lp:ubuntu/maverick-security/linux-ti-omap4

Created by James Westby on 2011-04-19 and last modified on 2012-02-28
Get this branch:
bzr branch lp:ubuntu/maverick-security/linux-ti-omap4
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

31. By Herton R. Krzesinski on 2012-02-28

[Herton R. Krzesinski]

* Release Tracking Bug
  - LP: #942766

[ Paolo Pisati ]

* [Config] Move to a 3G/1G memory split
  - LP: #861296

30. By Paolo Pisati on 2012-02-20

* Release Tracking Bug
  - LP: #932237

[ Upstream Kernel Changes ]

* net: ip_expire() must revalidate route
  - LP: #922051
  - CVE-2011-1927
* inotify: stop kernel memory leak on file creation failure
  - LP: #917797
  - CVE-2010-4250
* inotify: fix double free/corruption of stuct user
  - LP: #869203
  - CVE-2011-1479
* fuse: verify ioctl retries
  - LP: #917804
  - CVE-2010-4650
* ima: fix add LSM rule bug
  - LP: #917808
  - CVE-2011-0006
* bridge: Fix mglist corruption that leads to memory corruption
  - LP: #917813
  - CVE-2011-0716
* sound/oss: remove offset from load_patch callbacks
  - LP: #925337
  - CVE-2011-1476
* ARM: 6891/1: prevent heap corruption in OABI semtimedop
  - LP: #925373
  - CVE-2011-1759
* sound/oss/opl3: validate voice and channel indexes
  - LP: #925335
  - CVE-2011-1477
* Fix for buffer overflow in ldm_frag_add not sufficient
  - LP: #922371
  - CVE-2011-2182
* AppArmor: fix oops in apparmor_setprocattr
  - LP: #789409
  - CVE-2011-3619

29. By Paolo Pisati on 2012-01-26

* Release Tracking Bug
  - LP: #921471

[ Upstream Kernel Changes ]

* Sched: fix skip_clock_update optimization
  - LP: #911401
  - CVE-2011-4621
* xfs: validate acl count
  - LP: #917706
  - CVE-2012-0038
* xfs: fix acl count validation in xfs_acl_from_disk()
  - LP: #917706
  - CVE-2012-0038
* drm: integer overflow in drm_mode_dirtyfb_ioctl()
  - LP: #917838
  - CVE-2012-0044

28. By Paolo Pisati on 2012-01-04

* Release Tracking Bug
  - LP: #911245

[ Upstream Kernel Changes ]

* Revert "core: Fix memory leak/corruption on VLAN GRO_DROP,
  CVE-2011-1576"
* use cache type functions for arch_get_unmapped_area
* topdown mmap support
* TPM: Zero buffer after copying to userspace, CVE-2011-1162
  - LP: #899463
  - CVE-2011-1162
* hfs: fix hfs_find_init() sb->ext_tree NULL ptr oops, CVE-2011-2203
  - LP: #899466
  - CVE-2011-2203
* KEYS: Fix a NULL pointer deref in the user-defined key type,
  CVE-2011-4110
  - LP: #894369
  - CVE-2011-4110
* gro: reset vlan_tci on reuse
  - LP: #844361
  - CVE-2011-1576
* b43: allocate receive buffers big enough for max frame len + offset
  - LP: #905060
  - CVE-2011-3359
* fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message, CVE-2011-3353
  - LP: #905058
  - CVE-2011-3353

27. By Paolo Pisati on 2011-12-02

* Release Tracking Bug
  - LP: #897740

[ Upstream Kernel Changes ]

* crypto: ghash - Avoid null pointer dereference if no key is set
  - LP: #887299
  - CVE-2011-4081
* xfs: Fix possible memory corruption in xfs_readlink, CVE-2011-4077
  - LP: #887298
  - CVE-2011-4077
* jbd/jbd2: validate sb->s_first in journal_get_superblock()
  - LP: #893148
  - CVE-2011-4132
* hfs: add sanity check for file name length, CVE-2011-4330
  - LP: #894374
  - CVE-2011-4330
* ipv6: udp: fix the wrong headroom check
  - LP: #894373
  - CVE-2011-4326
* mm: make the vma list be doubly linked
  - LP: #893190
* mm: make the mlock() stack guard page checks stricter
  - LP: #893190
* mm: make stack guard page logic use vm_prev pointer
  - LP: #893190
* mm: Move vma_stack_continue into mm.h
  - LP: #672664, #893190
* Yama: fix default relationship to check thread group
  - LP: #737676, #893190
* Yama: use thread group leader when creating match
  - LP: #729839, #893190

26. By Paolo Pisati on 2011-11-11

* Release Tracking Bug
  - LP: #888569

[ Upstream Kernel Changes ]

* mm: avoid wrapping vm_pgoff in mremap(), CVE-2011-2496
  - LP: #869243
  - CVE-2011-2496
* cifs: clean up cifs_find_smb_ses (try #2), CVE-2011-1585
  - LP: #869208
  - CVE-2011-1585
* cifs: fix NULL pointer dereference in cifs_find_smb_ses, CVE-2011-1585
  - LP: #869208
  - CVE-2011-1585
* cifs: check for NULL session password, CVE-2011-1585
  - LP: #869208
  - CVE-2011-1585

25. By Paolo Pisati on 2011-10-18

* Release tracking bug
  - LP: #872658

[ Upstream Kernel Changes ]

* ext4: Fix max file size and logical block counting of extent format
  file, CVE-2011-2695
  - LP: #819574
  - CVE-2011-2695
* memory corruption in X.25 facilities parsing, CVE-2010-3873
  - LP: #709372
  - CVE-2010-3873
* cifs: always do is_path_accessible check in cifs_mount, CVE-2011-3363
  - LP: #866034
  - CVE-2011-3363
* cifs: add fallback in is_path_accessible for old servers, CVE-2011-3363
  - LP: #866034
  - CVE-2011-3363
* Make TASKSTATS require root access, CVE-2011-2494
  - LP: #866021
  - CVE-2011-2494
* proc: restrict access to /proc/PID/io, CVE-2011-2495
  - LP: #866025
  - CVE-2011-2495
* proc: fix a race in do_io_accounting(), CVE-2011-2495
  - LP: #866025
  - CVE-2011-2495
* staging: comedi: fix infoleak to userspace, CVE-2011-2909
  - LP: #869261
  - CVE-2011-2909
* perf tools: do not look at ./config for configuration, CVE-2011-2905
  - LP: #869259
  - CVE-2011-2905
* nl80211: fix overflow in ssid_len - CVE-2011-2517
  - LP: #869245
  - CVE-2011-2517
* vm: fix vm_pgoff wrap in stack expansion - CVE-2011-2496
  - LP: #869243
  - CVE-2011-2496
* vm: fix vm_pgoff wrap in upward expansion - CVE-2011-2496
  - LP: #869243
  - CVE-2011-2496
* ksm: fix NULL pointer dereference in scan_get_next_rmap_item() -
  CVE-2011-2183
  - LP: #869227
  - CVE-2011-2183
* NLM: Don't hang forever on NLM unlock requests - CVE-2011-2491
  - LP: #869237
  - CVE-2011-2491

24. By Paolo Pisati on 2011-09-20

[ Ming Lei ]

* SAUCE: usb: ehci: make HC see up-to-date qh/qtd descriptor ASAP
  - LP: #709245

[ Upstream Kernel Changes ]

* cifs: fix possible memory corruption in CIFSFindNext, CVE-2011-3191
  - LP: #834135
  - CVE-2011-3191
* befs: Validate length of long symbolic links, CVE-2011-2928
  - LP: #834124
  - CVE-2011-2928
* gro: Only reset frag0 when skb can be pulled, CVE-2011-2723
  - LP: #844371
  - CVE-2011-2723
* Validate size of EFI GUID partition entries, CVE-2011-1776
  - LP: #844365
  - CVE-2011-1776
* inet_diag: fix inet_diag_bc_audit(), CVE-2011-2213
  - LP: #838421
  - CVE-2011-2213
* si4713-i2c: avoid potential buffer overflow on si4713, CVE-2011-2700
  - LP: #844370
  - CVE-2011-2700
* Bluetooth: Prevent buffer overflow in l2cap config request,
  CVE-2011-2497
  - LP: #838423
  - CVE-2011-2497
* core: Fix memory leak/corruption on VLAN GRO_DROP, CVE-2011-1576
  - LP: #844361
  - CVE-2011-1576
* crypto: Move md5_transform to lib/md5.c, CVE-2011-3188
  - LP: #834129
  - CVE-2011-3188
* net: Compute protocol sequence numbers and fragment IDs using MD5,
  CVE-2011-3188
  - LP: #834129
  - CVE-2011-3188

23. By Paolo Pisati on 2011-08-31

* Release tracking bug
  - LP: #838037

[ Upstream Kernel Changes ]

* ipv6: make fragment identifications less predictable, CVE-2011-2699
  - LP: #827685
  - CVE-2011-2699
* perf: Fix software event overflow, CVE-2011-2918
  - LP: #834121
  - CVE-2011-2918
* proc: fix oops on invalid /proc/<pid>/maps access, CVE-2011-1020
  - LP: #813026
  - CVE-2011-1020

22. By Paolo Pisati on 2011-05-30

* Release tracking bug
  - LP: #829655

[ Upstream Kernel Changes ]

