Package: src:linux-2.6 Version: 2.6.32-40 Severity: important MAINTAINERS: stable: Update addressDocumentation: Update stable address USB: update documentation for usbmon Documentation fixes, obviously harmless. firmware: Fix an oops on reading fw_priv->fw in sysfs loading file Fixes race condition in the firmware loading interface that can lead to a crash (oops). I don't believe this is a security issue as the file is only accessible to root. offb: Fix setting of the pseudo-palette for >8bpp offb: Fix bug in calculating requested vram size Fixes for frame-buffer console on some systems using OpenFirmware; apparently affects some PowerMac and qemu configurations. The latter bug can result in complete lack of display. asix: new device id New hardware support. reiserfs: Fix quota mount option parsing Fixes application of quota options set in a reiserfs superblock. This may be considered a security fix as the bug would allow evasion of quotas. reiserfs: Force inode evictions before umount to avoid crash Fixes a potential crash (BUG) when unmounting a reiserfs. drivers/usb/class/cdc-acm.c: clear dangling pointer Fixes potential double-free leading to a crash or memory corruption when using a USB device of this type. This might be exploitable for code injection using a rogue USB device. USB: isight: fix kernel bug when loading firmware Fixes incorrect buffer allocation in this camera driver, which caused it not to work at all on some architectures. usb: usb-storage doesn't support dynamic id currently, the patch disables the feature to fix an oops Disables the feature to add a device ID to the generic USB storage driver. This driver cannot support the feature, and it currently causes a crash (oops). USB: add quirk for another camera Fixes suspend/resume for another variant of the Guillemot Webcam Hercules Dualpix Exchange. USB: omninet: fix write_room Fixes transmission through this serial driver, which has apparently been broken since Linux 2.6.13! USB: Add USB-ID for Multiplex RC serial adapter to cp210x.c New hardware support. asix: fix infinite loop in rx_fixup() Fixes infinite loop in soft-interrupt context in this network driver. The bug can apparently be triggered quickly by normal traffic, but probably also represents an easily exploitable denial-of-service vulnerability. PM / Sleep: Fix race between CPU hotplug and freezer Tixes a race condition which can result in per-CPU state (particularly kernel threads, I suspect) not being properly restored across a suspend/resume cycle. I suspect this is probably very hard to hit in practice. SCSI: scsi_dh: check queuedata pointer before proceeding further Apparently fixes a bug that causes a crash (oops) in the SCSI device handler system. But I don't see any explanation of how this would be triggered. xfs: validate acl count xfs: fix acl count validation in xfs_acl_from_disk() Fixes heap buffer overflow in case of a corrupt XFS filesystem. (CVE-2012-0044) Ben. -- Ben Hutchings When in doubt, use brute force. - Ken Thompson
Attachment:
signature.asc
Description: This is a digitally signed message part