Package: src:linux-2.6 Version: 2.6.32-41 Severity: important - ext4: fix undefined behavior in ext4_fill_flex_info() Fixes a case where a corrupted filesystem can cause division by zero (i.e. denial of service). This was originally assigned CVE-2009-4307 and was supposed to have been fixed. The vulnerability left by the incorrect fix may have been assigned a new CVE number, but seems to be essentially the same. - ALSA: snd-usb-us122l: Delete calls to preempt_disable I don't know what the impact of this is. - ALSA: ice1724 - Check for ac97 to avoid kernel oops Fixes crash (oops) in initialisation of this sound driver on some systems. - ALSA: hda - Return the error from get_wcaps_type() for invalid NIDs Fixes sound playback from this driver on some systems. - HID: bump maximum global item tag report size to 96 bytes Adds support for some N-Trig touchscreen devices. - UBI: fix use-after-free on error path Fixes potential memory corruption in this flash translation layer. - PCI: Fix PCI_EXP_TYPE_RC_EC value Fixes an incorrect register value definition. I believe this will enable restoration of PCI Express error reporting configuration after suspend/resume on some systems where previously it would be reset. - PCI: msi: Disable msi interrupts when we initialize a pci device Fixes potential hang after kexec. - xen/xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. Adds check for a protocol error that would otherwise result in memory corruption. If I understand correctly, this is not a security vulnerability as the peer must already be trusted; however the commit message is not entirely clear about this. - ima: free duplicate measurement memory No effect on Debian configurations, as this subsystem is not enabled. - PNP: work around Dell 1536/1546 BIOS MMCONFIG bug that breaks USB Seems clear enough. - x86: Fix mmap random address range This is *reducing* the range of ASLR for mmap on i386 only. The function generating random offsets is supposed to return an offset up to 1 MB, but could also return a negative value down to -1 MB. This isn't obviously disastrous, but I may be missing something subtle. - UBI: fix nameless volumes handling Adds earlier check for an invalid name of an UBI flash partition, which would then be unusable and undeletable. - i2c: Fix error value returned by several bus drivers Several I2C bus drivers could return 0 for several failure cases in their probe functions. They would therefore continue operating on a device that was not properly initialised or was in use by the system firmware, likely resulting in a crash or interfering with hardware monitoring. - V4L/DVB: v4l2-ioctl: integer overflow in video_usercopy() Fixes integer overflow leading to heap buffer overflow, possibly only on 32-bit systems. This is exploitable by users in the video group if any V4L2 devices are present. - svcrpc: fix double-free on shutdown of nfsd after changing pool mode Fixes memory corruption after changing the mode of the SunRPC service thread pool and then shutting it down. This affects NFS servers. - svcrpc: destroy server sockets all at once I don't know what the impact of this is. - nfsd: Fix oops when parsing a 0 length export Seems fairly clear. I don't believe this is a security issue because only root can write to the relevant file. - USB: cdc-wdm: fix misuse of logical operation in place of bitop Fixes blocking writes through this driver, used for some USB-connected cellular modems (and phones acting as modems). Previously they could wrongly be made non-blocking; this would break simple scripts that write to the modem. (Most 'real' modem control programs would deliberately use non-blocking mode.) - USB: Fix 'bad dma' problem on WDM device disconnect Fixes buffer management for the cdc-wdm driver. On disconnection, it would specify an incorrect size for the buffers being freed. This resulted in a warning message and memory leak. - fix cputime overflow in uptime_proc_show Fixes the display of the total idle time (not uptime) in /proc/uptime on 32-bit architectures. This will overflow after 2^32 ticks (~200 days of at 250 Hz) summed across all CPUs. This has no impact on continued operation of the kernel. - block: add and use scsi_blk_cmd_ioctl - kernel.h: add printk_ratelimited and pr_<level>_rl Part of the fix for CVE-2011-4127. We have these already. - ALSA: HDA: Fix internal microphone on Dell Studio 16 XPS 1645 Clear enough. - sym53c8xx: Fix NULL pointer dereference in slave_destroy I'm not convinced this fixes a bug in 2.6.32, but it doesn't do any harm. - score: fix off-by-one index into syscall table Irrelevant to Debian as we don't support this architecture. - kprobes: initialize before using a hlist Fixes memory leak when using kprobes. I don't believe this is a security issue as only root can use kprobes. Ben. -- Ben Hutchings Horngren's Observation: Among economists, the real world is often a special case.
Attachment:
signature.asc
Description: This is a digitally signed message part