Ubuntu
linux-source-2.6.15 package

lp:ubuntu/dapper-updates/linux-source-2.6.15

  1. Dapper (6.06)
  2. dapper-updates
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/dapper-updates/linux-source-2.6.15
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Mature

Recent revisions

68. By Brad Figg

[ Brad Figg ]

* Release Tracking Bug
  - LP: #771895

[Upstream Kernel Changes]

* av7110: check for negative array offset, CVE-2011-0521
  - LP: #767526
  - CVE-2011-0521
* af_unix: limit unix_tot_inflight, CVE-2010-4249
  - LP: #769182
  - CVE-2010-4249
* IB/cm: Bump reference count on cm_id before invoking callback,
  CVE-2011-0695
  - LP: #770369
  - CVE-2011-0695
* fs/partitions/ldm.c: fix oops caused by corrupted partition table,
  CVE-2011-1017
  - LP: #771382
  - CVE-2011-1017
* ldm: corrupted partition table can cause kernel oops, CVE-2011-1017
  - LP: #771382
  - CVE-2011-1017

67. By Brad Figg

[ Brad Figg ]

* Tracking Bug
  - LP: #725090

[ Upstream Kernel Changes ]

* bluetooth: Fix missing NULL check, CVE-2010-4242
  - LP: #714846
  - CVE-2010-4242
* bio: take care not overflow page count when mapping/copying user data,
  CVE-2010-4162
  - LP: #721441
  - CVE-2010-4162
* filter: make sure filters dont read uninitialized memory
  - LP: #721282
  - CVE-2010-4158
* tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
  - LP: #720189
  - CVE-2010-4077
* block: check for proper length of iov entries earlier in
  blk_rq_map_user_iov(), CVE-2010-4163
  - LP: #721504
  - CVE-2010-4163

66. By Steve Conklin

[ Steve Conklin ]

* Tracking Bug
  - LP: #716472

[Upstream Kernel Changes]

* net: Truncate recvfrom and sendto length to INT_MAX., CVE-2010-3859
  - LP: #711855, #708839
  - CVE-2010-4160
* net: Limit socket I/O iovec total length to INT_MAX., CVE-2010-3859
  - LP: #711855, #708839
  - CVE-2010-4160
* net: ax25: fix information leak to userland, CVE-2010-3875
  - LP: #710714
  - CVE-2010-3875
* net: ax25: fix information leak to userland harder, CVE-2010-3875
  - LP: #710714
  - CVE-2010-3875
* memory corruption in X.25 facilities parsing, CVE-2010-3873
  - LP: #709372
  - CVE-2010-3873
* net: packet: fix information leak to userland, CVE-2010-3876
  - LP: #710714
  - CVE-2010-3876
* x86: replace LOCK_PREFIX in futex.h, CVE-2010-3086
  - LP: #706060
  - CVE-2010-3086
* gdth: integer overflow in ioctl, CVE-2010-4157
  - LP: #711797
  - CVE-2010-4157
* ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory,
  CVE-2010-4080, CVE-2010-4081
  - LP: #712723, #712737
  - CVE-2010-4081
* sys_semctl: fix kernel stack leakage, CVE-2010-4083
  - LP: #712749
  - CVE-2010-4083
* inet_diag: Make sure we actually run the same bytecode we audited,
  CVE-2010-3880
  - LP: #711865
  - CVE-2010-3880

65. By Leann Ogasawara

[ Leann Ogasawara ]

- LP: #683908
* Revert "SAUCE: AF_ECONET saddr->cookie prevent NULL pointer
  dereference"
* Revert "SAUCE: AF_ECONET SIOCSIFADDR ioctl does not check privileges"
* Revert "SAUCE: AF_ECONET prevent kernel stack overflow"

[Upstream Kernel Changes]

* xfs: validate untrusted inode numbers during lookup
  - CVE-2010-2943
* xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED
  - CVE-2010-2943
* xfs: remove block number from inode lookup code
  - CVE-2010-2943
* xfs: fix untrusted inode number lookup
  - CVE-2010-2943
* drivers/net/eql.c: prevent reading uninitialized stack memory
  - CVE-2010-3297
* ipc: shm: fix information leak to userland
  - CVE-2010-4072
* econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849
  - CVE-2010-3849
* econet: fix CVE-2010-3850
  - CVE-2010-3850
* econet: fix CVE-2010-3848
  - CVE-2010-3848

