A new release of the Ubuntu Cloud Images for stable Ubuntu release 10.04 LTS (Lucid Lynx) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'apt-get update && sudo apt-get dist-upgrade && reboot'. The Linux kernel was updated from 2.6.32-42.96 [3] to 2.6.32-45.102 [4] The following packages have been updated. Please see the full changelogs for a complete listing of changes: * apport: 1.13.3-0ubuntu2.1 => 1.13.3-0ubuntu2.2 * apt: 0.7.25.3ubuntu9.13 => 0.7.25.3ubuntu9.14 * bind9: 1:9.7.0.dfsg.P1-1ubuntu0.6 => 1:9.7.0.dfsg.P1-1ubuntu0.8 * dbus: 1.2.16-2ubuntu4.3 => 1.2.16-2ubuntu4.7 * dhcp3: 3.1.3-2ubuntu3.3 => 3.1.3-2ubuntu3.4 * dpkg: 1.15.5.6ubuntu4.5 => 1.15.5.6ubuntu4.6 * eglibc: 2.11.1-0ubuntu7.10 => 2.11.1-0ubuntu7.12 * freetype: 2.3.11-1ubuntu2.6 => 2.3.11-1ubuntu2.7 * glib2.0: 2.24.1-0ubuntu1 => 2.24.1-0ubuntu2 * gnupg: 1.4.10-2ubuntu1 => 1.4.10-2ubuntu1.2 * landscape-client: 12.05-0ubuntu0.10.04 => 12.05-0ubuntu1.10.04 * libcap2: 1:2.17-2ubuntu1 => 1:2.17-2ubuntu1.1 * libxml2: 2.7.6.dfsg-1ubuntu1.5 => 2.7.6.dfsg-1ubuntu1.7 * linux-ec2: 2.6.32-347.53 => 2.6.32-350.59 * linux-meta-ec2: 2.6.32.347.28 => 2.6.32.350.31 * linux-meta: 2.6.32.42.49 => 2.6.32.45.52 * linux: 2.6.32-42.96 => 2.6.32-45.102 * lsb: 4.0-0ubuntu8 => 4.0-0ubuntu8.1 * perl: 5.10.1-8ubuntu2.1 => 5.10.1-8ubuntu2.2 * python2.6: 2.6.5-1ubuntu6 => 2.6.5-1ubuntu6.1 * software-properties: 0.75.10.2 => 0.75.10.3 * sudo: 1.7.2p1-1ubuntu5.4 => 1.7.2p1-1ubuntu5.5 * tzdata: 2012b-0ubuntu0.10.04 => 2012e-0ubuntu0.10.04 * unattended-upgrades: 0.55ubuntu7 => 0.55ubuntu8 * vim: 2:7.2.330-1ubuntu3 => 2:7.2.330-1ubuntu3.1 The following is a complete changelog for this image. new: {} removed: {} changed: ['linux-image-virtual', 'apport', 'dhcp3-common', 'libcap2', 'python2.6', 'dnsutils', 'libdbus-1-3', 'apt', 'perl', 'linux-image-ec2', 'sudo', 'lsb-base', 'dbus', 'libglib2.0-0', 'libisc60', 'liblwres60', 'python-software-properties', 'gpgv', 'libc-bin', 'gnupg', 'libisccfg60', 'libfreetype6', 'libpython2.6', 'python-problem-report', 'vim-tiny', 'dpkg', 'libbind9-60', 'python-apport', 'vim', 'tzdata', 'linux-virtual', 'lsb-release', 'landscape-common', 'apt-utils', 'libxml2', 'libc6', 'vim-common', 'libdns64', 'bind9-host', 'gnupg-curl', 'landscape-client', 'dhcp3-client', 'python2.6-minimal', 'libisccc60', 'linux-image-2.6.32-45-virtual', 'vim-runtime', 'apt-transport-https', 'linux-image-2.6.32-350-ec2', 'perl-modules', 'unattended-upgrades', 'linux-ec2', 'perl-base'] ==== lsb: 4.0-0ubuntu8 => 4.0-0ubuntu8.1 ==== ==== lsb-base lsb-release * If a pidfile is specified, but doesn't provide a PID to test, return 'not running', and return 'unknown' if the pidfile exists but is unreadable (LP: #683640) ==== libxml2: 2.7.6.dfsg-1ubuntu1.5 => 2.7.6.dfsg-1ubuntu1.7 ==== ==== libxml2 * SECURITY UPDATE: buffer underflow in xmlParseAttValueComplex() - debian/patches/CVE-2012-5134.patch: add array bounds checking in parser.c, thanks to Daniel Veillard - http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d - CVE-2012-5134 * SECURITY UPDATE: denial of service and possible code execution via incorrect buffer sizes. - http://git.gnome.org/browse/libxml2/commit/?id=459eeb9dc752d5185f57ff6b135027f11981a626 - http://git.gnome.org/browse/libxml2/commit/?id=4f9fdc709c4861c390cd84e2ed1fd878b3442e28 - http://git.gnome.org/browse/libxml2/commit/?id=baaf03f80f817bb34c421421e6cb4d68c353ac9a - CVE-2012-2807 ==== sudo: 1.7.2p1-1ubuntu5.4 => 1.7.2p1-1ubuntu5.5 ==== ==== sudo * toke.{cl}: avoid duplicate fclose() of the sudoers file (LP: #553786) - http://www.sudo.ws/repos/sudo/rev/164d39108dde ==== apt: 0.7.25.3ubuntu9.13 => 0.7.25.3ubuntu9.14 ==== ==== apt apt-utils apt-transport-https * ftparchive/override.cc: - Double maximum override line length to 1000 (LP: #1038961). ==== vim: 2:7.2.330-1ubuntu3 => 2:7.2.330-1ubuntu3.1 ==== ==== vim-common vim vim-runtime vim-tiny * Backported upstream patch 7.3.216 from https://groups.google.com/d/topic/vim_dev/lTos-bGcNgU/discussion (LP: #1059085): - src/memline.c: Avoid corruption on large-file recovery. - src/testdir/test70.in, src/testdir/test70.ok: Test large-file recovery. - src/testdir/Makefile, src/testdir/Make_amiga.mak, src/testdir/Make_dos.mak, src/testdir/Make_os2.mak, src/testdir/Make_vms.mms: Update Makefiles to include new tests. ==== eglibc: 2.11.1-0ubuntu7.10 => 2.11.1-0ubuntu7.12 ==== ==== libc-bin libc6 * Pull three interdependent patches from Debian to fix AVX detection problems on kernels or CPUs that lack support for it (LP: #979003): - amd64/cvs-avx-detection.diff: Improved detection on old kernels. - amd64/cvs-dl_trampoline-cfi.diff: fix CFI in dl_trampoline code. - amd64/cvs-avx-osxsave.diff: Disable AVX without OSXAVE support. * Also backport amd64/submitted-tst-audit6-avx.diff from oneiric to skip tests if AVX extensions are not available on the build host. * Use non-deprecated --reject-format=unified QUILT_PATCH_OPTS option. * SECURITY UPDATE: buffer overflow in vfprintf handling - debian/patches/any/CVE-2012-3404.patch: Fix allocation when handling positional parameters in printf. - CVE-2012-3404 * SECURITY UPDATE: buffer overflow in vfprintf handling - debian/patches/any/CVE-2012-3405.patch: fix