kernel-packages team mailing list archive

Thread
Date

[Bug 706149] Re: CVE-2010-4074

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Mathew Hodson <mathew.hodson@xxxxxxxxx>
Date: Thu, 12 Feb 2015 07:07:36 -0000
Reply-to: Bug 706149 <706149@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4249

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/706149

Title:
  CVE-2010-4074

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Lucid:
  Fix Released
Status in linux source package in Maverick:
  Fix Released
Status in linux source package in Natty:
  Fix Released
Status in linux source package in Dapper:
  Invalid
Status in linux source package in Hardy:
  Fix Released
Status in linux source package in Karmic:
  Fix Released

Bug description:
  The USB subsystem in the Linux kernel before 2.6.36-rc5 does not
  properly initialize certain structure members, which allows local
  users to obtain potentially sensitive information from kernel stack
  memory via vectors related to TIOCGICOUNT ioctl calls, and the (1)
  mos7720_ioctl function in drivers/usb/serial/mos7720.c and (2)
  mos7840_ioctl function in drivers/usb/serial/mos7840.c.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/706149/+subscriptions