* drm/radeon/kms: check AA resolve registers on r300, CVE-2011-1016
  - LP: #745686
  - CVE-2011-1016
* drm/radeon: fix regression with AA resolve checking, CVE-2011-1016
  - LP: #745686
  - CVE-2011-1016
* can-bcm: fix minor heap overflow
  - LP: #690730
* CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565
  - LP: #765007
  - CVE-2010-4565
* av7110: check for negative array offset
  - LP: #747520
* xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1,
  CVE-2011-0711
  - LP: #767740
  - CVE-2011-0711
* ALSA: caiaq - Fix possible string-buffer overflow
  - LP: #747520
* IB/cm: Bump reference count on cm_id before invoking callback,
  CVE-2011-0695
  - LP: #770369
  - CVE-2011-0695
* RDMA/cma: Fix crash in request handlers, CVE-2011-0695
  - LP: #770369
  - CVE-2011-0695
* Treat writes as new when holes span across page boundaries,
  CVE-2011-0463
  - LP: #770483
  - CVE-2011-0463
* net: clear heap allocations for privileged ethtool actions
  - LP: #686158
* usb: iowarrior: don't trust report_size for buffer size
  - LP: #747520
* fs/partitions/ldm.c: fix oops caused by corrupted partition table,
  CVE-2011-1017
  - LP: #771382
  - CVE-2011-1017
* Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal
  code
  - LP: #747520
* Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
  - LP: #747520
* exec: make argv/envp memory visible to oom-killer
  - LP: #690730
* next_pidmap: fix overflow condition
  - LP: #772560
* proc: do proper range check on readdir offset
  - LP: #772560
* ALSA: sound/pci/asihpi: check adapter index in hpi_ioctl, CVE-2011-1169
  - LP: #785331
  - CVE-2011-1169
* mpt2sas: prevent heap overflows and unchecked reads, CVE-2011-1494
  - LP: #787145
  - CVE-2011-1494
* agp: fix arbitrary kernel memory writes, CVE-1011-2022
  - LP: #788684
  - CVE-1011-2022
* can: add missing socket check in can/raw release, CVE-2011-1748
  - LP: #788694
  - CVE-2011-1748
* agp: fix OOM and buffer overflow
  - LP: #788700
* drivers/net/cxgb3/cxgb3_main.c: prevent reading uninitialized stack
  memory - CVE-2010-3296
  - CVE-2010-3296
* drivers/net/eql.c: prevent reading uninitialized stack memory -
  CVE-2010-3297
  - CVE-2010-3297
* inet_diag: Make sure we actually run the same bytecode we audited,
  CVE-2010-3880
  - LP: #711865
  - CVE-2010-3880
* setup_arg_pages: diagnose excessive argument size - CVE-2010-3858
  - LP: #672664
  - CVE-2010-3858
* net: Truncate recvfrom and sendto length to INT_MAX - CVE-2010-3859
  - LP: #690730
  - CVE-2010-3859
* net: Limit socket I/O iovec total length to INT_MAX - CVE-2010-3859
  - LP: #690730
  - CVE-2010-3859
* ipc: initialize structure memory to zero for compat functions -
  CVE-2010-4073
  - LP: #690730
  - CVE-2010-4073
* ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory -
  CVE-2010-4080, CVE-2010-4081
  - LP: #672664
  - CVE-2010-4080, CVE-2010-4081
* drivers/video/via/ioctl.c: prevent reading uninitialized stack memory -
  CVE-2010-4082
  - CVE-2010-4082
* sys_semctl: fix kernel stack leakage, CVE-2010-4083
  - LP: #712749
  - CVE-2010-4083
* gdth: integer overflow in ioctl - CVE-2010-4157
  - LP: #686158
  - CVE-2010-4157
* bio: take care not overflow page count when mapping/copying user data -
  CVE-2010-4162
  - LP: #721441
  - CVE-2010-4162
* bluetooth: Fix missing NULL check - CVE-2010-4242
  - LP: #686158
* rds: Integer overflow in RDS cmsg handling, CVE-2010-4175
  - LP: #721455
  - CVE-2010-4175
* perf_events: Fix perf_counter_mmap() hook in mprotect() - CVE-2010-4169
  - LP: #690730
  - CVE-2010-4169
* block: check for proper length of iov entries in blk_rq_map_user_iov()
  - CVE-2010-4163
  - LP: #690730
  - CVE-2010-4163
* block: check for proper length of iov entries earlier in
  blk_rq_map_user_iov(), CVE-2010-4163
  - LP: #721504
  - CVE-2010-4163
* fs/partitions/efi.c: corrupted GUID partition tables can cause kernel
  oops
  - LP: #795418
  - CVE-2011-1577
* Fix corrupted OSF partition table parsing
  - LP: #796606
  - CVE-2011-1163
* can: Add missing socket check in can/bcm release.
