← Back to team overview

kernel-packages team mailing list archive

[Bug 1188356] Re: CVE-2013-2148

 

This bug was fixed in the package linux-ti-omap4 - 3.5.0-231.47

---------------
linux-ti-omap4 (3.5.0-231.47) quantal; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1212046

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.5.0-39.60

  [ Upstream Kernel Changes ]

  * Revert "veth: avoid a NULL deref in veth_stats_one"
  * Revert "veth: extend device features"
  * Revert "veth: reduce stat overhead"

linux-ti-omap4 (3.5.0-230.44) quantal; urgency=low

  * Fixup the upload package changelog

linux-ti-omap4 (3.5.0-230.43) quantal; urgency=low

  * Release Tracking Bug
    - LP: #1205673

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.5.0-38.59

  [ Ubuntu: 3.5.0-38.59 ]

  * Release Tracking Bug
    - LP: #1205440
  * hp-wmi: add more definitions for new event_id's
    - LP: #1152458
  * MFD: rtsx_pcr: Fix probe fail path
    - LP: #1201321
  * mfd: rtsx: Add support for RTL8411B
    - LP: #1201321
  * veth: reduce stat overhead
    - LP: #1201869
  * veth: extend device features
    - LP: #1201869
  * veth: avoid a NULL deref in veth_stats_one
    - LP: #1201869
  * Input: elantech - fix for newer hardware versions (v7)
    - LP: #1166442
  * zram: avoid invalid memory access in zram_exit()
    - LP: #1204600
  * zram: use zram->lock to protect zram_free_page() in swap free notify
    path
    - LP: #1204600
  * zram: destroy all devices on error recovery path in zram_init()
    - LP: #1204600
  * zram: avoid double free in function zram_bvec_write()
    - LP: #1204600
  * zram: avoid access beyond the zram device
    - LP: #1204600
  * zram: protect sysfs handler from invalid memory access
    - LP: #1204600
  * pcmcia: at91_cf: fix gpio_get_value in at91_cf_get_status
    - LP: #1204600
  * usb: gadget: f_mass_storage: add missing memory barrier for
    thread_wakeup_needed
    - LP: #1204600
  * cgroup: fix umount vs cgroup_event_remove() race
    - LP: #1204600
  * xhci: check for failed dma pool allocation
    - LP: #1204600
  * usb: host: xhci-plat: release mem region while removing module
    - LP: #1204600
  * USB: option,qcserial: move Novatel Gobi1K IDs to qcserial
    - LP: #1204600
  * x86: Fix /proc/mtrr with base/size more than 44bits
    - LP: #1204600
  * genirq: Fix can_request_irq() for IRQs without an action
    - LP: #1204600
  * jbd2: move superblock checksum calculation to jbd2_write_superblock()
    - LP: #1204600
  * ext3,ext4: don't mess with dir_file->f_pos in htree_dirblock_to_tree()
    - LP: #1204600
  * jbd2: fix theoretical race in jbd2__journal_restart
    - LP: #1204600
  * cgroup: fix umount vs cgroup_cfts_commit() race
    - LP: #1204600
  * tracing: Use current_uid() for critical time tracing
    - LP: #1204600
  * ahci: Add AMD CZ SATA device ID
    - LP: #1204600
  * i2c-piix4: Add AMD CZ SMBus device ID
    - LP: #1204600
  * ahci: remove pmp link online check in FBS EH
    - LP: #1204600
  * libata: skip SRST for all SIMG [34]7x port-multipliers
    - LP: #1204600
  * ASoC: wm8962: Remove remaining direct register cache accesses
    - LP: #1204600
  * ACPICA: Do not use extended sleep registers unless HW-reduced bit is
    set
    - LP: #1204600
  * ALSA: hda - Cache the MUX selection for generic HDMI
    - LP: #1204600
  * ata_piix: IDE-mode SATA patch for Intel Coleto Creek DeviceIDs
    - LP: #1204600
  * ahci: AHCI-mode SATA patch for Intel Coleto Creek DeviceIDs
    - LP: #1204600
  * ARM: 7765/1: perf: Record the user-mode PC in the call chain.
    - LP: #1204600
  * Handle big endianness in NTLM (ntlmv2) authentication
    - LP: #1204600
  * xen/time: remove blocked time accounting from xen "clockchip"
    - LP: #1204600
  * drivers/dma/pl330.c: fix locking in pl330_free_chan_resources()
    - LP: #1204600
  * ocfs2: xattr: fix inlined xattr reflink
    - LP: #1204600
  * block: do not pass disk names as format strings
    - LP: #1204600
    - CVE-2013-2851
  * crypto: sanitize argument for format string
    - LP: #1204600
  * mm/memory-hotplug: fix lowmem count overflow when offline pages
    - LP: #1204600
  * drivers/rtc/rtc-rv3029c2.c: fix disabling AIE irq
    - LP: #1204600
  * nbd: correct disconnect behavior
    - LP: #1204600
  * netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond packet boundary
    - LP: #1204600
  * netfilter: ipt_ULOG: fix non-null terminated string in the nf_log path
    - LP: #1204600
  * netfilter: add nf_ipv6_ops hook to fix xt_addrtype with IPv6
    - LP: #1204600
