[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#650160: marked as done (Changes from longterm release

Your message dated Tue, 17 Jan 2012 18:17:09 +0000
with message-id <E1RnDan-0004Fo-AF@franck.debian.org>
and subject line Bug#650160: fixed in user-mode-linux 2.6.32-1um-4+41
has caused the Debian Bug report #650160,
regarding Changes from longterm release
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

650160: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650160
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: src:linux-2.6
Version: 2.6.32-39
Severity: important

[Actually based on]

[SCSI] st: fix race in st_scsi_execute_end

Fixes use of freed memory in the st (SCSI tape) driver which could
result in a crash or other unpleasant results.

[SCSI] Make scsi_free_queue() kill pending SCSI commands

Fixes potential I/O hang after SCSI device removal.

NFS/sunrpc: don't use a credential with extra groups.

Fixes a bug in matching of cached credentials for SunRPC requests,
including file access as an NFS client.  If process A has the same uid
and primary gid as B and a superset of its secondary gids, and B
accesses an NFS server after A, then A's credentials including the
extra gids may be used for B's file access.

This seems to be primarily interesting if A has different real and
effective uid, as otherwise B could always hijack A's credentials
using ptrace.

netlink: validate NLA_MSECS length

I think this fixes an information leak or (unlikely) local DoS
exploitable with CAP_NET_ADMIN.

mtd: mtdchar: add missing initializer on raw write

Fixes raw NAND write functionality.

PM / Suspend: Off by one in pm_suspend()

Fixes validation of requested suspend state.  So far as I can see,
user-space cannot provide an arbitrary state value (except possibly
through OOT modules) and this has no security impact.

hfs: add sanity check for file name length

Fixes potential buffer overflow when accessing an HFS filesystem

kbuild: Disable -Wunused-but-set-variable for gcc 4.6.0
kbuild: Fix passing -Wno-* options to gcc 4.4+

Suppresses widespread compiler warnings when building with gcc 4.6.
Should have no effect otherwise.

ASoC: wm8940: Properly set codec->dapm.bias_level

No effect on Debian kernel configurations.

md/raid5: abort any pending parity operations when array fails.

Fixes potential crash if an md-raid RAID5/6 array loses enough
disks that it is no longer usable (>1 or >2 respectively).

[media] Remove the old V4L1 v4lgrab.c file

Removes outdated example code.

Revert "ALSA: hda: Fix quirk for Dell Inspiron 910"

Reverts change in (our 2.6.32-36) that resulted in a
regression (no audio output) for this specific model.

drm/i915: Sanity check pread/pwrite
drm/i915: Rephrase pwrite bounds checking to avoid any potential overflow

Fixes CVE-2010-2962.  We don't normally take drm fixes from this
series and we already applied these in 2.6.32-25.

genirq: Add IRQF_RESUME_EARLY and resume such IRQs earlier

Fixes #644604, a regression which caused Xen domU to hang after
suspend/resume (including migration).  We already fixed this by
reverting the change that introduced the regression, but this should be

mm: avoid null pointer access in vm_struct via /proc/vmallocinfo

Fixes potential DoS by local user.

ipv6: udp: fix the wrong headroom check

Fixes remote DoS (most likely from a VM guest) by sending UDP/IPv6 to
a bridge that has UFO enabled while the output port does not
(CVE-2011-4326).  I'm not convinced that this configuration is
possible in 2.6.32, but I could be wrong.

USB: serial: pl2303: rm duplicate id

Stops this driver binding to a 'WinChipHead' branded device that
should be handled by the ch341 driver.

USB: Fix Corruption issue in USB ftdi driver ftdi_sio.c

Fixes corruption of data transmitted through this serial driver during
reconfiguration.  (Changing e.g. the bit rate can be expected to to
this, but this bug affected any reconfiguration.)

usb-storage: Accept 8020i-protocol commands longer than 12 bytes

Enables support for some USB drives >2 TB.

