lp:ubuntu/maverick-security/linux-ti-omap4
- Get this branch:
- bzr branch lp:ubuntu/maverick-security/linux-ti-omap4
Branch merges
Branch information
Recent revisions
- 31. By Herton R. Krzesinski
-
[Herton R. Krzesinski]
* Release Tracking Bug
- LP: #942766[ Paolo Pisati ]
* [Config] Move to a 3G/1G memory split
- LP: #861296 - 30. By Paolo Pisati
-
* Release Tracking Bug
- LP: #932237[ Upstream Kernel Changes ]
* net: ip_expire() must revalidate route
- LP: #922051
- CVE-2011-1927
* inotify: stop kernel memory leak on file creation failure
- LP: #917797
- CVE-2010-4250
* inotify: fix double free/corruption of stuct user
- LP: #869203
- CVE-2011-1479
* fuse: verify ioctl retries
- LP: #917804
- CVE-2010-4650
* ima: fix add LSM rule bug
- LP: #917808
- CVE-2011-0006
* bridge: Fix mglist corruption that leads to memory corruption
- LP: #917813
- CVE-2011-0716
* sound/oss: remove offset from load_patch callbacks
- LP: #925337
- CVE-2011-1476
* ARM: 6891/1: prevent heap corruption in OABI semtimedop
- LP: #925373
- CVE-2011-1759
* sound/oss/opl3: validate voice and channel indexes
- LP: #925335
- CVE-2011-1477
* Fix for buffer overflow in ldm_frag_add not sufficient
- LP: #922371
- CVE-2011-2182
* AppArmor: fix oops in apparmor_setprocattr
- LP: #789409
- CVE-2011-3619 - 29. By Paolo Pisati
-
* Release Tracking Bug
- LP: #921471[ Upstream Kernel Changes ]
* Sched: fix skip_clock_update optimization
- LP: #911401
- CVE-2011-4621
* xfs: validate acl count
- LP: #917706
- CVE-2012-0038
* xfs: fix acl count validation in xfs_acl_from_disk()
- LP: #917706
- CVE-2012-0038
* drm: integer overflow in drm_mode_dirtyfb_ ioctl()
- LP: #917838
- CVE-2012-0044 - 28. By Paolo Pisati
-
* Release Tracking Bug
- LP: #911245[ Upstream Kernel Changes ]
* Revert "core: Fix memory leak/corruption on VLAN GRO_DROP,
CVE-2011-1576"
* use cache type functions for arch_get_unmapped_ area
* topdown mmap support
* TPM: Zero buffer after copying to userspace, CVE-2011-1162
- LP: #899463
- CVE-2011-1162
* hfs: fix hfs_find_init() sb->ext_tree NULL ptr oops, CVE-2011-2203
- LP: #899466
- CVE-2011-2203
* KEYS: Fix a NULL pointer deref in the user-defined key type,
CVE-2011-4110
- LP: #894369
- CVE-2011-4110
* gro: reset vlan_tci on reuse
- LP: #844361
- CVE-2011-1576
* b43: allocate receive buffers big enough for max frame len + offset
- LP: #905060
- CVE-2011-3359
* fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message, CVE-2011-3353
- LP: #905058
- CVE-2011-3353 - 27. By Paolo Pisati
-
* Release Tracking Bug
- LP: #897740[ Upstream Kernel Changes ]
* crypto: ghash - Avoid null pointer dereference if no key is set
- LP: #887299
- CVE-2011-4081
* xfs: Fix possible memory corruption in xfs_readlink, CVE-2011-4077
- LP: #887298
- CVE-2011-4077
* jbd/jbd2: validate sb->s_first in journal_get_superblock( )
- LP: #893148
- CVE-2011-4132
* hfs: add sanity check for file name length, CVE-2011-4330
- LP: #894374
- CVE-2011-4330
* ipv6: udp: fix the wrong headroom check
- LP: #894373
- CVE-2011-4326
* mm: make the vma list be doubly linked
- LP: #893190
* mm: make the mlock() stack guard page checks stricter
- LP: #893190
* mm: make stack guard page logic use vm_prev pointer
- LP: #893190
* mm: Move vma_stack_continue into mm.h
- LP: #672664, #893190
* Yama: fix default relationship to check thread group
- LP: #737676, #893190
* Yama: use thread group leader when creating match
- LP: #729839, #893190 - 26. By Paolo Pisati
-
* Release Tracking Bug
- LP: #888569[ Upstream Kernel Changes ]
* mm: avoid wrapping vm_pgoff in mremap(), CVE-2011-2496