extension of array - CVE-2012-3405 * SECURITY UPDATE: stack buffer overflow in vfprintf handling (LP: #1031301) - debian/patches/any/CVE-2012-3406.patch: switch to malloc when array grows too large to handle via alloca extension - CVE-2012-3406 * SECURITY UPDATE: stdlib strtod integer/buffer overflows - debian/patches/any/CVE-2012-3480.patch: rearrange calculations and modify types to void integer overflows - CVE-2012-3480 * debian/patches/any/strtod_overflow_bug7066.patch: Fix array overflow in floating point parser triggered by applying patch for CVE-2012-3480 * debian/testsuite-checking/expected-results-x86_64-linux-gnu-libc, debian/testsuite-checking/expected-results-i486-linux-gnu-libc, debian/testsuite-checking/expected-results-i686-linux-gnu-i386, debian/testsuite-checking/expected-results-i686-linux-gnu-i686, debian/testsuite-checking/expected-results-i686-linux-gnu-xen, debian/testsuite-checking/expected-results-sparc64-linux-gnu-sparc64: update for pre-existing testsuite failures that prevents FTBFS when the testsuite is enabled. ==== linux: 2.6.32-42.96 => 2.6.32-45.102 ==== ==== linux-image-2.6.32-45-virtual [Brad Figg] * Release Tracking Bug - LP: #1095350 [ Kees Cook ] * SAUCE: exec: do not leave bprm->interp on stack - LP: #1068888 - CVE-2012-4530 [ Upstream Kernel Changes ] * exec: use -ELOOP for max recursion depth - LP: #1068888 - CVE-2012-4530 [Luis Henriques] * Release Tracking Bug - LP: #1085934 [ Upstream Kernel Changes ] * ipv6: discard overlapping fragment - LP: #1079859 - CVE-2012-4444 [Luis Henriques] * Release Tracking Bug - LP: #1078385 [ Upstream Kernel Changes ] * eCryptfs: check for eCryptfs cipher support at mount - LP: #338914 * net: fix divide by zero in tcp algorithm illinois - LP: #1077091 - CVE-2012-4565 [Luis Henriques] * Release Tracking Bug - LP: #1067331 [ Tim Gardner ] * SAUCE: omnibook: Expose PWD for standalone builds - LP: #505420 [ Upstream Kernel Changes ] * Revert "xfs: Fix possible memory corruption in xfs_readlink, CVE-2011-4077" - LP: #1064480 * UBUNTU SAUCE: apparmor: fix IRQ stack overflow - LP: #1056078 * net/9p: fix virtio transport to correctly update status on connect - LP: #676823 * 9p: Fix the kernel crash on a failed mount - LP: #676823 * netxen: support for GbE port settings - LP: #1064480 * Fix sparc build with newer tools. - LP: #1064480 * powerpc/pmac: Fix SMP kernels on pre-core99 UP machines - LP: #1064480 * Bluetooth: btusb: fix bInterval for high/super speed isochronous endpoints - LP: #1064480 * fix pgd_lock deadlock - LP: #1064480 * futex: Fix uninterruptible loop due to gate_area - LP: #1064480 * time: Improve sanity checking of timekeeping inputs - LP: #1064480 * time: Avoid making adjustments if we haven't accumulated anything - LP: #1064480 * time: Move ktime_t overflow checking into timespec_valid_strict - LP: #1064480 * drm/i915: Attempt to fix watermark setup on 85x (v2) - LP: #1064480 * ioat2: kill pending flag - LP: #1064480 * usb: Fix deadlock in hid_reset when Dell iDRAC is reset - LP: #1064480 * oprofile: use KM_NMI slot for kmap_atomic - LP: #1064480 * tty_audit: fix tty_audit_add_data live lock on audit disabled - LP: #1064480 * bonding: 802.3ad - fix agg_device_up - LP: #1064480 * usbnet: increase URB reference count before usb_unlink_urb - LP: #1064480 * usbnet: don't clear urb->dev in tx_complete - LP: #1064480 * sched: Fix signed unsigned comparison in check_preempt_tick() - LP: #1064480 * x86/PCI: amd: factor out MMCONFIG discovery - LP: #1064480 * PNP: fix "work around Dell 1536/1546 BIOS MMCONFIG bug that breaks USB" - LP: #1064480 * KVM: x86: disallow multiple KVM_CREATE_IRQCHIP - LP: #1064480 * KVM: ia64: fix build due to typo - LP: #1064480 * xfs: Fix possible memory corruption in xfs_readlink - LP: #1064480 * xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink() - LP: #1064480 * dl2k: use standard #defines from mii.h. - LP: #1064480 * tcp: Don't change unlocked socket state in tcp_v4_err(). - LP: #1064480 * x86: Derandom delay_tsc for 64 bit - LP: #1064480 * ipsec: be careful of non existing mac headers - LP: #1064480 * block, sx8: fix pointer math issue getting fw version - LP: #1064480 * nilfs2: fix NULL pointer dereference in nilfs_load_super_block() - LP: #1064480 * USB: ftdi_sio: fix problem when the manufacture is a NULL string - LP: #1064480 * ntp: Fix integer overflow when setting time - LP: #1064480 * SUNRPC: We must not use list_for_each_entry_safe() in rpc_wake_up() - LP: #1064480 * ext4: check for zero length extent - LP: #1064480 * xfs: Fix oops on IO error during xlog_recover_process_iunlinks() - LP: #1064480 * nfsd: don't allow zero length strings in cache_parse() - LP: #1064480 * sched/x86: Fix overflow in cyc2ns_offset - LP: #1064480 * Bluetooth: add NULL pointer check in HCI - LP: #1064480 * Bluetooth: hci_ldisc: fix NULL-pointer dereference on tty_close - LP: #1064480 * sparc64: Fix bootup crash on sun4v. - LP: #1064480 * video:uvesafb: Fix oops that uvesafb try to execute NX-protected page - LP: #1064480 * USB: serial: fix race between probe and open - LP: #1064480 * xhci: Don't write zeroed pointers to xHC registers. - LP: #1064480 * xHCI: Correct the #define XHCI_LEGACY_DISABLE_SMI - LP: #1064480 * crypto: sha512 - Fix byte counter overflow in SHA-512 - LP: #1064480 * PCI: Add quirk for still enabled interrupts on Intel Sandy Bridge GPUs - LP: #1064480 * phonet: Check input from user before allocating - LP: #1064480 * netlink: fix races after skb queueing - LP: #1064480 * net: fix a race in sock_queue_err_skb() - LP: #1064480 * atl1: fix kernel panic in case of DMA errors - LP: #1064480 * net/ethernet: ks8851_mll fix rx frame buffer overflow - LP: #1064480 * net_sched: gred: Fix oops in gred_dump() in WRED mode - LP: #1064480 * ARM: 7410/1: Add extra clobber registers for assembly in kernel_execve - LP: #1064480 * netem: fix possible skb leak - LP: #1064480 * ALSA: echoaudio: Remove incorrect part of assertion - LP: #1064480 * NFSv4: Revalidate uid/gid after open - LP: #1064480 * ext3: Fix error handling on inode bitmap corruption - LP: #1064480 * ext4: fix error handling on inode bitmap corruption - LP: #1064480 * xhci: Reset reserved command ring TRBs on cleanup. - LP: #1064480 * SCSI: fix scsi_wait_scan - LP: #1064480 * powerpc: Fix kernel panic during kernel module load - LP: #1064480 * fuse: fix stat call on 32 bit platforms - LP: #1064480 * udf: Improve table length check to avoid possible overflow - LP: #1064480 * stable: Allow merging of backports for serious user-visible performance issues - LP: #1064480 * eCryptfs: Properly check for O_RDONLY flag before doing privileged open - LP: #1064480 * USB: cdc-wdm: fix lockup on error in wdm_read - LP: #1064480 * ntp: Fix STA_INS/DEL clearing bug - LP: #1064480 * MIPS: Properly align the .data..init_task section. - LP: #1064480 * powerpc/ftrace: Fix assembly trampoline register usage - LP: #1064480 * powerpc: Add "memory" attribute for mfmsr() - LP: #1064480 * SCSI: libsas: continue revalidation - LP: #1064480 * SCSI: libsas: fix sas_discover_devices return code handling - LP: #1064480 * SCSI: fix eh wakeup (scsi_schedule_eh vs scsi_restart_operations) - LP: #1064480 * SCSI: Avoid dangling pointer in scsi_requeue_command() - LP: #1064480 * usbdevfs: Correct amount of data copied to user in processcompl_compat - LP: #1064480 * locks: fix checking of fcntl_setlease argument - LP: #1064480 * ACPI/AC: prevent OOPS on some boxes due to missing check power_supply_register() return value check - LP: #1064480 * Btrfs: call the ordered free operation without any locks held - LP: #1064480 * nfsd4: our filesystems are normally case sensitive - LP: #1064480 * ext4: don't let i_reserved_meta_blocks go negative - LP: #1064480 * sctp: Fix list corruption resulting from freeing an association on a list - LP: #1064480 * cipso: don't follow a NULL pointer when setsockopt() is called - LP: #1064480 * wanmain: comparing array with NULL - LP: #1064480 * USB: kaweth.c: use GFP_ATOMIC under spin_lock - LP: #1064480 * tcp: perform DMA to userspace only if there is a task waiting for it - LP: #1064480 * net/tun: fix ioctl() based info leaks - LP: #1064480 * USB: echi-dbgp: increase the controller wait time to come out of halt. - LP: #1064480 * ALSA: mpu401: Fix missing initialization of irq field - LP: #1064480 * futex: Test for pi_mutex on fault in futex_wait_requeue_pi() - LP: #1064480 * futex: Fix bug in WARN_ON for NULL q.pi_state - LP: #1064480 * futex: Forbid uaddr == uaddr2 in futex_wait_requeue_pi() - LP: #1064480 * pcdp: use early_ioremap/early_iounmap to access pcdp table - LP: #1064480 * mm: mmu_notifier: fix freed page still mapped in secondary MMU - LP: #1064480 * fuse: verify all ioctl retry iov elements - LP: #1064480 * xhci: Increase reset timeout for Renesas 720201 host. - LP: #1064480 * usb: serial: mos7840: Fixup mos7840_chars_in_buffer() - LP: #1064480 * ALSA: hda - fix Copyright debug message - LP: #1064480 * vfs: missed source of ->f_pos races - LP: #1064480 * NFSv3: Ensure that do_proc_get_root() reports errors correctly - LP: #1064480 * NFS: Alias the nfs module to nfs4 - LP: #1064480 * svcrpc: fix svc_xprt_enqueue/svc_recv busy-looping - LP: #1064480 * svcrpc: sends on closed socket should stop immediately - LP: #1064480 * cciss: fix incorrect scsi status reporting - LP: #1064480 * USB: CDC ACM: Fix NULL pointer dereference - LP: #1064480 * Remove user-triggerable BUG from mpol_to_str - LP: #1064480 * udf: Fix data corruption for files in ICB - LP: #1064480 * ext3: Fix fdatasync() for files with only i_size changes - LP: #1064480 * PARISC: Redefine ATOMIC_INIT and ATOMIC64_INIT to drop the casts - LP: #1064480 * dccp: check ccid before dereferencing - LP: #1064480 * ia64: Add accept4() syscall - LP: #1064480 * tcp: do_tcp_sendpages() must try to push data out on oom conditions - LP: #1064480 * tcp: drop SYN+FIN messages - LP: #1064480 * xen: correctly check for pending events when restoring irq flags - LP: #1064480 * x86, amd, xen: Avoid NULL pointer paravirt references - LP: #1064480 * x86, tls: Off by one limit check - LP: #1064480 * sparc64: Eliminate obsolete __handle_softirq() function - LP: #1064480 * udf: fix retun value on error path in udf_load_logicalvol - LP: #1064480 * mtd: cafe_nand: fix an & vs | mistake - LP: #1064480 * epoll: introduce POLLFREE to flush ->signalfd_wqh before kfree() - LP: #1064480 * epoll: ep_unregister_pollwait() can use the freed pwq->whead - LP: #1064480 * epoll: limit paths - LP: #1064480 * Don't limit non-nested epoll paths - LP: #1064480 * epoll: clear the tfile_check_list on -ELOOP - LP: #1064480 * random: Reorder struct entropy_store to remove padding on 64bits - LP: #1064480 * random: update interface comments to reflect reality - LP: #1064480 * random: simplify fips mode - LP: #1064480 * x86, cpu: Add CPU flags for F16C and RDRND - LP: #1064480 * x86, cpufeature: Update CPU feature RDRND to RDRAND - LP: #1064480 * random: Add support for architectural random hooks - LP: #1064480 * x86, random: Architectural inlines to get random integers with RDRAND - LP: #1064480 * x86, random: Verify RDRAND functionality and allow it to be disabled - LP: #1064480 * fix typo/thinko in get_random_bytes() - LP: #1064480 * random: Use arch_get_random_int instead of cycle counter if avail - LP: #1064480 * random: Use arch-specific RNG to initialize the entropy store - LP: #1064480 * random: Adjust the number of loops when initializing - LP: #1064480 * drivers/char/random.c: fix boot id uniqueness race - LP: #1064480 * random: make 'add_interrupt_randomness()' do something sane - LP: #1064480 * random: use lockless techniques in the interrupt path - LP: #1064480 * random: create add_device_randomness() interface - LP: #1064480 * random: use the arch-specific rng in xfer_secondary_pool - LP: #1064480 * random: add new get_random_bytes_arch() function - LP: #1064480 * random: mix in architectural randomness in extract_buf() - LP: #1064480 * MAINTAINERS: Theodore Ts'o is taking over the random driver - LP: #1064480 * usb: feed USB device information to the /dev/random driver - LP: #1064480 * net: feed /dev/random with the MAC address when registering a device - LP: #1064480 * random: remove rand_initialize_irq() - LP: #1064480 * random: Add comment to random_initialize() - LP: #1064480 * rtc: wm831x: Feed the write counter into device_add_randomness() - LP: #1064480 * mfd: wm831x: Feed the device UUID into device_add_randomness() - LP: #1064480 * dmi: Feed DMI table to /dev/random driver - LP: #1064480 * Linux 2.6.32.60 - LP: #1064480 [Luis Henriques] * Release Tracking Bug - LP: #1055438 [ Dave Airlie ] * SAUCE: drm/vmwgfx: add MODULE_DEVICE_TABLE so vmwgfx loads at boot - LP: #1039157 [ Upstream Kernel Changes ] * Revert "sfc: Fix maximum number of TSO segments and minimum TX queue size" - LP: #1037456 - CVE-2012-3412 * Revert "sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE" - LP: #1037456 - CVE-2012-3412 * Revert "tcp: Apply device TSO segment limit earlier" - LP: #1037456 - CVE-2012-3412 * Revert "tcp: do not scale TSO segment size with reordering degree" - LP: #1037456 - CVE-2012-3412 * Revert "net: Allow driver to limit number of GSO segments per skb" - LP: #1037456 - CVE-2012-3412 * cred: copy_process() should clear child->replacement_session_keyring - LP: #1023535 - CVE-2012-2745 * KVM: Change irq routing table to use gsi indexed array - LP: #1016298 - CVE-2012-2137 * KVM: Fix buffer overflow in kvm_set_irq() - LP: #1016298 - CVE-2012-2137 * xen: just completely disable XSAVE - LP: #1044550 * xen: Allow PV-OPS kernel to detect whether XSAVE is supported - LP: #1044550 * sfc: Fix maximum number of TSO segments and minimum TX queue size - LP: #1037456 - CVE-2012-3412 [Luis Henriques] * Release Tracking Bug - LP: #1045405 [ Upstream Kernel Changes ] * rds: set correct msg_namelen - LP: #1031112 - CVE-2012-3430 * eCryptfs: Initialize empty lower files when opening them - LP: #911507 * net: Allow driver to limit number of GSO segments per skb - LP: #1037456 - CVE-2012-3412 * tcp: do not scale TSO segment size with reordering degree - LP: #1037456 - CVE-2012-3412 * tcp: Apply device TSO segment limit earlier - LP: #1037456 - CVE-2012-3412 * sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE - LP: #1037456 - CVE-2012-3412 * sfc: Fix maximum number of TSO segments and minimum TX queue size - LP: #1037456 - CVE-2012-3412 * mm: Hold a file reference in madvise_remove - LP: #1042447 - CVE-2012-3511 * ulimit: raise default hard ulimit on number of files to 4096 - LP: #663090 ==== unattended-upgrades: 0.55ubuntu7 => 0.55ubuntu8 ==== ==== unattended-upgrades * unattended-upgrade: ignore md5sum "newconffile" (LP: #936870) ==== software-properties: 0.75.10.2 => 0.75.10.3 ==== ==== python-software-properties * SECURITY UPDATE: improve gpg key validation to prevent MITM attack (LP: #1016643) - softwareproperties/ppa.py: download gpg key to temporary keyring, and validate using v4 fingerprint before importing to apt keyring. ==== perl: 5.10.1-8ubuntu2.1 => 5.10.1-8ubuntu2.2 ==== ==== perl-modules perl perl-base * SECURITY UPDATE: Injection problem in Digest::new - CVE-2011-3597 * SECURITY UPDATE: Off-by-one via crafted Unicode string in Unicode.xs - CVE-2011-2939 * SECURITY UPDATE: Heap overflow in "x" operator (LP: #1069034) - CVE-2012-5195 * SECURITY UPDATE: CGI.pm improper cookie and p3p CRLF escaping - CVE-2012-5526 ==== tzdata: 2012b-0ubuntu0.10.04 => 2012e-0ubuntu0.10.04 ==== ==== tzdata * New upstream release 2012e: - Fixes timezone data for Port-au-Prince, Haiti (LP: #1031836) * Update debian/copyright