USB: add quirk for Logitech C600 web cam
USB: quirks: adding more quirky webcams to avoid squeaky audio

Workaround for more buggy webcams that tend to fail after

tty: Make tiocgicount a handler
tty: icount changeover for other main devices

This is the general fix for CVE-2010-4075, CVE-2010-4076 and
CVE-2010-4077 which we already applied in 2.6.32-31.


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message ---
Source: user-mode-linux
Source-Version: 2.6.32-1um-4+41

We believe that the bug you reported is fixed in the latest version of
user-mode-linux, which is due to be installed in the Debian FTP archive:

  to main/u/user-mode-linux/user-mode-linux_2.6.32-1um-4+41.diff.gz
  to main/u/user-mode-linux/user-mode-linux_2.6.32-1um-4+41.dsc
  to main/u/user-mode-linux/user-mode-linux_2.6.32-1um-4+41_amd64.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 650160@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
dann frazier <dannf@debian.org> (supplier of updated user-mode-linux package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.8
Date: Mon, 16 Jan 2012 15:10:25 -0700
Source: user-mode-linux
Binary: user-mode-linux
Architecture: source amd64
Version: 2.6.32-1um-4+41
Distribution: stable
Urgency: high
Maintainer: User Mode Linux Maintainers <pkg-uml-pkgs@lists.alioth.debian.org>
Changed-By: dann frazier <dannf@debian.org>
 user-mode-linux - User-mode Linux (kernel)
Closes: 586494 633526 637234 637308 638172 641661 645308 647624 650160 650652 651255 651367 652857 653398 655049
 user-mode-linux (2.6.32-1um-4+41) stable; urgency=high
   * Rebuild against linux-source-2.6.32 (2.6.32-41):
     * Add longterm releases and, including:
       - atm: br2684: Fix oops due to skb->dev being NULL
       - md/linear: avoid corrupting structure while waiting for rcu_free to
       - xen/smp: Warn user why they keel over - nosmp or noapic and what to use
         instead. (Closes: #637308)
       - md: Fix handling for devices from 2TB to 4TB in 0.90 metadata.
       - net/9p: fix client code to fail more gracefully on protocol error
       - fs/9p: Fid is not valid after a failed clunk.
       - TPM: Call tpm_transmit with correct size (CVE-2011-1161)
       - TPM: Zero buffer after copying to userspace (CVE-2011-1162)
       - libiscsi_tcp: fix LLD data allocation
       - cfg80211: Fix validation of AKM suites
       - USB: pid_ns: ensure pid is not freed during kill_pid_info_as_uid
       - kobj_uevent: Ignore if some listeners cannot handle message
         (Closes: #641661)
       - nfsd4: ignore WANT bits in open downgrade
       - [s390] KVM: check cpu_id prior to using it
       - cfq: merge cooperating cfq_queues
       - [x86] KVM: Reset tsc_timestamp on TSC writes (fixes guest performance
         regression introduced in 2.6.32-35)
       - ext4: fix BUG_ON() in ext4_ext_insert_extent()
       - ext2,ext3,ext4: don't inherit APPEND_FL or IMMUTABLE_FL for new inodes
       For the complete list of changes, see:
       and the bug report which this closes: #647624.
     * tg3: Fix I/O failures after chip reset (Closes: #645308; regression in
     * Add longterm release, including:
       - SCSI: st: fix race in st_scsi_execute_end
       - NFS/sunrpc: don't use a credential with extra groups.
       - netlink: validate NLA_MSECS length
       - hfs: add sanity check for file name length (CVE-2011-4330)
       - md/raid5: abort any pending parity operations when array fails.
       - mm: avoid null pointer access in vm_struct via /proc/vmallocinfo