- LP: #869243
- CVE-2011-2496
* cifs: clean up cifs_find_smb_ses (try #2), CVE-2011-1585
- LP: #869208
- CVE-2011-1585
* cifs: fix NULL pointer dereference in cifs_find_smb_ses, CVE-2011-1585
- LP: #869208
- CVE-2011-1585
* cifs: check for NULL session password, CVE-2011-1585
- LP: #869208
- CVE-2011-1585 - 25. By Paolo Pisati
-
* Release tracking bug
- LP: #872658[ Upstream Kernel Changes ]
* ext4: Fix max file size and logical block counting of extent format
file, CVE-2011-2695
- LP: #819574
- CVE-2011-2695
* memory corruption in X.25 facilities parsing, CVE-2010-3873
- LP: #709372
- CVE-2010-3873
* cifs: always do is_path_accessible check in cifs_mount, CVE-2011-3363
- LP: #866034
- CVE-2011-3363
* cifs: add fallback in is_path_accessible for old servers, CVE-2011-3363
- LP: #866034
- CVE-2011-3363
* Make TASKSTATS require root access, CVE-2011-2494
- LP: #866021
- CVE-2011-2494
* proc: restrict access to /proc/PID/io, CVE-2011-2495
- LP: #866025
- CVE-2011-2495
* proc: fix a race in do_io_accounting(), CVE-2011-2495
- LP: #866025
- CVE-2011-2495
* staging: comedi: fix infoleak to userspace, CVE-2011-2909
- LP: #869261
- CVE-2011-2909
* perf tools: do not look at ./config for configuration, CVE-2011-2905
- LP: #869259
- CVE-2011-2905
* nl80211: fix overflow in ssid_len - CVE-2011-2517
- LP: #869245
- CVE-2011-2517
* vm: fix vm_pgoff wrap in stack expansion - CVE-2011-2496
- LP: #869243
- CVE-2011-2496
* vm: fix vm_pgoff wrap in upward expansion - CVE-2011-2496
- LP: #869243
- CVE-2011-2496
* ksm: fix NULL pointer dereference in scan_get_next_rmap_ item() -
CVE-2011-2183
- LP: #869227
- CVE-2011-2183
* NLM: Don't hang forever on NLM unlock requests - CVE-2011-2491
- LP: #869237
- CVE-2011-2491 - 24. By Paolo Pisati
-
[ Ming Lei ]
* SAUCE: usb: ehci: make HC see up-to-date qh/qtd descriptor ASAP
- LP: #709245[ Upstream Kernel Changes ]
* cifs: fix possible memory corruption in CIFSFindNext, CVE-2011-3191
- LP: #834135
- CVE-2011-3191
* befs: Validate length of long symbolic links, CVE-2011-2928
- LP: #834124
- CVE-2011-2928
* gro: Only reset frag0 when skb can be pulled, CVE-2011-2723
- LP: #844371
- CVE-2011-2723
* Validate size of EFI GUID partition entries, CVE-2011-1776
- LP: #844365
- CVE-2011-1776
* inet_diag: fix inet_diag_bc_audit( ), CVE-2011-2213
- LP: #838421
- CVE-2011-2213
* si4713-i2c: avoid potential buffer overflow on si4713, CVE-2011-2700
- LP: #844370
- CVE-2011-2700
* Bluetooth: Prevent buffer overflow in l2cap config request,
CVE-2011-2497
- LP: #838423
- CVE-2011-2497
* core: Fix memory leak/corruption on VLAN GRO_DROP, CVE-2011-1576
- LP: #844361
- CVE-2011-1576
* crypto: Move md5_transform to lib/md5.c, CVE-2011-3188
- LP: #834129
- CVE-2011-3188
* net: Compute protocol sequence numbers and fragment IDs using MD5,
CVE-2011-3188
- LP: #834129
- CVE-2011-3188 - 23. By Paolo Pisati
-
* Release tracking bug
- LP: #838037[ Upstream Kernel Changes ]
* ipv6: make fragment identifications less predictable, CVE-2011-2699
- LP: #827685
- CVE-2011-2699
* perf: Fix software event overflow, CVE-2011-2918
- LP: #834121
- CVE-2011-2918
* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
- LP: #813026
- CVE-2011-1020 - 22. By Paolo Pisati
-
* Release tracking bug
- LP: #829655[ Upstream Kernel Changes ]
* drm/radeon/kms: check AA resolve registers on r300, CVE-2011-1016
- LP: #745686
- CVE-2011-1016
* drm/radeon: fix regression with AA resolve checking, CVE-2011-1016
- LP: #745686
- CVE-2011-1016
* can-bcm: fix minor heap overflow
- LP: #690730
* CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565