64. By Leann Ogasawara

[ Leann Ogasawara ]

* SAUCE: AF_ECONET prevent kernel stack overflow
  - CVE-2010-3848
* SAUCE: AF_ECONET SIOCSIFADDR ioctl does not check privileges
  - CVE-2010-3850
* SAUCE: AF_ECONET saddr->cookie prevent NULL pointer dereference
  - CVE-2010-3849

63. By Steve Conklin

[ Upstream Kernel Changes ]

* mm: Use helper to find real vma with stack guard page
  - LP: #646114
* mm: Do not assume ENOMEM when looking at a split stack vma
  - LP: #646114
* Fix pktcdvd ioctl dev_minor range check
  - CVE-2010-3437
* sctp: Do not reset the packet during sctp_packet_config().
  - CVE-2010-3432
* rose: Fix signedness issues wrt. digi count.
  - CVE-2010-3310
* ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
  - CVE-2010-3080
* aio: check for multiplication overflow in do_io_submit
  - CVE-2010-3067
* jfs: don't allow os2 xattr namespace overlap with others
  - CVE-2010-2946
* net sched: fix some kernel memory leaks
  - CVE-2010-2942
* nfsd4: bug in read_buf
  - CVE-2010-2521
* cifs: Fix a kernel BUG with remote OS/2 server (try #3)
  - CVE-2010-2248

62. By Stefan Bader

[ Upstream Kernel Changes ]

* compat: Make compat_alloc_user_space() incorporate the access_ok()
  - CVE-2010-3081

61. By Stefan Bader

[ Upstream Kernel Changes ]

* mm: keep a guard page below a grow-down stack segment
  - CVE-2010-2240
* mm: fix missing page table unmap for stack guard page failure case
  - CVE-2010-2240
* mm: fix page table unmap for stack guard page properly
  - CVE-2010-2240
* mm: fix up some user-visible effects of the stack guard page
  - CVE-2010-2240
* x86: don't send SIGBUS for kernel page faults
  - CVE-2010-2240
* mm: pass correct mm when growing stack
  - CVE-2010-2240

60. By Stefan Bader

[ Upstream Kernel Changes ]

* sctp: Fix skb_over_panic resulting from multiple invalid parameter
  errors (CVE-2010-1173) (v4)
  - CVE-2010-1173
* sctp: fix append error cause to ERROR chunk correctly
  - CVE-2010-1173
* KEYS: find_keyring_by_name() can gain access to a freed keyring
  - CVE-2010-1437
* sparc64: Fix sun4u execute bit check in TSB I-TLB load.
  - CVE-2010-1451
* nfsd: fix vm overcommit crash
  - CVE-2010-1643
* nfsd: fix vm overcommit crash fix #2
  - CVE-2008-7256

59. By Stefan Bader

[ Upstream Kernel Changes ]

* USB: usbfs: properly clean up the as structure on error paths
  - CVE-2010-1083
* Bluetooth: Fix potential bad memory access with sysfs files
  - CVE-2010-1084
* dvb-core: Fix DoS bug in ULE decapsulation code that can be triggered
  by an invalid Payload Pointer
  - CVE-2010-1086
* GFS2: Skip check for mandatory locks when unlocking
  - CVE-2010-0727
* skb is unexpectedly freed.
  - CVE-2010-1188
* idr: fix a critical misallocation bug, take#2
  - LP: #485556
* NFS: Fix an Oops when truncating a file
  - CVE-2010-1087
* r8169: Fix receive buffer length when MTU is between 1515 and 1536
  - CVE-2009-4537
* r8169: offical fix for CVE-2009-4537 (overlength frame DMAs)
  - CVE-2009-4537
* SCTP: drop SACK if ctsn is not less than the next tsn of assoc
  - CVE-2010-0008
* SCTP: Clean up OOTB handling and fix infinite loop processing
  - CVE-2010-0008
* Fix for CVE-2009-4271
  - CVE-2009-4271

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers