lp:ubuntu/lucid-security/linux-ec2

Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/lucid-security/linux-ec2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

62. By Stefan Bader

[ Stefan Bader ]

* Rebased to Ubuntu-2.6.32-49.111
* SAUCE: ec2: Backport x86/mm: Check if PUD is large when validating a
  kernel address
  - LP: #1193044
* SAUCE: ec2: Backport x86, ioapic: initialize nr_ioapic_registers early
  in mp_register_ioapic()
  - LP: #1193044
* Release Tracking Bug
  - LP: #1193202

[ Ubuntu: 2.6.32-49.111 ]

* Revert "pcdp: use early_ioremap/early_iounmap to access pcdp table"
  - LP: #1193044
* Revert "block: improve queue_should_plug() by looking at IO depths"
  - LP: #1193044
* kernel/signal.c: stop info leak via the tkill and the tgkill syscalls
  - LP: #1187732
  - CVE-2013-2141
* b43: stop format string leaking into error msgs
  - LP: #1189833
  - CVE-2013-2852
* 2.6.32.y: timekeeping: Fix nohz issue with commit
  61b76840ddee647c0c223365378c3f394355b7d7
  - LP: #1193044
* clockevents: Don't allow dummy broadcast timers
  - LP: #1193044
* posix-cpu-timers: Fix nanosleep task_struct leak
  - LP: #1193044
* timer: Don't reinitialize the cpu base lock during CPU_UP_PREPARE
  - LP: #1193044
* tick: Cleanup NOHZ per cpu data on cpu down
  - LP: #1193044
* kbuild: Fix gcc -x syntax
  - LP: #1193044
* gen_init_cpio: avoid stack overflow when expanding
  - LP: #1193044
* coredump: prevent double-free on an error path in core dumper
  - LP: #1193044
* kernel/sys.c: call disable_nonboot_cpus() in kernel_restart()
  - LP: #1193044
* ring-buffer: Fix race between integrity check and readers
  - LP: #1193044
* genalloc: stop crashing the system when destroying a pool
  - LP: #1193044
* kernel/resource.c: fix stack overflow in __reserve_region_with_split()
  - LP: #1193044
* Driver core: treat unregistered bus_types as having no devices
  - LP: #1193044
* cgroup: remove incorrect dget/dput() pair in cgroup_create_dir()
  - LP: #1193044
* Fix a dead loop in async_synchronize_full()
  - LP: #1193044
* tracing: Don't call page_to_pfn() if page is NULL
  - LP: #1193044
* tracing: Fix double free when function profile init failed
  - LP: #1193044
* mm: Fix PageHead when !CONFIG_PAGEFLAGS_EXTENDED
  - LP: #1193044
* mm: bugfix: set current->reclaim_state to NULL while returning from
  kswapd()
  - LP: #1193044
* mm: fix invalidate_complete_page2() lock ordering
  - LP: #1193044
* mempolicy: fix a race in shared_policy_replace()
  - LP: #1193044
* ALSA: hda - More ALC663 fixes and support of compatible chips
  - LP: #1193044
* ALSA: hda - Add a pin-fix for FSC Amilo Pi1505
  - LP: #1193044
* ALSA: seq: Fix missing error handling in snd_seq_timer_open()
  - LP: #1193044
* ALSA: ac97 - Fix missing NULL check in snd_ac97_cvol_new()
  - LP: #1193044
* x86, ioapic: initialize nr_ioapic_registers early in
  mp_register_ioapic()
  - LP: #1193044
* x86: Don't use the EFI reboot method by default
  - LP: #1193044
* x86, random: make ARCH_RANDOM prompt if EMBEDDED, not EXPERT
  - LP: #1193044
* x86/mm: Check if PUD is large when validating a kernel address
  - LP: #1193044
* x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates
  - LP: #1193044
* xen/bootup: allow read_tscp call for Xen PV guests.
  - LP: #1193044
* xen/bootup: allow {read|write}_cr8 pvops call.
  - LP: #1193044
* KVM: x86: relax MSR_KVM_SYSTEM_TIME alignment check
  - LP: #1193044
* KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set
  (CVE-2012-4461)
  - LP: #1193044
* MCE: Fix vm86 handling for 32bit mce handler
  - LP: #1193044
* ACPI / cpuidle: Fix NULL pointer issues when cpuidle is disabled
  - LP: #1193044
* alpha: Add irongate_io to PCI bus resources
  - LP: #1193044
* PARISC: fix user-triggerable panic on parisc
  - LP: #1193044
* serial: 8250, increase PASS_LIMIT
  - LP: #1193044
* drivers/char/ipmi: memcpy, need additional 2 bytes to avoid memory
  overflow
  - LP: #1193044
* w1: fix oops when w1_search is called from netlink connector
  - LP: #1193044
* staging: comedi: ni_labpc: correct differential channel sequence for AI
  commands
  - LP: #1193044
* staging: comedi: ni_labpc: set up command4 register *after* command3
  - LP: #1193044
* staging: comedi: comedi_test: fix race when cancelling command
  - LP: #1193044
* staging: comedi: fix memory leak for saved channel list
  - LP: #1193044
* staging: comedi: s626: don't dereference insn->data
  - LP: #1193044
* staging: comedi: jr3_pci: fix iomem dereference
  - LP: #1193044
* staging: comedi: don't dereference user memory for INSN_INTTRIG
  - LP: #1193044
* staging: comedi: check s->async for poll(), read() and write()
  - LP: #1193044
* staging: comedi: das08: Correct AO output for das08jr-16-ao
  - LP: #1193044
* staging: vt6656: [BUG] out of bound array reference in RFbSetPower.
  - LP: #1193044
* libata: fix Null pointer dereference on disk error
  - LP: #1193044
* scsi: Silence unnecessary warnings about ioctl to partition
  - LP: #1193044
* scsi: use __uX types for headers exported to user space
  - LP: #1193044
* fix crash in scsi_dispatch_cmd()
  - LP: #1193044
* SCSI: bnx2i: Fixed NULL ptr deference for 1G bnx2 Linux iSCSI offload
  - LP: #1193044
* crypto: cryptd - disable softirqs in cryptd_queue_worker to prevent
  data corruption
  - LP: #1193044
* xfrm_user: return error pointer instead of NULL #2
  - LP: #1193044
* r8169: correct settings of rtl8102e.
  - LP: #1193044
* r8169: remove the obsolete and incorrect AMD workaround
  - LP: #1193044
* r8169: Add support for D-Link 530T rev C1 (Kernel Bug 38862)
  - LP: #1193044
* r8169: incorrect identifier for a 8168dp
  - LP: #1193044
* b43legacy: Fix crash on unload when firmware not available
  - LP: #1193044
* tg3: Avoid null pointer dereference in tg3_interrupt in netconsole mode
  - LP: #1193044
* IPoIB: Fix use-after-free of multicast object
  - LP: #1193044
* telephony: ijx: buffer overflow in ixj_write_cid()
  - LP: #1193044
* Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER)
  - LP: #1193044
* xhci: Make handover code more robust
  - LP: #1193044
* USB: whiteheat: fix memory leak in error path
  - LP: #1193044
* USB: serial: Fix memory leak in sierra_release()
  - LP: #1193044
* USB: mos7840: fix urb leak at release
  - LP: #1193044
* USB: mos7840: fix port-device leak in error path
  - LP: #1193044
* USB: garmin_gps: fix memory leak on disconnect
  - LP: #1193044
* USB: serial: ftdi_sio: Handle the old_termios == 0 case e.g.
  uart_resume_port()
  - LP: #1193044
* USB: ftdi_sio: Quiet sparse noise about using plain integer was NULL
  pointer
  - LP: #1193044
* epoll: prevent missed events on EPOLL_CTL_MOD
  - LP: #1193044
* fs/fscache/stats.c: fix memory leak
  - LP: #1193044
* sysfs: sysfs_pathname/sysfs_add_one: Use strlcat() instead of strcat()
  - LP: #1193044
* jbd: Delay discarding buffers in journal_unmap_buffer
