CVE-2011-1017

Vasiliy Kulikov (3):
net: ax25: fix information leak to userland, CVE-2010-3875
agp: fix arbitrary kernel memory writes
agp: fix OOM and buffer overflow

andrew hendry (1):
memory corruption in X.25 facilities parsing

.../abi/{2.6.31-608.24 => 2.6.31-608.25}/abiname | 0
.../{2.6.31-608.24 => 2.6.31-608.25}/armel/imx51 | 0
.../armel/imx51.modules | 0
debian.fsl-imx51/changelog | 8 +++
drivers/char/agp/generic.c | 19 ++++++--
drivers/scsi/gdth.c | 8 +++
drivers/scsi/mpt2sas/mpt2sas_ctl.c | 23 +++++++++-
drivers/video/via/ioctl.c | 2 +
fs/exec.c | 28 +++++++++++-
fs/partitions/ldm.c | 16 +++++--
fs/proc/base.c | 9 +++-
include/linux/binfmts.h | 1 +
include/linux/pid.h | 2 +-
include/net/netlink.h | 2 +-
include/net/x25.h | 4 ++
ipc/sem.c | 2 +
kernel/exit.c | 8 +++
kernel/pid.c | 5 ++-
kernel/signal.c | 16 +++++--
net/ax25/af_ax25.c | 2 +-
net/can/bcm.c | 2 +-
net/can/raw.c | 7 +++-
net/core/ethtool.c | 2 +-
net/ipv4/inet_diag.c | 27 +++++++-----
net/packet/af_packet.c | 3 +-
net/rds/rdma.c | 11 +++++
net/socket.c | 4 ++
net/tipc/socket.c | 1 +
net/x25/af_x25.c | 47
+++++++++++++++++++-
net/x25/x25_facilities.c | 20 ++++++--
net/x25/x25_in.c | 17 +++++--
sound/pci/rme9652/hdsp.c | 1 +
sound/pci/rme9652/hdspm.c | 1 +
33 files changed, 251 insertions(+), 47 deletions(-)
rename debian.fsl-imx51/abi/{2.6.31-608.24 => 2.6.31-608.25}/abiname (100%)
rename debian.fsl-imx51/abi/{2.6.31-608.24 =>
2.6.31-608.25}/armel/imx51 (100%)
rename debian.fsl-imx51/abi/{2.6.31-608.24 =>
2.6.31-608.25}/armel/imx51.modules (100%)


(sort-of) top down list of CVE closed in this pull:

CVE-2010-3876, CVE-2010-4157, CVE-2010-4080, CVE-2010-4081,
CVE-2010-4082, CVE-2010-4083, CVE-2011-1494, CVE-2011-1182,
CVE-2010-3875, CVE-2010-4655, CVE-2010-3877, CVE-2010-3865,
CVE-2010-3859, CVE-2011-1593, CVE-2010-3880, CVE-2010-4248,
CVE-2010-4243, CVE-2010-3874, CVE-2011-1748, CVE-2011-1017,
CVE-2010-3875, CVE-1011-2022, CVE-2011-1747, CVE-2010-3873

this one is not a CVE fix:

John Hughes (1):
x25: Patch to fix bug 15678 - x25 accesses fields beyond end of packet.

but is needed for:

andrew hendry (1):
memory corruption in X.25 facilities parsing

All the commits where cherry-picked from lucid, have the upstream sha,
contain the buglink and were previously acked by some of the kteam.

The release is still open since i'm going to push CVE fixes till the
next kernel cut.
--
bye,
p.

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team


All times are GMT. The time now is 08:56 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.