- LP: #765007
- CVE-2010-4565
* av7110: check for negative array offset
- LP: #747520
* xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1,
CVE-2011-0711
- LP: #767740
- CVE-2011-0711
* ALSA: caiaq - Fix possible string-buffer overflow
- LP: #747520
* IB/cm: Bump reference count on cm_id before invoking callback,
CVE-2011-0695
- LP: #770369
- CVE-2011-0695
* RDMA/cma: Fix crash in request handlers, CVE-2011-0695
- LP: #770369
- CVE-2011-0695
* Treat writes as new when holes span across page boundaries,
CVE-2011-0463
- LP: #770483
- CVE-2011-0463
* net: clear heap allocations for privileged ethtool actions
- LP: #686158
* usb: iowarrior: don't trust report_size for buffer size
- LP: #747520
* fs/partitions/ldm.c: fix oops caused by corrupted partition table,
CVE-2011-1017
- LP: #771382
- CVE-2011-1017
* Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal
code
- LP: #747520
* Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
- LP: #747520
* exec: make argv/envp memory visible to oom-killer
- LP: #690730
* next_pidmap: fix overflow condition
- LP: #772560
* proc: do proper range check on readdir offset
- LP: #772560
* ALSA: sound/pci/asihpi: check adapter index in hpi_ioctl, CVE-2011-1169
- LP: #785331
- CVE-2011-1169
* mpt2sas: prevent heap overflows and unchecked reads, CVE-2011-1494
- LP: #787145
- CVE-2011-1494
* agp: fix arbitrary kernel memory writes, CVE-1011-2022
- LP: #788684
- CVE-1011-2022
* can: add missing socket check in can/raw release, CVE-2011-1748
- LP: #788694
- CVE-2011-1748
* agp: fix OOM and buffer overflow
- LP: #788700
* drivers/net/cxgb3/ cxgb3_main. c: prevent reading uninitialized stack
memory - CVE-2010-3296
- CVE-2010-3296
* drivers/net/eql.c: prevent reading uninitialized stack memory -
CVE-2010-3297
- CVE-2010-3297
* inet_diag: Make sure we actually run the same bytecode we audited,
CVE-2010-3880
- LP: #711865
- CVE-2010-3880
* setup_arg_pages: diagnose excessive argument size - CVE-2010-3858
- LP: #672664
- CVE-2010-3858
* net: Truncate recvfrom and sendto length to INT_MAX - CVE-2010-3859
- LP: #690730
- CVE-2010-3859
* net: Limit socket I/O iovec total length to INT_MAX - CVE-2010-3859
- LP: #690730
- CVE-2010-3859
* ipc: initialize structure memory to zero for compat functions -
CVE-2010-4073
- LP: #690730
- CVE-2010-4073
* ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory -
CVE-2010-4080, CVE-2010-4081
- LP: #672664
- CVE-2010-4080, CVE-2010-4081
* drivers/video/via/ ioctl.c: prevent reading uninitialized stack memory -
CVE-2010-4082
- CVE-2010-4082
* sys_semctl: fix kernel stack leakage, CVE-2010-4083
- LP: #712749
- CVE-2010-4083
* gdth: integer overflow in ioctl - CVE-2010-4157
- LP: #686158
- CVE-2010-4157
* bio: take care not overflow page count when mapping/copying user data -
CVE-2010-4162
- LP: #721441
- CVE-2010-4162
* bluetooth: Fix missing NULL check - CVE-2010-4242
- LP: #686158
* rds: Integer overflow in RDS cmsg handling, CVE-2010-4175
- LP: #721455
- CVE-2010-4175
* perf_events: Fix perf_counter_mmap() hook in mprotect() - CVE-2010-4169
- LP: #690730
- CVE-2010-4169
* block: check for proper length of iov entries in blk_rq_map_user_ iov()
- CVE-2010-4163
- LP: #690730
- CVE-2010-4163
* block: check for proper length of iov entries earlier in
blk_rq_map_user_ iov(), CVE-2010-4163
- LP: #721504
- CVE-2010-4163
* fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
oops
- LP: #795418
- CVE-2011-1577
* Fix corrupted OSF partition table parsing
- LP: #796606
- CVE-2011-1163
* can: Add missing socket check in can/bcm release.