  - LP: #1193044
* jbd: Fix assertion failure in commit code due to lacking transaction
  credits
  - LP: #1193044
* jbd: Fix lock ordering bug in journal_unmap_buffer()
  - LP: #1193044
* ext4: Fix fs corruption when make_indexed_dir() fails
  - LP: #1193044
* ext4: don't dereference null pointer when make_indexed_dir() fails
  - LP: #1193044
* ext4: fix memory leak in ext4_xattr_set_acl()'s error path
  - LP: #1193044
* ext4: online defrag is not supported for journaled files
  - LP: #1193044
* ext4: always set i_op in ext4_mknod()
  - LP: #1193044
* ext4: fix fdatasync() for files with only i_size changes
  - LP: #1193044
* ext4: lock i_mutex when truncating orphan inodes
  - LP: #1193044
* ext4: fix race in ext4_mb_add_n_trim()
  - LP: #1193044
* ext4: limit group search loop for non-extent files
  - LP: #1193044
* CVE-2012-4508 kernel: ext4: AIO vs fallocate stale data exposure
  - LP: #1193044
  - CVE-2012-4508 kernel: ext4: AIO vs fallocate stale data exposure
* ext4: make orphan functions be no-op in no-journal mode
  - LP: #1193044
* ext4: avoid hang when mounting non-journal filesystems with orphan list
  - LP: #1193044
* udf: fix memory leak while allocating blocks during write
  - LP: #1193044
* udf: Fix bitmap overflow on large filesystems with small block size
  - LP: #1193044
* fs/cifs/cifs_dfs_ref.c: fix potential memory leakage
  - LP: #1193044
* fat: Fix stat->f_namelen
  - LP: #1193044
* hfsplus: fix potential overflow in hfsplus_file_truncate()
  - LP: #1193044
* btrfs: use rcu_barrier() to wait for bdev puts at unmount
  - LP: #1193044
* kernel panic when mount NFSv4
  - LP: #1193044
* nfsd4: fix oops on unusual readlike compound
  - LP: #1193044
* net/core: Fix potential memory leak in dev_set_alias()
  - LP: #1193044
* net: reduce net_rx_action() latency to 2 HZ
  - LP: #1193044
* softirq: reduce latencies
  - LP: #1193044
* af_packet: remove BUG statement in tpacket_destruct_skb
  - LP: #1193044
* bridge: set priority of STP packets
  - LP: #1193044
* bonding: Fix slave selection bug.
  - LP: #1193044
* ipv4: check rt_genid in dst_check
  - LP: #1193044
* net_sched: gact: Fix potential panic in tcf_gact().
  - LP: #1193044
* net: sched: integer overflow fix
  - LP: #1193044
* net: prevent setting ttl=0 via IP_TTL
  - LP: #1193044
* net: guard tcp_set_keepalive() to tcp sockets
  - LP: #1193044
* inet: add RCU protection to inet->opt
  - LP: #1193044
* tcp: allow splice() to build full TSO packets
  - LP: #1193044
* tcp: fix MSG_SENDPAGE_NOTLAST logic
  - LP: #1193044
* tcp: preserve ACK clocking in TSO
  - LP: #1193044
* unix: fix a race condition in unix_release()
  - LP: #1193044
* sctp: fix memory leak in sctp_datamsg_from_user() when copy from user
  space fails
  - LP: #1193044
* net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree
  - LP: #1193044
* net: sctp: sctp_endpoint_free: zero out secret key data
  - LP: #1193044
* net: sctp: sctp_auth_key_put: use kzfree instead of kfree
  - LP: #1193044
* netfilter: nf_ct_ipv4: packets with wrong ihl are invalid
  - LP: #1193044
* ipvs: allow transmit of GRO aggregated skbs
  - LP: #1193044
* ipvs: IPv6 MTU checking cleanup and bugfix
  - LP: #1193044
* isdnloop: fix and simplify isdnloop_init()
  - LP: #1193044
* mpt2sas: Send default descriptor for RAID pass through in mpt2ctl
  - LP: #1193044
* x86, ptrace: fix build breakage with gcc 4.7
  - LP: #1193044
* Linux 2.6.32.61
  - LP: #1193044

61. By Stefan Bader

[ Stefan Bader ]

* Rebased to Ubuntu-2.6.32-48.110
* Release Tracking Bug
  - LP: #1186479

[ Ubuntu: 2.6.32-48.110 ]

* (config) Import Xen specific config options from ec2
  - LP: #1177431
* SAUCE: xen: Send spinlock IPI to all waiters
  - LP: #1011792, #1177431
* ax25: fix info leak via msg_name in ax25_recvmsg()
  - LP: #1172366
  - CVE-2013-3223
* Bluetooth: fix possible info leak in bt_sock_recvmsg()
  - LP: #1172368
  - CVE-2013-3224
* tipc: fix info leaks via msg_name in recv_msg/recv_stream
  - LP: #1172403
  - CVE-2013-3235
* rose: fix info leak via msg_name in rose_recvmsg()
  - LP: #1172394
  - CVE-2013-3234
* Bluetooth: RFCOMM - Fix missing msg_namelen update in
  rfcomm_sock_recvmsg()
  - LP: #1172369
  - CVE-2013-3225
* atm: update msg_namelen in vcc_recvmsg()
  - LP: #1172365
  - CVE-2013-3222
* KVM: Fix bounds checking in ioapic indirect register reads
  (CVE-2013-1798)
  - LP: #1158262
  - CVE-2013-1798
* llc: Fix missing msg_namelen update in llc_ui_recvmsg()
  - LP: #1172385
  - CVE-2013-3231
* netrom: fix info leak via msg_name in nr_recvmsg()
  - LP: #1172386
  - CVE-2013-3232
* irda: Fix missing msg_namelen update in irda_recvmsg_dgram()
  - LP: #1172380
  - CVE-2013-3228
* iucv: Fix missing msg_namelen update in iucv_sock_recvmsg()
  - LP: #1172381
  - CVE-2013-3229

60. By Stefan Bader

[ Stefan Bader ]

* Rebased to Ubuntu-2.6.32-47.109
* Release Tracking Bug
  - LP: #1177308

[ Ubuntu: 2.6.32-47.109 ]

* [packaging] Bump ABI for every new release
* fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check
  - LP: #1167061
  - CVE-2013-1928
* dcbnl: fix various netlink info leaks
  - LP: #1158965
  - CVE-2013-2634
* USB: cdc-wdm: fix buffer overflow
  - LP: #1156784
  - CVE-2013-1860
* isofs: avoid info leak on export
  - LP: #1156774
  - CVE-2012-6549
* xfrm_user: return error pointer instead of NULL
  - LP: #1155026
  - CVE-2013-1826

59. By Stefan Bader

[ Stefan Bader ]

* Rebased to Ubuntu-2.6.32-46.108
* Release Tracking Bug
  - LP: #1168185

[ Ubuntu: 2.6.32-46.108 ]

* SAUCE: (no-up) apparmor: Fix quieting of audit messages for network
  mediation
  - LP: #1163259
* llc: fix info leak via getsockname()
  - LP: #1156743
  - CVE-2012-6542
* Bluetooth: L2CAP - Fix info leak via getsockname()
  - LP: #1156751
  - CVE-2012-6544
* Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER)
  - LP: #1156751
  - CVE-2012-6544
* Bluetooth: RFCOMM - Fix info leak via getsockname()
  - LP: #1156757
  - CVE-2012-6545
* Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST)
  - LP: #1156757
  - CVE-2012-6545
* atm: fix info leak via getsockname()
  - LP: #1156759
  - CVE-2012-6546
* atm: fix info leak in getsockopt(SO_ATMPVC)
  - LP: #1156759
  - CVE-2012-6546
* udf: avoid info leak on export
  - LP: #1156768
  - CVE-2012-6548
* KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME
  (CVE-2013-1796)
  - LP: #1158254
  - CVE-2013-1796
* Bluetooth: Fix incorrect strncpy() in hidp_setup_hid()
  - LP: #1134503
  - CVE-2013-0349
* USB: io_ti: Fix NULL dereference in chase_port()
  - LP: #1143817
  - CVE-2013-1774
* x86/xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS.
  - LP: #1143796
  - CVE-2013-0228

