lp:ubuntu/feisty-security/linux-source-2.6.20

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

37. By Stefan Bader on 2008-08-14

[Upstream Kernel Changes]

* (CVE-2008-0598) mm: trim more holes
* Fix compiler warning on 64-bit
  follow-up for CVE-2008-1673
* netfilter: nf_nat_snmp_basic: fix a range check in NAT for SNMP

36. By Tim Gardner on 2008-07-01

[Upstream Kernel Changes]

* (CVE-2007-6282) [ESP]: Ensure IV is in linear part of the skb to avoid
  BUG() due to OOB access
* (CVE-2008-1673) asn1: additional sanity checking during BER decoding
* (CVE-2008-2136) sit: Add missing kfree_skb() on pskb_may_pull()
  failure.
* (CVE-2008-2137) sparc: Fix mmap VA span checking.
* (CVE-2008-2358) dccp: return -EINVAL on invalid feature length
* (CVE-2008-1615) x86_64: fix CS corruption on iret
* (CVE-2008-2826) sctp: Make sure N * sizeof(union sctp_addr) does not
  overflow.

[Tim Gardner]

* Fixed modules file sorting by forcing both ABI files to be lexigraphical.
* Add lds linker file to headers package for ia64 external modules linking.

35. By Ben Collins on 2008-05-20

[Upstream Kernel Changes]

* CVE-2007-5904: [CIFS] Fix buffer overflow if server sends corrupt
  response to small request
* [IA64] Fix unaligned handler for floating point instructions with base
  update
* CVE-2007-6694: [POWERPC] CHRP: Fix possible NULL pointer dereference
* vm audit: add VM_DONTEXPAND to mmap for drivers that need it
  (CVE-2008-0007)
* CVE-2008-1294: CPU time limit patch / setrlimit(RLIMIT_CPU, 0) cheat
  fix
* fix SMP ordering hole in fcntl_setlk() (CVE-2008-1669)
* Fix dnotify/close race (CVE-2008-1375)
* Convert snd-page-alloc proc file to use seq_file (CVE-2007-4571)
* hrtimer: check relative timeouts for overflow

34. By Tim Gardner on 2008-02-11

[Tim Gardner]

* splice: fix user pointer access in get_iovec_page_array()
  (CVE-2008-0600)
  - GIT-SHA 9ba4693de4d2e7da123589c3e592ea08eaf9e575

33. By Tim Gardner on 2008-01-22

[Kees Cook]

* fix NFSv4 client mount regression
  - GIT-SHA 7a9e181ce37e0a862261b1814ee3ef358036dd5e
  - Bug #164231
* ppc64: fix corrupted sigcontext during FPU stress (CVE-2007-3107)
  - GIT-SHA 7117942afa58a6331cc2abc498541b2784cf79ac

[Upstream Kernel Changes]

* minixfs: limit minixfs printks on corrupted dir i_size (CVE-2006-6058)
* [IPV6]: Do no rely on skb->dst before it is assigned. (CVE-2007-4567)
* [JFFS2] Fix ACL vs. mode handling. (CVE-2007-4849)
* [IEEE80211]: avoid integer underflow for runt rx frames (CVE-2007-4997)
* USB: fix DoS in pwc USB video driver (CVE-2007-5093)
* Fix debug regression in video/pwc
* wait_task_stopped: Check p->exit_state instead of TASK_TRACED
  (CVE-2007-5500)
* fix DLM regression
* CVE-2008-0001: Use access mode instead of open flags to determine
  needed permissions
* hrtimers: avoid overflow for large relative timeouts (CVE-2007-5966)
* isdn: avoid copying overly-long strings (CVE-2007-6063)
* I4L: fix isdn_ioctl memory overrun vulnerability (CVE-2007-6151)
* vfs: coredumping fix (CVE-2007-6206)
* tmpfs: restore missing clear_highpage (CVE-2007-6417)
* [UBUNTU] fs/dlm: Fix regression introduced with last security fix.

