Comment 4 for bug 491301

This bug was fixed in the package linux - 2.6.31-16.52

---------------
linux (2.6.31-16.52) karmic-security; urgency=low

  [ Leann Ogasawara ]

  * [SCSI] megaraid_sas: remove sysfs poll_mode_io world writeable
    permissions
    - CVE-2009-3939

  [ Upstream Kernel Changes ]

  * fs: pipe.c null pointer dereference
    - CVE-2009-3547
  * netlink: fix typo in initialization
    - CVE-2009-3612
  * drm/r128: Add test for initialisation to all ioctls that require it
    - CVE-2009-3620
  * AF_UNIX: Fix deadlock on connecting to shutdown socket
    - CVE-2009-3621
  * nfsd4: use common rpc_cred for all callbacks
    - CVE-2009-3623
  * KEYS: get_instantiation_keyring() should inc the keyring refcount in
    all cases
    - CVE-2009-3624
  * connector: Keep the skb in cn_callback_data
    - CVE-2009-3725
  * connector: Provide the sender's credentials to the callback
    - CVE-2009-3725
  * connector: Fix incompatible pointer type warning
    - CVE-2009-3725
  * uvesafb/connector: Disallow unpliviged users to send netlink packets
    - CVE-2009-3725
  * pohmelfs/connector: Disallow unpliviged users to configure pohmelfs
    - CVE-2009-3725
  * dst/connector: Disallow unpliviged users to configure dst
    - CVE-2009-3725
  * dm/connector: Only process connector packages from privileged processes
    - CVE-2009-3725
  * NOMMU: Don't pass NULL pointers to fput() in do_mmap_pgoff()
    - CVE-2009-3888
  * isdn: hfc_usb: Fix read buffer overflow
    - CVE-2009-4005
  * gdth: Prevent negative offsets in ioctl CVE-2009-3080
    - CVE-2009-3080
  * mac80211: fix spurious delBA handling
    - LP: #491301
  * mac80211: fix two remote exploits
    - LP: #491301
  * ipv4: additional update of dev_net(dev) to struct *net in ip_fragment.c
    - LP: #491301
 -- Leann Ogasawara <email address hidden> Mon, 23 Nov 2009 13:57:30 -0800