  * netfilter: xt_LOG: fix mark logging for IPv6 packets
    - LP: #1204600
  * ipvs: info leak in __ip_vs_get_dest_entries()
    - LP: #1204600
  * netfilter: nfnetlink_cttimeout: fix incomplete dumping of objects
    - LP: #1204600
  * netfilter: nfnetlink_acct: fix incomplete dumping of objects
    - LP: #1204600
  * netfilter: xt_TCPMSS: Fix violation of RFC879 in absence of MSS option
    - LP: #1204600
  * netfilter: xt_TCPOPTSTRIP: don't use tcp_hdr()
    - LP: #1204600
  * netfilter: xt_TCPMSS: Fix missing fragmentation handling
    - LP: #1204600
  * netfilter: xt_TCPMSS: Fix IPv6 default MSS too
    - LP: #1204600
  * ipvs: SCTP ports should be writable in ICMP packets
    - LP: #1204600
  * zfcp: fix adapter (re)open recovery while link to SAN is down
    - LP: #1204600
  * zfcp: block queue limits with data router
    - LP: #1204600
  * zfcp: status read buffers on first adapter open with link down
    - LP: #1204600
  * mpt2sas: Fix for issue Missing delay not getting set during system
    bootup
    - LP: #1204600
  * mpt2sas: Fix for max_sectors warning message is stating the incorrect
    range
    - LP: #1204600
  * mpt2sas: Fix for device scan following host reset could get stuck in a
    infinite loop
    - LP: #1204600
  * mpt2sas: fix firmware failure with wrong task attribute
    - LP: #1204600
  * sd: Fix parsing of 'temporary ' cache mode prefix
    - LP: #1204600
  * aacraid: Fix for arrays are going offline in the system. System hangs
    - LP: #1204600
  * powerpc/smp: Section mismatch from smp_release_cpus to __initdata
    spinning_secondaries
    - LP: #1204600
  * md/raid10: fix two bugs affecting RAID10 reshape.
    - LP: #1204600
  * hpfs: better test for errors
    - LP: #1204600
  * timer: Fix jiffies wrap behavior of round_jiffies_common()
    - LP: #1204600
  * tick: Prevent uncontrolled switch to oneshot mode
    - LP: #1204600
  * ext3: fix data=journal fast mount/umount hang
    - LP: #1204600
  * PCI: Fix refcount issue in pci_create_root_bus() error recovery path
    - LP: #1204600
  * b43: ensue that BCMA is "y" when B43 is "y"
    - LP: #1204600
  * ath9k: fill channel mode in caldata
    - LP: #1204600
  * ath9k_hw: Assign default xlna config for AR9485
    - LP: #1204600
  * ath9k_hw: Remove CHANNEL_CW_INT
    - LP: #1204600
  * ath9k: Fix noisefloor calibration
    - LP: #1204600
  * ath9k: Do not assign noise for NULL caldata
    - LP: #1204600
  * iwlwifi: pcie: wake the queue if stopped when being unmapped
    - LP: #1204600
  * rtlwifi: rtl8192cu: Add new USB ID for TP-Link TL-WN8200ND
    - LP: #1204600
  * rt2x00: read 5GHz TX power values from the correct offset
    - LP: #1204600
  * vgacon.c: add cond reschedule points in vgacon_do_font_op
    - LP: #1204600
  * drm/mgag200: Reject modes that are too big for VRAM
    - LP: #1204600
  * drm/mgag200: Added resolution and bandwidth limits for various G200e
    products.
    - LP: #1204600
  * libceph: Fix NULL pointer dereference in auth client code
    - LP: #1204600
    - CVE-2013-1059
  * rtlwifi: rtl8192cu: Fix duplicate if test
    - LP: #1204600
  * ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs
    - LP: #1204600
  * ext4: fix overflow when counting used blocks on 32-bit architectures
    - LP: #1204600
  * vgacon: fix missing include.
    - LP: #1204600
  * drivers/cdrom/cdrom.c: use kzalloc() for failing hardware
    - LP: #1204600
  * efi_pstore: Check remaining space with QueryVariableInfo() before
    writing data
    - LP: #1204600
  * efivars: Disable external interrupt while holding efivars->lock
    - LP: #1204600
  * efi: be more paranoid about available space when creating variables
    - LP: #1204600
  * x86, efivars: firmware bug workarounds should be in platform code
    - LP: #1204600
  * efi: Export efi_query_variable_store() for efivars.ko
    - LP: #1204600
  * x86,efi: Check max_size only if it is non-zero.
    - LP: #1204600
  * x86,efi: Implement efi_no_storage_paranoia parameter
    - LP: #1204600
  * Modify UEFI anti-bricking code
    - LP: #1204600
  * x86/efi: Fix dummy variable buffer allocation
    - LP: #1204600
  * printk: Fix rq->lock vs logbuf_lock unlock lock inversion
    - LP: #1204600
  * charger-manager: Ensure event is not used as format string
    - LP: #1204600
  * iommu/amd: Only unmap large pages from the first pte
    - LP: #1204600
  * Linux 3.5.7.17
    - LP: #1204600
  * fanotify: info leak in copy_event_to_user()
    - LP: #1188356
    - CVE-2013-2148
 -- Brad Figg <brad.figg@xxxxxxxxxxxxx>   Thu, 15 Aug 2013 10:03:42 -0700