32. By Phillip Lougher <email address hidden> on 2007-12-14

[Security]

* NFS: Fix the mount regression
* minixfs: limit minixfs printks on corrupted dir i_size (CVE-2006-6058)
* [IPV6]: Do no rely on skb->dst before it is assigned. (CVE-2007-4567)
* [JFFS2] Fix ACL vs. mode handling. (CVE-2007-4849)
* [IEEE80211]: avoid integer underflow for runt rx frames (CVE-2007-4997)
* USB: fix DoS in pwc USB video driver (CVE-2007-5093)
* Fix debug regression in video/pwc
* wait_task_stopped: Check p->exit_state instead of TASK_TRACED
  (CVE-2007-5500)

[Fabio Massimo Di Nitto]

* fix DLM regression

31. By Tim Gardner on 2007-09-22

[ security ]

* CVE-2007-4573: x86_64: Zero extend all registers after ptrace in 32bit entry path.
* CVE-2007-3731: i386: fixup TRACE_IRQ breakage
* CVE-2007-3731: Handle bogus %cs selector in single-step instruction decoding
* CVE-2007-3739: Don't allow the stack to grow into hugetlb reserved regions
* CVE-2007-3740: [CIFS] CIFS should honour umask

30. By Phillip Lougher <email address hidden> on 2007-08-29

[Phillip Lougher]

* Fix build problem with CVE-2007-3380 patch
  - GIT-SHA 40b2e68a8d1137d2e7f4eb7ce561ccf30ebce4d1
* sysfs_readdir NULL ptr dereference causes kernel oops (CVE-2007-3104)
  - GIT-SHA 5ca45c7e9e3d363c7bd3a5419742cb3368baf474
* Fix VMI lazy mode race (again)
  - GIT-SHA b6fb010967dbc9fcbf1731716927369c9cb89725
* Fix CVE-2007-3848 patch for older kernel
  - GIT-SHA ddc739c7419ffdd584845d1aaa3ee9ded154a951
* Fix paravirt vmalloc bug
  - GIT-SHA c330f3fb3b90703cabc0e485aec3f7545753e289
* Fix race condition in Squashfs cache handling
  - GIT-SHA 00b3f12b4f0a5cbdea6d66587a3cd7ca25375c55

[Tim Gardner]

* Dell Inspiron 1420 no external audio
  - GIT-SHA dc24b94b0d384a70b400d56f97060351f800c3df
  - Bug #119898
* [TG3]: Fix link problem on Dell's onboard 5906.
  - GIT-SHA 7dce7db84f689c27c012d30be00dba2a0b567ff5
  - Bug #121030
* Add AGP support for Intel G33 video. Add 3D/mesa support for Intel G33
  video.
  - GIT-SHA 6331663c669b38521a31b04d4f58f9a888b19d2c
  - Bug #121443
* Touchpad not recognized on Dell Inspiron 1420
  - GIT-SHA 9cfe7aefbb8d5755a636eb104348175738eb4fe0
  - Bug #129477
* Fix another paravirt bug for Feisty
  - GIT-SHA 0d84c3f9a8dce561d393c7ac349014b5f19a4c84

[Upstream Kernel Changes]

* cpuset: prevent information leak in cpuset_tasks_read (CVE-2007-2875)
* NETFILTER: {ip, nf}_conntrack_sctp: fix remotely triggerable NULL ptr
  dereference (CVE-2007-2876)
* [DLM] CVE-2007-3380 A TCP connection to DLM port blocks DLM operations
* [PPPOE]: memory leak when socket is release()d before PPPIOCGCHAN has
  been called on it (CVE-2007-2525)
* fat: fix VFAT compat ioctls on 64-bit systems (CVE-2007-2878)
* random: fix bound check ordering (CVE-2007-3105)
* USB: usblcd doesn't limit memory consumption during write
  (CVE-2007-3513)
* [NETFILTER]: nf_conntrack_h323: add checking of out-of-range on
  choices' index values (CVE-2007-3642)
* drm/i915: Fix i965 secured batchbuffer usage (CVE-2007-3851)
* [CIFS] Fix sign mount option and sign proc config setting
  (CVE-2007-3843)
* Reset current->pdeath_signal on SUID binary execution (CVE-2007-3848)
* aacraid: fix security hole (CVE-2007-4308)