58. By Stefan Bader

[ Stefan Bader ]

* Rebased to Ubuntu-2.6.32-46.107
* Release Tracking Bug
  - LP: #1159191

[ Ubuntu: 2.6.32-46.107 ]

* SAUCE: signal: Fix use of missing sa_restorer field
  - LP: #1153813
  - CVE-2013-0914
* ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT)
  - LP: #1156732
  - CVE-2012-6540
* kernel/signal.c: use __ARCH_HAS_SA_RESTORER instead of SA_RESTORER
  - LP: #1153813
  - CVE-2013-0914

[ Ubuntu: 2.6.32-46.106 ]

* tmpfs: fix use-after-free of mempolicy object
  - LP: #1143815
  - CVE-2013-1767
* keys: fix race with concurrent install_user_keyrings()
  - LP: #1152788
  - CVE-2013-1792
* signal: always clear sa_restorer on execve
  - LP: #1153813
  - CVE-2013-0914
* Fix ptrace when task is in task_is_stopped(), state
  - LP: #1145234
* xfrm_user: fix info leak in copy_to_user_tmpl()
  - LP: #1156716
  - CVE-2012-6537
* xfrm_user: fix info leak in copy_to_user_policy()
  - LP: #1156716
  - CVE-2012-6537
* xfrm_user: fix info leak in copy_to_user_state()
  - LP: #1156716
  - CVE-2012-6537
* net: fix info leak in compat dev_ifconf()
  - LP: #1156728
  - CVE-2012-6539

57. By Stefan Bader

[ Stefan Bader ]

* Rebased to Ubuntu-2.6.32-46.105
* XEN: fix pmd_present for split_huge_page and PROT_NONE with THP
  - LP: #1130943
  - CVE-2013-0309
* (buildenv) arch/x86/kernel/msr.c is not deviated
* Release Tracking Bug
  - LP: #1137197

[ Ubuntu: 2.6.32-46.105 ]

* x86/msr: Add capabilities check
  - LP: #1123049
  - CVE-2013-0268
* mm: thp: fix pmd_present for split_huge_page and PROT_NONE with THP
  - LP: #1130943
  - CVE-2013-0309
* NLS: improve UTF8 -> UTF16 string conversion routine
  - LP: #1134523
  - CVE-2013-1773

56. By Stefan Bader

[ Stefan Bader ]

* Rebased to Ubuntu-2.6.32-45.104
* Release Tracking Bug
  - LP: #1119764

[ Ubuntu: 2.6.32-45.104 ]

* ptrace: ptrace_resume() shouldn't wake up !TASK_TRACED thread
  - LP: #1129192
  - CVE-2013-0871
* ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up()
  - LP: #1129192
  - CVE-2013-0871
* ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL
  - LP: #1129192
  - CVE-2013-0871
* wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED
  task
  - LP: #1129192
  - CVE-2013-0871

55. By Stefan Bader

[ Stefan Bader ]

* Rebased to Ubuntu-2.6.32-45.103
* Release Tracking Bug
  - LP: #1119764

[ Ubuntu: 2.6.32-45.103 ]

* [debian] Remove dangling symlink from headers package
  - LP: #1112442
* xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS
  guests.
  - LP: #1102374
  - CVE-2013-0190

54. By Stefan Bader

[ Stefan Bader ]

* Rebased to Ubuntu-2.6.32-45.102
* Release Tracking Bug
  - LP: #1095803

[ Ubuntu: 2.6.32-45.102 ]

* SAUCE: exec: do not leave bprm->interp on stack
  - LP: #1068888
  - CVE-2012-4530
* exec: use -ELOOP for max recursion depth
  - LP: #1068888
  - CVE-2012-4530

53. By Stefan Bader

[ Stefan Bader ]

* Rebased to Ubuntu-2.6.32-45.101
* Release Tracking Bug
  - LP: #1086183

[ Ubuntu: 2.6.32-45.101 ]

* ipv6: discard overlapping fragment
  - LP: #1079859
  - CVE-2012-4444

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/maverick/linux-ec2
This branch contains Public information 
Everyone can see this information.

Subscribers