and debian/watch for new upstream. ==== apport: 1.13.3-0ubuntu2.1 => 1.13.3-0ubuntu2.2 ==== ==== python-problem-report apport python-apport * bin/apport-bug: Explicitly set the PATH to that of ENV_SUPATH in /etc/login.defs and unset ENV and CDPATH. We need do this so that confined applications which use apport-bug cannot abuse the environment to escape AppArmor confinement via this script (LP: #1045986). ==== bind9: 1:9.7.0.dfsg.P1-1ubuntu0.6 => 1:9.7.0.dfsg.P1-1ubuntu0.8 ==== ==== libisccc60 libisccfg60 libdns64 libbind9-60 liblwres60 libisc60 bind9-host dnsutils * SECURITY UPDATE: denial of service via specific combinations of RDATA - bin/named/query.c: fix logic - Patch backported from 9.8.3-P4 - CVE-2012-5166 * SECURITY UPDATE: denial of service via large crafted resource record - check length in lib/dns/include/dns/rdata.h, lib/dns/{master,rdata,rdataslab}.c. - Patch backported from 9.7.6-P3 - CVE-2012-4244 ==== linux-meta: 2.6.32.42.49 => 2.6.32.45.52 ==== ==== linux-image-virtual linux-virtual [ Luis Henriques ] * Bump ABI [ Stefan Bader ] * Make linux-crashdump alternatively depend on EFI grub LP: #1064259 [ Luis Henriques ] * Bump ABI [ Luis Henriques ] * Bump ABI ==== linux-meta-ec2: 2.6.32.347.28 => 2.6.32.350.31 ==== ==== linux-image-ec2 linux-ec2 * Bump linux-ec2 ABI to 350 for proposed release * Bump linux-ec2 ABI to 349 for proposed release * Bump linux-ec2 ABI to 348 for proposed release ==== dhcp3: 3.1.3-2ubuntu3.3 => 3.1.3-2ubuntu3.4 ==== ==== dhcp3-common dhcp3-client * debian/dhclient-script.linux: Explicitly set the PATH to that of ENV_SUPATH in /etc/login.defs and unset various other variables. We need to do this so /sbin/dhclient cannot abuse the environment to escape AppArmor confinement via this script. Don't worry about debian/dhclient-script.udeb or debian/dhclient-script.kfreebsd since AppArmor isn't used in these environments. - LP: #1045986 * debian/patches/adjust-configure-for-linux3.dpatch: default to linux-2.2 for 3.0+ kernels ==== freetype: 2.3.11-1ubuntu2.6 => 2.3.11-1ubuntu2.7 ==== ==== libfreetype6 * SECURITY UPDATE: denial of service and possible code execution via NULL pointer dereference - debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case of allocation error in src/bdf/bdflib.c. - CVE-2012-5668 * SECURITY UPDATE: denial of service and possible code execution via heap buffer over-read in BDF parsing - debian/patches-freetype/CVE-2012-5669.patch: use correct array size in src/bdf/bdflib.c. - CVE-2012-5669 ==== linux-ec2: 2.6.32-347.53 => 2.6.32-350.59 ==== ==== linux-image-2.6.32-350-ec2 [ Stefan Bader ] * Rebased to Ubuntu-2.6.32-45.102 * Release Tracking Bug - LP: #1095803 [ Ubuntu: 2.6.32-45.102 ] * SAUCE: exec: do not leave bprm->interp on stack - LP: #1068888 - CVE-2012-4530 * exec: use -ELOOP for max recursion depth - LP: #1068888 - CVE-2012-4530 [ Stefan Bader ] * Rebased to Ubuntu-2.6.32-45.101 * Release Tracking Bug - LP: #1086183 [ Ubuntu: 2.6.32-45.101 ] * ipv6: discard overlapping fragment - LP: #1079859 - CVE-2012-4444 [ Stefan Bader ] * Rebased to Ubuntu-2.6.32-45.100 * Release Tracking Bug - LP: #1078882 [ Ubuntu: 2.6.32-45.100 ] * eCryptfs: check for eCryptfs cipher support at mount - LP: #338914 * net: fix divide by zero in tcp algorithm illinois - LP: #1077091 - CVE-2012-4565 [ Stefan Bader ] * Rebased to Ubuntu-2.6.32-45.99 * SAUCE: XEN: Pull in RDRAND changes - LP: #1064480 * SAUCE: XEN: Backport pgd_lock fixes - LP: #1064480 * Release Tracking Bug - LP: #1068278 [ Ubuntu: 2.6.32-45.99 ] * SAUCE: omnibook: Expose PWD for standalone builds - LP: #505420 * Revert "xfs: Fix possible memory corruption in xfs_readlink, CVE-2011-4077" - LP: #1064480 * UBUNTU SAUCE: apparmor: fix IRQ stack overflow - LP: #1056078 * net/9p: fix virtio transport to correctly update status on connect - LP: #676823 * 9p: Fix the kernel crash on a failed mount - LP: #676823 * netxen: support for GbE port settings - LP: #1064480 * Fix sparc build with newer tools. - LP: #1064480 * powerpc/pmac: Fix SMP kernels on pre-core99 UP machines - LP: #1064480 * Bluetooth: btusb: fix bInterval for high/super speed isochronous endpoints - LP: #1064480 * fix pgd_lock deadlock - LP: #1064480 * futex: Fix uninterruptible loop due to gate_area - LP: #1064480 * time: Improve sanity checking of timekeeping inputs - LP: #1064480 * time: Avoid making adjustments if we haven't accumulated anything - LP: #1064480 * time: Move ktime_t overflow checking into timespec_valid_strict - LP: #1064480 * drm/i915: Attempt to fix watermark setup on 85x (v2) - LP: #1064480 * ioat2: kill pending flag - LP: #1064480 * usb: Fix deadlock in hid_reset when Dell iDRAC is reset - LP: #1064480 * oprofile: use KM_NMI slot for kmap_atomic - LP: #1064480 * tty_audit: fix tty_audit_add_data live lock on audit disabled - LP: #1064480 * bonding: 802.3ad - fix agg_device_up - LP: #1064480 * usbnet: increase URB reference count before usb_unlink_urb - LP: #1064480 * usbnet: don't clear urb->dev in tx_complete - LP: #1064480 * sched: Fix signed unsigned comparison in check_preempt_tick() - LP: #1064480 * x86/PCI: amd: factor out MMCONFIG discovery - LP: #1064480 * PNP: fix "work around Dell 1536/1546 BIOS