kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #08222
[Bug 1188356] Re: CVE-2013-2148
This bug was fixed in the package linux-ti-omap4 - 3.5.0-231.47
---------------
linux-ti-omap4 (3.5.0-231.47) quantal; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #1212046
[ Paolo Pisati ]
* rebased on Ubuntu-3.5.0-39.60
[ Upstream Kernel Changes ]
* Revert "veth: avoid a NULL deref in veth_stats_one"
* Revert "veth: extend device features"
* Revert "veth: reduce stat overhead"
linux-ti-omap4 (3.5.0-230.44) quantal; urgency=low
* Fixup the upload package changelog
linux-ti-omap4 (3.5.0-230.43) quantal; urgency=low
* Release Tracking Bug
- LP: #1205673
[ Paolo Pisati ]
* rebased on Ubuntu-3.5.0-38.59
[ Ubuntu: 3.5.0-38.59 ]
* Release Tracking Bug
- LP: #1205440
* hp-wmi: add more definitions for new event_id's
- LP: #1152458
* MFD: rtsx_pcr: Fix probe fail path
- LP: #1201321
* mfd: rtsx: Add support for RTL8411B
- LP: #1201321
* veth: reduce stat overhead
- LP: #1201869
* veth: extend device features
- LP: #1201869
* veth: avoid a NULL deref in veth_stats_one
- LP: #1201869
* Input: elantech - fix for newer hardware versions (v7)
- LP: #1166442
* zram: avoid invalid memory access in zram_exit()
- LP: #1204600
* zram: use zram->lock to protect zram_free_page() in swap free notify
path
- LP: #1204600
* zram: destroy all devices on error recovery path in zram_init()
- LP: #1204600
* zram: avoid double free in function zram_bvec_write()
- LP: #1204600
* zram: avoid access beyond the zram device
- LP: #1204600
* zram: protect sysfs handler from invalid memory access
- LP: #1204600
* pcmcia: at91_cf: fix gpio_get_value in at91_cf_get_status
- LP: #1204600
* usb: gadget: f_mass_storage: add missing memory barrier for
thread_wakeup_needed
- LP: #1204600
* cgroup: fix umount vs cgroup_event_remove() race
- LP: #1204600
* xhci: check for failed dma pool allocation
- LP: #1204600
* usb: host: xhci-plat: release mem region while removing module
- LP: #1204600
* USB: option,qcserial: move Novatel Gobi1K IDs to qcserial
- LP: #1204600
* x86: Fix /proc/mtrr with base/size more than 44bits
- LP: #1204600
* genirq: Fix can_request_irq() for IRQs without an action
- LP: #1204600
* jbd2: move superblock checksum calculation to jbd2_write_superblock()
- LP: #1204600
* ext3,ext4: don't mess with dir_file->f_pos in htree_dirblock_to_tree()
- LP: #1204600
* jbd2: fix theoretical race in jbd2__journal_restart
- LP: #1204600
* cgroup: fix umount vs cgroup_cfts_commit() race
- LP: #1204600
* tracing: Use current_uid() for critical time tracing
- LP: #1204600
* ahci: Add AMD CZ SATA device ID
- LP: #1204600
* i2c-piix4: Add AMD CZ SMBus device ID
- LP: #1204600
* ahci: remove pmp link online check in FBS EH
- LP: #1204600
* libata: skip SRST for all SIMG [34]7x port-multipliers
- LP: #1204600
* ASoC: wm8962: Remove remaining direct register cache accesses
- LP: #1204600
* ACPICA: Do not use extended sleep registers unless HW-reduced bit is
set
- LP: #1204600
* ALSA: hda - Cache the MUX selection for generic HDMI
- LP: #1204600
* ata_piix: IDE-mode SATA patch for Intel Coleto Creek DeviceIDs
- LP: #1204600
* ahci: AHCI-mode SATA patch for Intel Coleto Creek DeviceIDs
- LP: #1204600
* ARM: 7765/1: perf: Record the user-mode PC in the call chain.