       - ipv6: udp: fix the wrong headroom check (CVE-2011-4326)
       - USB: Fix Corruption issue in USB ftdi driver ftdi_sio.c
       For the complete list of changes, see:
       and the bug report which this closes: #650160.
     * ipv6: Allow inet6_dump_addr() to handle more than 64 addresses
       (Closes: #651255)
     * Add longterm release, including:
       - PCI hotplug: shpchp: don't blindly claim non-AMD 0x7450 device IDs
         (see #638863)
       - sched, x86: Avoid unnecessary overflow in sched_clock
       - [x86] mpparse: Account for bus types other than ISA and PCI
         (Closes: #586494)
       For the complete list of changes, see:
       and the bug report which this closes: #651367.
     * [vserver] Update patch to
       - nfs: Fix client uid/gid caching (Closes: #633526)
     * [x86] Add isci driver from Linux 3.1 (Closes: #652857)
       - libsas: fix definition of wideport, include local sas address
       - [x86] Introduce pci_map_biosrom()
     * Add longterm release, including:
       - percpu: fix chunk range calculation
       - xfrm: Fix key lengths for rfc3686(ctr(aes)) (Closes: #650652)
       - jbd/jbd2: validate sb->s_first in journal_get_superblock()
       - Make taskstats require root access (CVE-2011-2494)
       - hfs: fix hfs_find_init() sb->ext_tree NULL ptr oops (CVE-2011-2203)
       - oprofile, x86: Fix nmi-unsafe callgraph support
       - ext4: avoid hangs in ext4_da_should_update_i_disksize()
     * xen: backport upstream (xen.git#xen/stable-2.6.32.y) fixes to event
       - multiple fixes to PIRQ event channel handling (Closes: #638172)
       - setup IRQ before binding VIRQ to it.
       - correctly setup event channel mask for secondary CPUs on restore.
       - use locked set/clear bit when manipulating event channel masks.
       - ensure event channels are handled in a fair/round-robin order preventing
         lower numbered event channels from starving higher.
     * xen: blkback: don't fail empty barrier requests (Closes: #637234)
     * ipv6: make fragment identifications less predictable (CVE-2011-2699)
       - fix NULL dereference in udp6_ufo_fragment (see #643817)
     * Add longterm release
       - Revert "clockevents: Set noop handler in clockevents_exchange_device()",
         included in stable update (Closes: #653398)
     * Add longterm release, including:
       - cfq-iosched: fix cfq_cic_link() race confition
       For the complete list of changes, see:
       and the bug report which this closes: #655049.
 f494d27c53a7b37ca3a4347b436edd3524e68c02 2030 user-mode-linux_2.6.32-1um-4+41.dsc
 b488267ef63e4218f70c47ee51b40502007b5233 19896 user-mode-linux_2.6.32-1um-4+41.diff.gz
 9f7914a7a62777ecf85299f2b72ede31753c8afd 7082050 user-mode-linux_2.6.32-1um-4+41_amd64.deb
 ba2f5619cd4026bd17a83d3b6a0eaed47b9c62bc0cf46ec3ddf56f1d23f5593b 2030 user-mode-linux_2.6.32-1um-4+41.dsc
 5ccf08629fadd90d1083e938c8000fa2499028bfb91f0914b673e4b031214942 19896 user-mode-linux_2.6.32-1um-4+41.diff.gz
 f84c0799d02381f79ccbf1b78d2704011eb5a1158b63d4a724cbbf6e771c3e67 7082050 user-mode-linux_2.6.32-1um-4+41_amd64.deb
 99409f5e1cce01848a20d64c09487d7c 2030 kernel extra user-mode-linux_2.6.32-1um-4+41.dsc
 80d12b694c2947277796884f1d9c36cd 19896 kernel extra user-mode-linux_2.6.32-1um-4+41.diff.gz
 491732fc5e1e2a828e84767f691059a1 7082050 kernel extra user-mode-linux_2.6.32-1um-4+41_amd64.deb

Version: GnuPG v1.4.11 (GNU/Linux)


--- End Message ---

Reply to: