This bug was fixed in the package linux - 2.6.31-23.74
--------------- linux (2.6.31-23.74) karmic-proposed; urgency=low
[ Steve Conklin ]
* Release Tracking Bug - LP: #725232
[ Upstream Kernel Changes ]
* bluetooth: Fix missing NULL check, CVE-2010-4242 - LP: #714846 - CVE-2010-4242 * bio: take care not overflow page count when mapping/copying user data, CVE-2010-4162 - LP: #721441 - CVE-2010-4162 * filter: make sure filters dont read uninitialized memory - LP: #721282 - CVE-2010-4158 * tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077 - LP: #720189 - CVE-2010-4077 * block: check for proper length of iov entries in blk_rq_map_user_iov(), CVE-2010-4163 - LP: #721504 - CVE-2010-4163 * block: check for proper length of iov entries earlier in blk_rq_map_user_iov(), CVE-2010-4163 - LP: #721504 - CVE-2010-4163 * rds: Integer overflow in RDS cmsg handling, CVE-2010-4175 - LP: #721455 - CVE-2010-4175 -- Steve Conklin <email address hidden> Fri, 25 Feb 2011 14:20:16 -0600
This bug was fixed in the package linux - 2.6.31-23.74
---------------
linux (2.6.31-23.74) karmic-proposed; urgency=low
[ Steve Conklin ]
* Release Tracking Bug
- LP: #725232
[ Upstream Kernel Changes ]
* bluetooth: Fix missing NULL check, CVE-2010-4242 map_user_ iov(), rq_map_ user_iov( ), CVE-2010-4163
- LP: #714846
- CVE-2010-4242
* bio: take care not overflow page count when mapping/copying user data,
CVE-2010-4162
- LP: #721441
- CVE-2010-4162
* filter: make sure filters dont read uninitialized memory
- LP: #721282
- CVE-2010-4158
* tty: Make tiocgicount a handler, CVE-2010-4076, CVE-2010-4077
- LP: #720189
- CVE-2010-4077
* block: check for proper length of iov entries in blk_rq_
CVE-2010-4163
- LP: #721504
- CVE-2010-4163
* block: check for proper length of iov entries earlier in
blk_
- LP: #721504
- CVE-2010-4163
* rds: Integer overflow in RDS cmsg handling, CVE-2010-4175
- LP: #721455
- CVE-2010-4175
-- Steve Conklin <email address hidden> Fri, 25 Feb 2011 14:20:16 -0600