- LP: #796502
- CVE-2011-1598
* proc: protect mm start_code/end_code in /proc/pid/stat
- LP: #799906
- CVE-2011-0726
* tty: icount changeover for other main devices, CVE-2010-4076,
CVE-2010-4077
- LP: #720189
- CVE-2010-4077
* tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
- LP: #794034
- CVE-2010-4077
* posix-cpu-timers: workaround to suppress the problems with mt exec,
CVE-2010-4248
- LP: #712609
- CVE-2010-4248
* Rename 'pipe_info()' to 'get_pipe_info()' CVE-2010-4256
- LP: #799805
- CVE-2010-4256
* Export 'get_pipe_info()' to other users CVE-2010-4256
- LP: #799805
- CVE-2010-4256
* IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649
- LP: #800121
- CVE-2010-4649
* nfs4: Ensure that ACL pages sent over NFS were not allocated from the
slab (v3) CVE-2011-1090
- LP: #800775
- CVE-2011-1090
* epoll: prevent creating circular epoll structures CVE-2011-1082
- LP: #800758
- CVE-2011-1082
* xfs: zero proper structure size for geometry calls CVE-2011-0711
- LP: #767740
- CVE-2011-0711
* ldm: corrupted partition table can cause kernel oops CVE-2011-1012
- LP: #801083
- CVE-2011-1012
* netfilter: ipt_CLUSTERIP: fix buffer overflow CVE-2011-2534
- LP: #801473
- CVE-2011-2534
* netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170
- LP: #801480
- CVE-2011-1170
* netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171
- LP: #801482
- CVE-2011-1171
* ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172
- LP: #801483
- CVE-2011-1172
* econet: 4 byte infoleak to the network CVE-2011-1173
- LP: #801484
- CVE-2011-1173
* fs/partitions: Validate map_count in Mac partition tables CVE-2011-1010
- LP: #804225
- CVE-2011-1010
* drm: fix unsigned vs signed comparison issue in modeset ctl ioctl
CVE-2011-1013
- LP: #804229
* net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules
CVE-2011-1019
- LP: #804366
- CVE-2011-1019
* exec: copy-and-paste the fixes into compat_do_execve() paths
CVE-2010-4243
- LP: #804234
- CVE-2010-4243
* taskstats: don't allow duplicate entries in listener mode,
CVE-2011-2484
- LP: #806390
- CVE-2011-2484
* dccp: handle invalid feature options length, CVE-2011-1770
- LP: #806375
- CVE-2011-1770
* pagemap: close races with suid execve, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* report errors in /proc/*/*map* sanely, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* close race in /proc/*/environ, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* auxv: require the target to be tracable (or yourself), CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
- LP: #813026
- CVE-2011-1020
* dccp: fix oops on Reset after close, CVE-2011-1093
- LP: #814087
- CVE-2011-1093
* Bluetooth: sco: fix information leak to userspace, CVE-2011-1078
- LP: #816542
- CVE-2011-1078
* Bluetooth: bnep: fix buffer overflow, CVE-2011-1079
- LP: #816544
- CVE-2011-1079
* bridge: netfilter: fix information leak, CVE-2011-1080
- LP: #816545
- CVE-2011-1080
* gro: Reset dev pointer on reuse, CVE-2011-1478
- LP: #816549
- CVE-2011-1478
* gro: reset skb_iif on reuseu, CVE-2011-1478
- LP: #816549
- CVE-2011-1478
* char/tpm: Fix unitialized usage of data buffer, CVE-2011-1160
- LP: #816546
- CVE-2011-1160
* irda: validate peer name and attribute lengths, CVE-2011-1180
- LP: #816547
- CVE-2011-1180
* ROSE: prevent heap corruption with bad facilities, CVE-2011-1493
- LP: #816550
- CVE-2011-1493
* rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
- LP: #816550
- CVE-2011-1493
* Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
- LP: #819569
- CVE-2011-2492
* Add mount option to check uid of device being mounted = expect uid,
CVE-2011-1833
- LP: #732628
- CVE-2011-1833
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/linux-ti-omap4