Package: src:linux-2.6 Version: 2.6.32-41 Severity: important - eCryptfs: Sanitize write counts of /dev/ecryptfs Limits the size of message writeable to this filesystem control device. A large message could otherwise result in OOM. I don't think this is much of a security issue as access to the control device is already privileged. - ecryptfs: Improve metadata read failure logging Logging improvement, may aid recovery from filesystem damage. - eCryptfs: Make truncate path killable Allows a task truncating or extending a file on encrypts to be killed (with signal 9, SIGKILL). Currently this may be a lengthy and uninterruptible operation, hence a potential DoS. - drm: Fix authentication kernel crash Fixes use-after-free, possibly exploitable for privilege escalation. - crypto: sha512 - make it work, undo percpu message schedule - crypto: sha512 - reduce stack usage to safe number SHA-512 normally requires substantial temporary space, which was allocated per-CPU. This is safe iff the function is not reentrant. However, since it can actually be used in both process context and in soft-interrupt context, this may result in incorrect hashes and consequent data loss. These changes replace the per-CPU space with a smaller space on the stack. However, gcc still allocates a lot of stack space on 32-bit machines, so this requires an additional fix. - Revert "ARM: 7220/1: mmc: mmci: Fixup error handling for dma" This has no effect on Debian configurations. - block: fail SCSI passthrough ioctls on partition devices - dm: do not forward ioctls from logical volumes to the underlying device The rest of the fix for CVE-2011-4127, which we already have. - USB: ftdi_sio: fix TIOCSSERIAL baud_base handling Rejects an invalid setting for this serial driver. It looks like the invalid setting would in any case be ignored, so I'm not sure why this is important. - USB: ftdi_sio: add PID for TI XDS100v2 / BeagleBone A3 - USB: serial: ftdi additional IDs - USB: ftdi_sio: Add more identifiers New hardware support. - USB: cdc-wdm: updating desc->length must be protected by spin_lock Fixes part of a data race in this driver, used for some USB-connected cellular modems (and phones acting as modems), which would lead to corruption of received data. It doesn't appear to fix the whole problem, though. - usb: io_ti: Make edge_remove_sysfs_attrs the port_remove method. Fixes memory leak on removal of this device (or it might result in a crash, but I don't think so). - USB: usbsevseg: fix max length Adds support for a new variant of the USB seven-segment displays using longer packets. - hwmon: (f71805f) Fix clamping of temperature limits Fixes handling of temperature limit settings that are outside the hardware range. Previously they would be replaced with 0, which could potentially trigger the system to shut down. - hwmon: (sht15) fix bad error code This driver would leak memory if loaded on a system that did not specifically support it, and would crash if then removed. - USB: serial: CP210x: Added USB-ID for the Link Instruments MSO-19 New hardware support. - USB: cp210x: do not map baud rates to B0 Fixes handling of requests for low baud rates. Not sure why this is important. - USB: ftdi_sio: fix initial baud rate Fixes our bug #658164. Ben. -- Ben Hutchings Horngren's Observation: Among economists, the real world is often a special case.
Attachment:
signature.asc
Description: This is a digitally signed message part