  - LP: #796502
  - CVE-2011-1598
* proc: protect mm start_code/end_code in /proc/pid/stat
  - LP: #799906
  - CVE-2011-0726
* tty: icount changeover for other main devices, CVE-2010-4076,
  CVE-2010-4077
  - LP: #720189
  - CVE-2010-4077
* tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
  - LP: #794034
  - CVE-2010-4077
* posix-cpu-timers: workaround to suppress the problems with mt exec,
  CVE-2010-4248
  - LP: #712609
  - CVE-2010-4248
* Rename 'pipe_info()' to 'get_pipe_info()' CVE-2010-4256
  - LP: #799805
  - CVE-2010-4256
* Export 'get_pipe_info()' to other users CVE-2010-4256
  - LP: #799805
  - CVE-2010-4256
* IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649
  - LP: #800121
  - CVE-2010-4649
* nfs4: Ensure that ACL pages sent over NFS were not allocated from the
  slab (v3) CVE-2011-1090
  - LP: #800775
  - CVE-2011-1090
* epoll: prevent creating circular epoll structures CVE-2011-1082
  - LP: #800758
  - CVE-2011-1082
* xfs: zero proper structure size for geometry calls CVE-2011-0711
  - LP: #767740
  - CVE-2011-0711
* ldm: corrupted partition table can cause kernel oops CVE-2011-1012
  - LP: #801083
  - CVE-2011-1012
* netfilter: ipt_CLUSTERIP: fix buffer overflow CVE-2011-2534
  - LP: #801473
  - CVE-2011-2534
* netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170
  - LP: #801480
  - CVE-2011-1170
* netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171
  - LP: #801482
  - CVE-2011-1171
* ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172
  - LP: #801483
  - CVE-2011-1172
* econet: 4 byte infoleak to the network CVE-2011-1173
  - LP: #801484
  - CVE-2011-1173
* fs/partitions: Validate map_count in Mac partition tables CVE-2011-1010
  - LP: #804225
  - CVE-2011-1010
* drm: fix unsigned vs signed comparison issue in modeset ctl ioctl
  CVE-2011-1013
  - LP: #804229
* net: don't allow CAP_NET_ADMIN to load non-netdev kernel modules
  CVE-2011-1019
  - LP: #804366
  - CVE-2011-1019
* exec: copy-and-paste the fixes into compat_do_execve() paths
  CVE-2010-4243
  - LP: #804234
  - CVE-2010-4243
* taskstats: don't allow duplicate entries in listener mode,
  CVE-2011-2484
  - LP: #806390
  - CVE-2011-2484
* dccp: handle invalid feature options length, CVE-2011-1770
  - LP: #806375
  - CVE-2011-1770
* pagemap: close races with suid execve, CVE-2011-1020
  - LP: #813026
  - CVE-2011-1020
* report errors in /proc/*/*map* sanely, CVE-2011-1020
  - LP: #813026
  - CVE-2011-1020
* close race in /proc/*/environ, CVE-2011-1020
  - LP: #813026
  - CVE-2011-1020
* auxv: require the target to be tracable (or yourself), CVE-2011-1020
  - LP: #813026
  - CVE-2011-1020
* deal with races in /proc/*/{syscall, stack, personality}, CVE-2011-1020
  - LP: #813026
  - CVE-2011-1020
* dccp: fix oops on Reset after close, CVE-2011-1093
  - LP: #814087
  - CVE-2011-1093
* Bluetooth: sco: fix information leak to userspace, CVE-2011-1078
  - LP: #816542
  - CVE-2011-1078
* Bluetooth: bnep: fix buffer overflow, CVE-2011-1079
  - LP: #816544
  - CVE-2011-1079
* bridge: netfilter: fix information leak, CVE-2011-1080
  - LP: #816545
  - CVE-2011-1080
* gro: Reset dev pointer on reuse, CVE-2011-1478
  - LP: #816549
  - CVE-2011-1478
* gro: reset skb_iif on reuseu, CVE-2011-1478
  - LP: #816549
  - CVE-2011-1478
* char/tpm: Fix unitialized usage of data buffer, CVE-2011-1160
  - LP: #816546
  - CVE-2011-1160
* irda: validate peer name and attribute lengths, CVE-2011-1180
  - LP: #816547
  - CVE-2011-1180
* ROSE: prevent heap corruption with bad facilities, CVE-2011-1493
  - LP: #816550
  - CVE-2011-1493
* rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
  - LP: #816550
  - CVE-2011-1493
* Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
  - LP: #819569
  - CVE-2011-2492
* Add mount option to check uid of device being mounted = expect uid,
  CVE-2011-1833
  - LP: #732628
  - CVE-2011-1833

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/natty/linux-ti-omap4
This branch contains Public information 
Everyone can see this information.

Subscribers