Bug#650160: Changes from longterm release 2.6.32.49

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#650160: Changes from longterm release 2.6.32.49
From: Ben Hutchings <ben@decadent.org.uk>
Date: Sun, 27 Nov 2011 05:11:51 +0000
Message-id: <[🔎] 20111127051151.31657.5053.reportbug@deadeye>
Reply-to: Ben Hutchings <ben@decadent.org.uk>, 650160@bugs.debian.org

Package: src:linux-2.6
Version: 2.6.32-39
Severity: important

[Actually based on 2.6.32.49-rc1.]

[SCSI] st: fix race in st_scsi_execute_end

Fixes use of freed memory in the st (SCSI tape) driver which could
result in a crash or other unpleasant results.

[SCSI] Make scsi_free_queue() kill pending SCSI commands

Fixes potential I/O hang after SCSI device removal.

NFS/sunrpc: don't use a credential with extra groups.

Fixes a bug in matching of cached credentials for SunRPC requests,
including file access as an NFS client.  If process A has the same uid
and primary gid as B and a superset of its secondary gids, and B
accesses an NFS server after A, then A's credentials including the
extra gids may be used for B's file access.

This seems to be primarily interesting if A has different real and
effective uid, as otherwise B could always hijack A's credentials
using ptrace.

netlink: validate NLA_MSECS length

I think this fixes an information leak or (unlikely) local DoS
exploitable with CAP_NET_ADMIN.

mtd: mtdchar: add missing initializer on raw write

Fixes raw NAND write functionality.

PM / Suspend: Off by one in pm_suspend()

Fixes validation of requested suspend state.  So far as I can see,
user-space cannot provide an arbitrary state value (except possibly
through OOT modules) and this has no security impact.

hfs: add sanity check for file name length

Fixes potential buffer overflow when accessing an HFS filesystem
(CVE-2011-4330).

kbuild: Disable -Wunused-but-set-variable for gcc 4.6.0
kbuild: Fix passing -Wno-* options to gcc 4.4+

Suppresses widespread compiler warnings when building with gcc 4.6.
Should have no effect otherwise.

ASoC: wm8940: Properly set codec->dapm.bias_level

No effect on Debian kernel configurations.

md/raid5: abort any pending parity operations when array fails.

Fixes potential crash if an md-raid RAID5/6 array loses enough
disks that it is no longer usable (>1 or >2 respectively).

[media] Remove the old V4L1 v4lgrab.c file

Removes outdated example code.

Revert "ALSA: hda: Fix quirk for Dell Inspiron 910"

Reverts change in 2.6.32.42 (our 2.6.32-36) that resulted in a
regression (no audio output) for this specific model.

drm/i915: Sanity check pread/pwrite
drm/i915: Rephrase pwrite bounds checking to avoid any potential overflow

Fixes CVE-2010-2962.  We don't normally take drm fixes from this
series and we already applied these in 2.6.32-25.

genirq: Add IRQF_RESUME_EARLY and resume such IRQs earlier

Fixes #644604, a regression which caused Xen domU to hang after
suspend/resume (including migration).  We already fixed this by
reverting the change that introduced the regression, but this should be
better.

mm: avoid null pointer access in vm_struct via /proc/vmallocinfo

Fixes potential DoS by local user.

ipv6: udp: fix the wrong headroom check

Fixes remote DoS (most likely from a VM guest) by sending UDP/IPv6 to
a bridge that has UFO enabled while the output port does not
(CVE-2011-4326).  I'm not convinced that this configuration is
possible in 2.6.32, but I could be wrong.

USB: serial: pl2303: rm duplicate id

Stops this driver binding to a 'WinChipHead' branded device that
should be handled by the ch341 driver.

USB: Fix Corruption issue in USB ftdi driver ftdi_sio.c

Fixes corruption of data transmitted through this serial driver during
reconfiguration.  (Changing e.g. the bit rate can be expected to to
this, but this bug affected any reconfiguration.)

usb-storage: Accept 8020i-protocol commands longer than 12 bytes

Enables support for some USB drives >2 TB.

USB: add quirk for Logitech C600 web cam
USB: quirks: adding more quirky webcams to avoid squeaky audio

Workaround for more buggy webcams that tend to fail after
suspend/resume.

tty: Make tiocgicount a handler
tty: icount changeover for other main devices

This is the general fix for CVE-2010-4075, CVE-2010-4076 and
CVE-2010-4077 which we already applied in 2.6.32-31.

Ben.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Reply to:

Follow-Ups:
- Bug#650160: Changes from longterm release 2.6.32.49
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Processed: marking a few bugs "moreinfo"
Next by Date: Bug#588907: Thinkpad T410s does not suspend or hibernate
Previous by thread: Processed: marking a few bugs "moreinfo"
Next by thread: Bug#650160: Changes from longterm release 2.6.32.49
Index(es):
- Date
- Thread