29. By Phillip Lougher <email address hidden> on 2007-06-07

[Phillip Lougher]

* Revert "{ata_,}piix: Consolidate PCI IDs. Move ata_piix pata IDs to
  piix"
  - GIT-SHA d20328e312148f5c47cb38482e967ed9a1b7fdb9

[Tim Gardner]

* Work around Dell E520 BIOS reboot bug.
  - GIT-SHA 7d6ddf6fc8d2b5f40faac3c7915df71b4acb2fd4
  - Bug #114854

[Upstream Kernel Changes]

* Fix VMI logic error
* [CRYPTO] geode: Fix in-place operations and set key (CVE-2007-2451)
* random: fix error in entropy extraction (CVE-2007-2453)
* random: fix seeding with zero entropy (CVE-2007-2453)
* [Bluetooth] Fix L2CAP and HCI setsockopt() information leaks (CVE-2007-1353)

28. By Phillip Lougher <email address hidden> on 2007-05-22

[Ben Collins]

* rtc: Ratelimit "lost interrupts" message.
  - GIT-SHA 0102aad3b17d22e67864aa5afd88bc108b881141
* vbox: Remove this driver. It will be outdated by release.
  - GIT-SHA 60c8a6c1fbe7ed5dc28ccdd5a48c624e9ece56f3
* hppa: Build fixes from jbailey.
  - GIT-SHA 4f87aff6afe3479c98f8a64e05c866027e7d473d
* mmc: Set parent for block dev's to host, not class device.
  - GIT-SHA 0400a0ceb5afa2afcda76c92d4425c4696e72845
  - Bug #99648

[Daniel Chen]

* sound/pci/: Forward-port intel8x0 quirks from ubuntu-edgy.git
  (intel8x0.c)
  - GIT-SHA a2ce991fa1b7d601c428564f3741044a492d13a4
* sound/pci/: Forward-port more intel8x0 quirks from kernel-team@
  (intel8x0.c)
  - GIT-SHA 5263bd37eeeedc72447441bdec9fc47e7cca83d9
* sound/pci/hda/: Revert Toshiba model setting (ALC861_TOSHIBA) for SSID
  1179:ff10 (patch_realtek.c)
  - GIT-SHA b6fffb0f499459dfaef0f022f2da1f3fcb4fbdc2
* sound/pci/hda/: Add missing SSID for ALC861-VD (patch_realtek.c)
  - GIT-SHA 0ca1a43cc8e4d484963a7f6e4866602d5fe576db
* sound/pci/ac97/: Fix regression from Edgy - readd jack sense blacklist
  entries (ac97_patch.c)
  - GIT-SHA 963f93d185fc40ab7853ce75480a5fbcd607e070
* sound/pci/hda/: Fix regression from Edgy - incorrect model quirk for
  ALC861-VD (patch_realtek.c)
  - GIT-SHA 382e158458c0771a6bd48cc8a64df6e24a46682e
* sound/pci/hda/: Fix inaudible sound on yet another Toshiba laptop -
  incorrect model quirk (patch_realtek.c)
  - GIT-SHA fbbec3e6208990a1dbe34766396084d683bc3322

[Fabio M. Di Nitto]

* [OCFS2] Local mounts should skip inode updates
  - GIT-SHA 8cbf682c7a9016caf65fb30bb67d1e2de3e924c6

[Kyle McMartin]

* Enable ICH8GM (Crestline) support
  - GIT-SHA 5b87e59b3898d33e11f71fcc037e7d1c6480aee0
* bcm43xx: Update to 2.6.21
  - GIT-SHA 9424583295f2fa0920a611eb0f37ccd8fb2dc453
* p54pci: Fix error path when eeprom read fails
  - GIT-SHA c10305577fa669b114bcb03d6f80bdcbcd46a93a

[Phillip Lougher]