MMCONFIG bug that breaks USB" - LP: #1064480 * KVM: x86: disallow multiple KVM_CREATE_IRQCHIP - LP: #1064480 * KVM: ia64: fix build due to typo - LP: #1064480 * xfs: Fix possible memory corruption in xfs_readlink - LP: #1064480 * xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink() - LP: #1064480 * dl2k: use standard #defines from mii.h. - LP: #1064480 * tcp: Don't change unlocked socket state in tcp_v4_err(). - LP: #1064480 * x86: Derandom delay_tsc for 64 bit - LP: #1064480 * ipsec: be careful of non existing mac headers - LP: #1064480 * block, sx8: fix pointer math issue getting fw version - LP: #1064480 * nilfs2: fix NULL pointer dereference in nilfs_load_super_block() - LP: #1064480 * USB: ftdi_sio: fix problem when the manufacture is a NULL string - LP: #1064480 * ntp: Fix integer overflow when setting time - LP: #1064480 * SUNRPC: We must not use list_for_each_entry_safe() in rpc_wake_up() - LP: #1064480 * ext4: check for zero length extent - LP: #1064480 * xfs: Fix oops on IO error during xlog_recover_process_iunlinks() - LP: #1064480 * nfsd: don't allow zero length strings in cache_parse() - LP: #1064480 * sched/x86: Fix overflow in cyc2ns_offset - LP: #1064480 * Bluetooth: add NULL pointer check in HCI - LP: #1064480 * Bluetooth: hci_ldisc: fix NULL-pointer dereference on tty_close - LP: #1064480 * sparc64: Fix bootup crash on sun4v. - LP: #1064480 * video:uvesafb: Fix oops that uvesafb try to execute NX-protected page - LP: #1064480 * USB: serial: fix race between probe and open - LP: #1064480 * xhci: Don't write zeroed pointers to xHC registers. - LP: #1064480 * xHCI: Correct the #define XHCI_LEGACY_DISABLE_SMI - LP: #1064480 * crypto: sha512 - Fix byte counter overflow in SHA-512 - LP: #1064480 * PCI: Add quirk for still enabled interrupts on Intel Sandy Bridge GPUs - LP: #1064480 * phonet: Check input from user before allocating - LP: #1064480 * netlink: fix races after skb queueing - LP: #1064480 * net: fix a race in sock_queue_err_skb() - LP: #1064480 * atl1: fix kernel panic in case of DMA errors - LP: #1064480 * net/ethernet: ks8851_mll fix rx frame buffer overflow - LP: #1064480 * net_sched: gred: Fix oops in gred_dump() in WRED mode - LP: #1064480 * ARM: 7410/1: Add extra clobber registers for assembly in kernel_execve - LP: #1064480 * netem: fix possible skb leak - LP: #1064480 * ALSA: echoaudio: Remove incorrect part of assertion - LP: #1064480 * NFSv4: Revalidate uid/gid after open - LP: #1064480 * ext3: Fix error handling on inode bitmap corruption - LP: #1064480 * ext4: fix error handling on inode bitmap corruption - LP: #1064480 * xhci: Reset reserved command ring TRBs on cleanup. - LP: #1064480 * SCSI: fix scsi_wait_scan - LP: #1064480 * powerpc: Fix kernel panic during kernel module load - LP: #1064480 * fuse: fix stat call on 32 bit platforms - LP: #1064480 * udf: Improve table length check to avoid possible overflow - LP: #1064480 * stable: Allow merging of backports for serious user-visible performance issues - LP: #1064480 * eCryptfs: Properly check for O_RDONLY flag before doing privileged open - LP: #1064480 * USB: cdc-wdm: fix lockup on error in wdm_read - LP: #1064480 * ntp: Fix STA_INS/DEL clearing bug - LP: #1064480 * MIPS: Properly align the .data..init_task section. - LP: #1064480 * powerpc/ftrace: Fix assembly trampoline register usage - LP: #1064480 * powerpc: Add "memory" attribute for mfmsr() - LP: #1064480 * SCSI: libsas: continue revalidation - LP: #1064480 * SCSI: libsas: fix sas_discover_devices return code handling - LP: #1064480 * SCSI: fix eh wakeup (scsi_schedule_eh vs scsi_restart_operations) - LP: #1064480 * SCSI: Avoid dangling pointer in scsi_requeue_command() - LP: #1064480 * usbdevfs: Correct amount of data copied to user in processcompl_compat - LP: #1064480 * locks: fix checking of fcntl_setlease argument - LP: #1064480 * ACPI/AC: prevent OOPS on some boxes due to missing check power_supply_register() return value check - LP: #1064480 * Btrfs: call the ordered free operation without any locks held - LP: #1064480 * nfsd4: our filesystems are normally case sensitive - LP: #1064480 * ext4: don't let i_reserved_meta_blocks go negative - LP: #1064480 * sctp: Fix list corruption resulting from freeing an association on a list - LP: #1064480 * cipso: don't follow a NULL pointer when setsockopt() is called - LP: #1064480 * wanmain: comparing array with NULL - LP: #1064480 * USB: kaweth.c: use GFP_ATOMIC under spin_lock - LP: #1064480 * tcp: perform DMA to userspace only if there is a task waiting for it - LP: #1064480 * net/tun: fix ioctl() based info leaks - LP: #1064480 * USB: echi-dbgp: increase the controller wait time to come out of halt. - LP: #1064480 * ALSA: mpu401: Fix missing initialization of irq field - LP: #1064480 * futex: Test for pi_mutex on fault in futex_wait_requeue_pi() - LP: #1064480 * futex: Fix bug in WARN_ON for NULL q.pi_state - LP: #1064480 * futex: Forbid uaddr == uaddr2 in futex_wait_requeue_pi() - LP: #1064480 * pcdp: use early_ioremap/early_iounmap to access pcdp table - LP: #1064480 * mm: mmu_notifier: fix freed page still mapped in secondary MMU - LP: #1064480 * fuse: verify all ioctl retry iov elements - LP: #1064480 * xhci: Increase reset timeout for Renesas 720201 host. - LP: #1064480 * usb: serial: mos7840: Fixup mos7840_chars_in_buffer() - LP: #1064480 * ALSA: hda - fix Copyright debug message - LP: #1064480 * vfs: missed source of ->f_pos races - LP: #1064480 * NFSv3: Ensure that do_proc_get_root() reports errors correctly - LP: #1064480 * NFS: Alias the nfs module to nfs4 - LP: #1064480 * svcrpc: fix svc_xprt_enqueue/svc_recv busy-looping - LP: #1064480 * svcrpc: sends on closed socket should stop immediately - LP: #1064480 * cciss: fix incorrect scsi status reporting - LP: #1064480 * USB: CDC ACM: Fix NULL pointer dereference - LP: #1064480 * Remove user-triggerable BUG from mpol_to_str - LP: #1064480 * udf: Fix data corruption for files in ICB - LP: #1064480 * ext3: Fix fdatasync() for files with only i_size changes - LP: #1064480 * PARISC: Redefine ATOMIC_INIT and ATOMIC64_INIT to drop the casts - LP: #1064480 * dccp: check ccid before dereferencing - LP: #1064480 * ia64: Add accept4() syscall - LP: #1064480 * tcp: do_tcp_sendpages() must try to push data out on oom conditions - LP: #1064480 * tcp: drop SYN+FIN messages - LP: #1064480 * xen: correctly check for pending events when restoring irq flags - LP: #1064480 * x86, amd, xen: Avoid NULL pointer paravirt references - LP: #1064480 * x86, tls: Off by one limit check - LP: #1064480 * sparc64: Eliminate obsolete __handle_softirq() function - LP: #1064480 * udf: fix retun value on error path in udf_load_logicalvol - LP: #1064480 * mtd: cafe_nand: fix an & vs | mistake - LP: #1064480 * epoll: introduce POLLFREE to flush ->signalfd_wqh before kfree() - LP: #1064480 * epoll: ep_unregister_pollwait() can use the freed pwq->whead - LP: #1064480 * epoll: limit paths - LP: #1064480 * Don't limit non-nested epoll paths - LP: #1064480 * epoll: clear the tfile_check_list on -ELOOP - LP: #1064480 * random: Reorder struct entropy_store to remove padding on 64bits - LP: #1064480 * random: update interface comments to reflect reality - LP: #1064480 * random: simplify fips mode - LP: #1064480 * x86, cpu: Add CPU flags for F16C and RDRND - LP: #1064480 * x86, cpufeature: Update CPU feature RDRND to RDRAND - LP: #1064480 * random: Add support for architectural random hooks - LP: #1064480 * x86, random: Architectural inlines to get random integers with RDRAND - LP: #1064480 * x86, random: Verify RDRAND functionality and allow it to be disabled - LP: #1064480 * fix typo/thinko in get_random_bytes() - LP: #1064480 * random: Use arch_get_random_int instead of cycle counter if avail - LP: #1064480 * random: Use arch-specific RNG to initialize the entropy store - LP: #1064480 * random: Adjust the number of loops when initializing - LP: #1064480 * drivers/char/random.c: fix boot id uniqueness race - LP: #1064480 * random: make 'add_interrupt_randomness()' do something sane - LP: #1064480 * random: use lockless techniques in the interrupt path - LP: #1064480 * random: create add_device_randomness() interface - LP: #1064480 * random: use the arch-specific rng in xfer_secondary_pool - LP: #1064480 * random: add new get_random_bytes_arch() function - LP: #1064480 * random: mix in architectural randomness in extract_buf() - LP: #1064480 * MAINTAINERS: Theodore Ts'o is taking over the random driver - LP: #1064480 * usb: feed USB device information to the /dev/random driver - LP: #1064480 * net: feed /dev/random with the MAC address when registering a device - LP: #1064480 * random: remove rand_initialize_irq() - LP: #1064480 * random: Add comment to random_initialize() - LP: #1064480 * rtc: wm831x: Feed the write counter into device_add_randomness() - LP: #1064480 * mfd: wm831x: Feed the device UUID into device_add_randomness() - LP: #1064480 * dmi: Feed DMI table to /dev/random driver - LP: #1064480 * Linux 2.6.32.60 - LP: #1064480 [ Stefan Bader ] * Revert "SAUCE: EC2: Backport changes to limit GSO segments" - LP: #1037456 - CVE-2012-3412 * Rebased to Ubuntu-2.6.32-44.98 * Release Tracking Bug - LP: #1056081 [ Ubuntu: 2.6.32-44.98 ] * SAUCE: drm/vmwgfx: add MODULE_DEVICE_TABLE so vmwgfx loads at boot - LP: #1039157 * Revert "sfc: Fix maximum number of TSO segments and minimum TX queue size" - LP: #1037456 - CVE-2012-3412 * Revert "sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE" - LP: #1037456 - CVE-2012-3412 * Revert "tcp: Apply device TSO segment limit earlier" - LP: #1037456 - CVE-2012-3412 * Revert "tcp: do not scale TSO segment size with reordering degree" - LP: #1037456 - CVE-2012-3412 * Revert "net: Allow driver to limit number of GSO segments per skb" - LP: #1037456 - CVE-2012-3412 * cred: copy_process() should clear child->replacement_session_keyring - LP: #1023535 - CVE-2012-2745 * KVM: Change irq routing table to use gsi indexed array - LP: #1016298 - CVE-2012-2137 * KVM: Fix buffer overflow in kvm_set_irq() - LP: #1016298 - CVE-2012-2137 * xen: just completely disable XSAVE - LP: #1044550 * xen: Allow PV-OPS kernel to detect whether XSAVE is supported - LP: #1044550 * sfc: Fix maximum number of TSO segments and minimum TX queue size - LP: #1037456 - CVE-2012-3412 [ Stefan Bader ] * Rebased to Ubuntu-2.6.32-43.97 * SAUCE: EC2: Backport changes to limit GSO segments - LP: #1037456 - CVE-2012-3412 * Release Tracking Bug - LP: #1046656 [ Ubuntu: 2.6.32-43.97 ] * rds: set correct msg_namelen - LP: #1031112 - CVE-2012-3430 * eCryptfs: Initialize empty lower files when opening them - LP: #911507 * net: Allow driver to limit number of GSO segments per skb - LP: #1037456 - CVE-2012-3412 * tcp: do not scale TSO segment size with reordering degree - LP: #1037456 - CVE-2012-3412 * tcp: Apply device TSO segment limit earlier - LP: #1037456 - CVE-2012-3412 * sfc: Replace some literal constants with EFX_PAGE_SIZE/EFX_BUF_SIZE - LP: #1037456 - CVE-2012-3412 * sfc: Fix maximum number of TSO segments and minimum TX queue size - LP: #1037456 - CVE-2012-3412 * mm: Hold a file reference in madvise_remove - LP: #1042447 - CVE-2012-3511 * ulimit: raise default hard ulimit on number of files to 4096 - LP: #663090 ==== libcap2: 1:2.17-2ubuntu1 => 1:2.17-2ubuntu1.1 ==== ==== libcap2 * debian/patches/0002-link-pam.patch: link pam_cap against -lpam. (Closes: #591410) (LP: #582769) ==== glib2.0: 2.24.1-0ubuntu1 => 2.24.1-0ubuntu2 ==== ==== libglib2.0-0 * debian/patches/90-context-unlock.patch (LP: #887946): - gmain: move finalization of GSource outside of context lock ==== python2.6: 2.6.5-1ubuntu6 => 2.6.5-1ubuntu6.1 ==== ==== libpython2.6 python2.6 python2.6-minimal * SECURITY UPDATE: fix hash randomization DoS - debian/patches/CVE-2012-1150.dpatch: add -R command-line option and PYTHONHASHSEED environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types. - CVE-2012-1150 * SECURITY UPDATE: xmlrpc: Fix an endless loop in SimpleXMLRPCServer upon malformed POST request - debian/patches/CVE-2012-0845.dpatch: break if don't receive EOF in Lib/SimpleXMLRPCServer.py - CVE-2012-0845 * SECURE UPDATE: http://bugs.python.org/issue13512 - debian/patches/CVE-2011-4944.dpatch: create ~/.pypirc securely - CVE-2011-4944 * SECURITY UPDATE: Fix CGIHTTPServer information disclosure. - debian/patches/CVE-2011-1015.dpatch: Relative paths are now collapsed within the url properly before looking in cgi_directories. - CVE-2011-1015 * SECURITY UPDATE: fix XSS in SimpleHTTPServer - debian/patches/CVE-2011-4940.dpatch: add a charset parameter to the Content-type - CVE-2011-4940 * SECURITY UPDATE: update urllib and urllib2 for invalid redirections - debian/patches/CVE-2011-1521.dpatch: only process Location headers for http, https, and ftp - http://bugs.python.org/issue11662 - CVE-2011-1521 * SECURITY UPDATE: fix DoS in smtpd.py - debian/patches/CVE-2010-3493.dpatch: adds proper error handling on accept() when smtpd accepts new incoming connections - http://bugs.python.org/issue9129 - CVE-2010-3493 * SECURITY UPDATE: fix DoS in audioop module - debian/patches/CVE-2010-2089.dpatch: ensure that the input string length is a multiple of the frame size - CVE-2010-2089 * SECURITY UPDATE: fix integer overflows in audioop module - debian/patches/CVE-2010-1634.dpatch: Fix incorrect and UB-inducing overflow checks - CVE-2010-1634 * SECURITY UPDATE: optionally disallow setting sys.path when setting sys.argv - debian/patches/CVE-2008-5983.dpatch: add new C API function, PySys_SetArgvEx - CVE-2008-5983 ==== landscape-client: 12.05-0ubuntu0.10.04 => 12.05-0ubuntu1.10.04 ==== ==== landscape-client landscape-common * Added fix for lshw storm when the client was talking to an old Landscape server which was then upgraded (LP: #1053057). ==== dpkg: 1.15.5.6ubuntu4.5 => 1.15.5.6ubuntu4.6 ==== ==== dpkg * Cherry-pick fixes for sync() behaviour in dpkg (LP: #624877): - Disable by default usage of synchronous sync(2), as it causes undesired I/O on unrelated file systems. Closes: #588339, #595927, #600075 - On Linux use sync_file_range() to initiate asynchronous writeback of just unpacked files. Suggested by Ted Ts'o . Thanks to Jonathan Nieder . Closes: #605009 ==== dbus: 1.2.16-2ubuntu4.3 => 1.2.16-2ubuntu4.7 ==== ==== libdbus-1-3 dbus * REGRESSION FIX: some applications launched with the activation helper may need DBUS_STARTER_ADDRESS. (LP: #1058343) - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the starter address to the default system bus address. * REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390) - debian/libdbus-1-3.postinst: trigger an upstart re-exec before shutdown or reboot so that it can safely unmount the root filesystem. * SECURITY UPDATE: privilege escalation via unsanitized environment - debian/patches/CVE-2012-3524-dbus.patch: Don't access environment variables or run dbus-launch when setuid in configure.in, dbus/dbus-keyring.c, dbus/dbus-sysdeps* - CVE-2012-3524 ==== gnupg: 1.4.10-2ubuntu1 => 1.4.10-2ubuntu1.2 ==== ==== gpgv gnupg-curl gnupg * SECURITY UPDATE: keyring corruption via malformed key import - debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c. - CVE-2012-6085 * debian/patches/long-keyids.dpatch: Use the longest key ID available when requesting a key from a key server. -- [1] http://cloud-images.ubuntu.com/releases/lucid/release-20130124/ [2] http://cloud-images.ubuntu.com/releases/lucid/release-20120913/ [3] http://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_2.6.32-42.96/changelog [4] http://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_2.6.32-45.102/changelog