** Changed in: linux-ti-omap4 (Ubuntu Saucy)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1059

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2851

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1188356

Title:
  CVE-2013-2148

Status in “linux” package in Ubuntu:
  Invalid
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-natty” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-oneiric” package in Ubuntu:
  Invalid
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Fix Released
Status in “linux” source package in Lucid:
  Invalid
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  Invalid
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  Invalid
Status in “linux-lts-backport-natty” source package in Lucid:
  Invalid
Status in “linux-lts-backport-oneiric” source package in Lucid:
  Invalid
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Fix Committed
Status in “linux-armadaxp” source package in Precise:
  Fix Committed
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  Invalid
Status in “linux-lts-backport-natty” source package in Precise:
  Invalid
Status in “linux-lts-backport-oneiric” source package in Precise:
  Invalid
Status in “linux-lts-quantal” source package in Precise:
  Fix Committed
Status in “linux-lts-raring” source package in Precise:
  Fix Committed
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  Fix Committed
Status in “linux” source package in Quantal:
  Fix Committed
Status in “linux-armadaxp” source package in Quantal:
  Fix Committed
Status in “linux-ec2” source package in Quantal:
  Invalid
Status in “linux-fsl-imx51” source package in Quantal:
  Invalid
Status in “linux-lts-backport-maverick” source package in Quantal:
  Invalid
Status in “linux-lts-backport-natty” source package in Quantal:
  Invalid
Status in “linux-lts-backport-oneiric” source package in Quantal:
  Invalid
Status in “linux-lts-quantal” source package in Quantal:
  Invalid
Status in “linux-lts-raring” source package in Quantal:
  Invalid
Status in “linux-mvl-dove” source package in Quantal:
  Invalid
Status in “linux-ti-omap4” source package in Quantal:
  Fix Committed
Status in “linux” source package in Raring:
  Fix Committed
Status in “linux-armadaxp” source package in Raring:
  Invalid
Status in “linux-ec2” source package in Raring:
  Invalid
Status in “linux-fsl-imx51” source package in Raring:
  Invalid
Status in “linux-lts-backport-maverick” source package in Raring:
  Invalid
Status in “linux-lts-backport-natty” source package in Raring:
  Invalid
Status in “linux-lts-backport-oneiric” source package in Raring:
  Invalid
Status in “linux-lts-quantal” source package in Raring:
  Invalid
Status in “linux-lts-raring” source package in Raring:
  Invalid
Status in “linux-mvl-dove” source package in Raring:
  Invalid
Status in “linux-ti-omap4” source package in Raring:
  Fix Committed
Status in “linux” source package in Saucy:
  Invalid
Status in “linux-armadaxp” source package in Saucy:
  Invalid
Status in “linux-ec2” source package in Saucy:
  Invalid
Status in “linux-fsl-imx51” source package in Saucy:
  Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
  Invalid
Status in “linux-lts-backport-natty” source package in Saucy:
  Invalid
Status in “linux-lts-backport-oneiric” source package in Saucy:
  Invalid
Status in “linux-lts-quantal” source package in Saucy:
  Invalid
Status in “linux-lts-raring” source package in Saucy:
  Invalid
Status in “linux-mvl-dove” source package in Saucy:
  Invalid
Status in “linux-ti-omap4” source package in Saucy:
  Fix Released

Bug description:
  The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c
  in the Linux kernel through 3.9.4 does not initialize a certain
  structure member, which allows local users to obtain sensitive
  information from kernel memory via a read operation on the fanotify
  descriptor.

  Break-Fix: 62731fa0c893515dc6cbc3e0a2879a92793c735f
  de1e0c40aceb9d5bff09c3a3b97b2f1b178af53f

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1188356/+subscriptions