[ubuntu/lucid-security] linux-ec2 (delayed), linux-ec2 2.6.32-309.18 (Accepted)

Ubuntu Installer archive at ubuntu.com
Tue Oct 19 19:05:07 BST 2010 

linux-ec2 (2.6.32-309.18) lucid-security; urgency=low

  [ Stefan Bader ]

  * Rebased to 2.6.32-25.45

  [ Ubuntu: 2.6.32-25.45 ]

  * v4l: disable dangerous buggy compat function
    - CVE-2010-2963
  * Local privilege escalation vulnerability in RDS sockets
    - CVE-2010-3904
  * mm: (pre-stable) Move vma_stack_continue into mm.h
    - LP: #646114
  * net sched: fix some kernel memory leaks
    - CVE-2010-2942
  * irda: Correctly clean up self->ias_obj on irda_bind() failure.
    - CVE-2010-2954
  * wireless extensions: fix kernel heap content leak
    - CVE-2010-2955
  * KEYS: Fix RCU no-lock warning in keyctl_session_to_parent()
    - CVE-2010-2960
  * KEYS: Fix bug in keyctl_session_to_parent() if parent has no session
    keyring
    - CVE-2010-2960
  * aio: check for multiplication overflow in do_io_submit
    - CVE-2010-3067
  * xfs: prevent reading uninitialized stack memory
    - CVE-2010-3078
  * ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
    - CVE-2010-3080
  * niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL
    - CVE-2010-3084
  * rose: Fix signedness issues wrt. digi count.
    - CVE-2010-3310
  * sctp: Do not reset the packet during sctp_packet_config().
    - CVE-2010-3432
  * Fix pktcdvd ioctl dev_minor range check
    - CVE-2010-3437
  * ALSA: prevent heap corruption in snd_ctl_new()
    - CVE-2010-3442
  * net sched: fix kernel leak in act_police
    - CVE-2010-3477
  * Fix out-of-bounds reading in sctp_asoc_get_hmac()
    - CVE-2010-3705
  * ocfs2: Don't walk off the end of fast symlinks.
    - CVE-2010-NNN2

Date: Mon, 18 Oct 2010 10:01:36 +0200
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Maintainer: Ubuntu Kernel Team <kernel-team at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/linux-ec2/2.6.32-309.18
-------------- next part --------------
Format: 1.8
Date: Mon, 18 Oct 2010 10:01:36 +0200
Source: linux-ec2
Binary: linux-ec2-source-2.6.32 linux-ec2-doc linux-headers-2.6.32-309 linux-image-2.6.32-309-ec2 linux-headers-2.6.32-309-ec2 linux-image-2.6.32-309-ec2-dbgsym
Architecture: source
Version: 2.6.32-309.18
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Kernel Team <kernel-team at lists.ubuntu.com>
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Description: 
 linux-ec2-doc - Linux kernel specific documentation for version 2.6.32
 linux-ec2-source-2.6.32 - Linux kernel source for version 2.6.32 with Ubuntu patches
 linux-headers-2.6.32-309 - Header files related to Linux kernel version 2.6.32
 linux-headers-2.6.32-309-ec2 - Linux kernel headers for version 2.6.32 on x86/x86_64
 linux-image-2.6.32-309-ec2 - Linux kernel image for version 2.6.32 on x86/x86_64
 linux-image-2.6.32-309-ec2-dbgsym - Linux kernel debug image for version 2.6.32 on x86/x86_64
Launchpad-Bugs-Fixed: 646114
Changes: 
 linux-ec2 (2.6.32-309.18) lucid-security; urgency=low
 .
   [ Stefan Bader ]
 .
   * Rebased to 2.6.32-25.45
 .
   [ Ubuntu: 2.6.32-25.45 ]
 .
   * v4l: disable dangerous buggy compat function
     - CVE-2010-2963
   * Local privilege escalation vulnerability in RDS sockets
     - CVE-2010-3904
   * mm: (pre-stable) Move vma_stack_continue into mm.h
     - LP: #646114
   * net sched: fix some kernel memory leaks
     - CVE-2010-2942
   * irda: Correctly clean up self->ias_obj on irda_bind() failure.
     - CVE-2010-2954
   * wireless extensions: fix kernel heap content leak
     - CVE-2010-2955
   * KEYS: Fix RCU no-lock warning in keyctl_session_to_parent()
     - CVE-2010-2960
   * KEYS: Fix bug in keyctl_session_to_parent() if parent has no session
     keyring
     - CVE-2010-2960
   * aio: check for multiplication overflow in do_io_submit
     - CVE-2010-3067
   * xfs: prevent reading uninitialized stack memory
     - CVE-2010-3078
   * ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
     - CVE-2010-3080
   * niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL
     - CVE-2010-3084
   * rose: Fix signedness issues wrt. digi count.
     - CVE-2010-3310
   * sctp: Do not reset the packet during sctp_packet_config().
     - CVE-2010-3432
   * Fix pktcdvd ioctl dev_minor range check
     - CVE-2010-3437
   * ALSA: prevent heap corruption in snd_ctl_new()
     - CVE-2010-3442
   * net sched: fix kernel leak in act_police
     - CVE-2010-3477
   * Fix out-of-bounds reading in sctp_asoc_get_hmac()
     - CVE-2010-3705
   * ocfs2: Don't walk off the end of fast symlinks.
     - CVE-2010-NNN2
Checksums-Sha1: 
 63d12ad3242e3bd1fcc3b1099cd053fbc591e685 2142 linux-ec2_2.6.32-309.18.dsc
 5e2e91dc4adf77f7d9e9479fc86ca44b683d93f7 8828531 linux-ec2_2.6.32-309.18.diff.gz
Checksums-Sha256: 
 5497497dd4d15672952d5cf18f8cbf54707c235164ef096787e434700dd2b9dc 2142 linux-ec2_2.6.32-309.18.dsc
 dc86218a3b24785c8aea5a562bba335ee3c30029a59d28fb1d719217de3c1b08 8828531 linux-ec2_2.6.32-309.18.diff.gz
Files: 
 85e222bd969b83dca87d463655a47238 2142 devel optional linux-ec2_2.6.32-309.18.dsc
 a041a40d573d6154e71cb19c9b4e702f 8828531 devel optional linux-ec2_2.6.32-309.18.diff.gz

More information about the Lucid-changes mailing list