* Squashfs: add SetPageError handling
  - GIT-SHA ff5082e7b9e1b48d33bbb26fbe9104ee1956688a
* Fix pata_sis crashes preventing booting
  - GIT-SHA 1b27e19fa9145a1579cfecccf7d5be7d7e242e46
  - Bug #107774
* Initialize the Broadcom USB Bluetooth device in Dell laptops.
  - GIT-SHA 0f50a719466ae29c18b9b75df3ae64312d6523cf
* Update tifm driver to 0.8d
  - GIT-SHA 6bec583645852716f3fee4a7d2534be1acf060d6
  - Bug #53923
* sound/pci/hda/: Forcibly set the maximum number of codecs (hda_intel.c)
  - GIT-SHA d8f18e83ea5ef15ab519f6bf03cccb3bdeb2e469
  - Bug #106843
* Change CONFIG_NR_CPUS from 32 to 64.
  - GIT-SHA 00f6cb2c3cda7dab1d02ceb444f5a34506c7a30d

[Tim Gardner]

* Added more USB device IDs
  - GIT-SHA 139e45123031d80bebcb8e609d6a079538db0970
* Prevent i2c_ec module from faulting becasue of uninitialized device
  parent.
  - GIT-SHA 490e63428ab4b3801bc94f520097fd43a57fbc3f
* Initialize the device with the ACPI structure.
  - GIT-SHA 5df920c2fd7da80ea1d47d0c664a747700bf33f1
* Backported from 2.6.21-rc6
  - GIT-SHA 4d0bb04551b393dfc12552d26dff259034c7620c
* Remove vboxdrv from the module lists.
  - GIT-SHA 4aae55dc540f17b7b295047b99f4f68c43d01930
* Cause SoftMac to emit an association event when setting ESSID.
  - GIT-SHA c7a6bbdf4493b2951f02c924bd4a85d01b46c839
  - Bug #https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.20/+bug/103768

[Upstream Kernel Changes]

* ocfs2_dlm: Missing get/put lockres in dlm_run_purge_lockres
* ocfs2_dlm: Add missing locks in dlm_empty_lockres
* ocfs2_dlm: Fix lockres ref counting bug
* ocfs2_dlm: Check for migrateable lockres in dlm_empty_lockres()
* [PS3] Add HV call to local_irq_restore().
* i2c: Remove the warning on missing adapter device
* 2.6.21 fix lba48 bug in libata fill_result_tf()
* futex: PI state locking fix
* [APPLETALK]: Fix a remotely triggerable crash (CVE-2007-1357)
* [IPV6]: Fix for ipv6_setsockopt NULL dereference (CVE-2007-1388)
* DCCP: Fix exploitable hole in DCCP socket options (CVE-2007-1730)
* [IPv4] fib: Fix out of bound access of fib_props[] (CVE-2007-2172)
* (Denial of Service security fix from stable kernel 2.6.20.8)
* (Fix to Denial of Service security fix, from stable kernel 2.6.20.10)
* (ipv6 security bug fix from stable kernel 2.6.20.9)
* (Bug fix to ipv6 security fix, from stable kernel 2.6.20.10)
* [SPARC64]: SUN4U PCI-E controller support.
* [VIDEO]: Add Sun XVR-500 framebuffer driver.
* [VIDEO]: Add Sun XVR-2500 framebuffer driver.
* [SPARC64]: Fix recursion in PROM tree building.
* [SPARC64]: Bump PROMINTR_MAX to 32.
* [SPARC64]: Correct FIRE_IOMMU_FLUSHINV register offset.
* [SPARC64]: Add bq4802 TOD chip support, as found on ultra45.
* [SERIAL] SUNHV: Add an ID string.
* [SPARC64]: Be more resiliant with PCI I/O space regs.
* [SPARC64]: Add missing cpus_empty() check in hypervisor xcall handling.
* Input: i8042 - fix AUX IRQ delivery check
* Input: i8042 - another attempt to fix AUX delivery checks
* Input: i8042 - fix AUX port detection with some chips
* [IPV6]: ipv6_fl_socklist is inadvertently shared. (CVE-2007-1592)

[Wang Zhenyu]

* intel_agp: fix G965 GTT size detect
  - GIT-SHA 8d9fac9fa2123f186f9f7c2b5ba7aaa594de1b58