- LP: #1204600
* Handle big endianness in NTLM (ntlmv2) authentication
- LP: #1204600
* xen/time: remove blocked time accounting from xen "clockchip"
- LP: #1204600
* drivers/dma/pl330.c: fix locking in pl330_free_chan_resources()
- LP: #1204600
* ocfs2: xattr: fix inlined xattr reflink
- LP: #1204600
* block: do not pass disk names as format strings
- LP: #1204600
- CVE-2013-2851
* crypto: sanitize argument for format string
- LP: #1204600
* mm/memory-hotplug: fix lowmem count overflow when offline pages
- LP: #1204600
* drivers/rtc/rtc-rv3029c2.c: fix disabling AIE irq
- LP: #1204600
* nbd: correct disconnect behavior
- LP: #1204600
* netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond packet boundary
- LP: #1204600
* netfilter: ipt_ULOG: fix non-null terminated string in the nf_log path
- LP: #1204600
* netfilter: add nf_ipv6_ops hook to fix xt_addrtype with IPv6
- LP: #1204600
* netfilter: xt_LOG: fix mark logging for IPv6 packets
- LP: #1204600
* ipvs: info leak in __ip_vs_get_dest_entries()
- LP: #1204600
* netfilter: nfnetlink_cttimeout: fix incomplete dumping of objects
- LP: #1204600
* netfilter: nfnetlink_acct: fix incomplete dumping of objects
- LP: #1204600
* netfilter: xt_TCPMSS: Fix violation of RFC879 in absence of MSS option
- LP: #1204600
* netfilter: xt_TCPOPTSTRIP: don't use tcp_hdr()
- LP: #1204600
* netfilter: xt_TCPMSS: Fix missing fragmentation handling
- LP: #1204600
* netfilter: xt_TCPMSS: Fix IPv6 default MSS too
- LP: #1204600
* ipvs: SCTP ports should be writable in ICMP packets
- LP: #1204600
* zfcp: fix adapter (re)open recovery while link to SAN is down
- LP: #1204600
* zfcp: block queue limits with data router
- LP: #1204600
* zfcp: status read buffers on first adapter open with link down
- LP: #1204600
* mpt2sas: Fix for issue Missing delay not getting set during system
bootup
- LP: #1204600
* mpt2sas: Fix for max_sectors warning message is stating the incorrect
range
- LP: #1204600
* mpt2sas: Fix for device scan following host reset could get stuck in a
infinite loop
- LP: #1204600
* mpt2sas: fix firmware failure with wrong task attribute
- LP: #1204600
* sd: Fix parsing of 'temporary ' cache mode prefix
- LP: #1204600
* aacraid: Fix for arrays are going offline in the system. System hangs
- LP: #1204600
* powerpc/smp: Section mismatch from smp_release_cpus to __initdata
spinning_secondaries
- LP: #1204600
* md/raid10: fix two bugs affecting RAID10 reshape.
- LP: #1204600
* hpfs: better test for errors
- LP: #1204600
* timer: Fix jiffies wrap behavior of round_jiffies_common()
- LP: #1204600
* tick: Prevent uncontrolled switch to oneshot mode
- LP: #1204600
* ext3: fix data=journal fast mount/umount hang
- LP: #1204600
* PCI: Fix refcount issue in pci_create_root_bus() error recovery path
- LP: #1204600
* b43: ensue that BCMA is "y" when B43 is "y"
- LP: #1204600
* ath9k: fill channel mode in caldata
- LP: #1204600
* ath9k_hw: Assign default xlna config for AR9485
- LP: #1204600
* ath9k_hw: Remove CHANNEL_CW_INT
- LP: #1204600
* ath9k: Fix noisefloor calibration
- LP: #1204600
* ath9k: Do not assign noise for NULL caldata
- LP: #1204600
* iwlwifi: pcie: wake the queue if stopped when being unmapped
- LP: #1204600
* rtlwifi: rtl8192cu: Add new USB ID for TP-Link TL-WN8200ND
- LP: #1204600
* rt2x00: read 5GHz TX power values from the correct offset
- LP: #1204600
* vgacon.c: add cond reschedule points in vgacon_do_font_op
- LP: #1204600
* drm/mgag200: Reject modes that are too big for VRAM
- LP: #1204600
* drm/mgag200: Added resolution and bandwidth limits for various G200e
products.
- LP: #1204600
* libceph: Fix NULL pointer dereference in auth client code
- LP: #1204600
- CVE-2013-1059
* rtlwifi: rtl8192cu: Fix duplicate if test
- LP: #1204600
* ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs
- LP: #1204600
* ext4: fix overflow when counting used blocks on 32-bit architectures
- LP: #1204600
* vgacon: fix missing include.
- LP: #1204600
* drivers/cdrom/cdrom.c: use kzalloc() for failing hardware
- LP: #1204600
* efi_pstore: Check remaining space with QueryVariableInfo() before
writing data
- LP: #1204600
* efivars: Disable external interrupt while holding efivars->lock
- LP: #1204600
* efi: be more paranoid about available space when creating variables
- LP: #1204600
* x86, efivars: firmware bug workarounds should be in platform code
- LP: #1204600
* efi: Export efi_query_variable_store() for efivars.ko
- LP: #1204600
* x86,efi: Check max_size only if it is non-zero.
- LP: #1204600
* x86,efi: Implement efi_no_storage_paranoia parameter
- LP: #1204600
* Modify UEFI anti-bricking code
- LP: #1204600
* x86/efi: Fix dummy variable buffer allocation
- LP: #1204600
* printk: Fix rq->lock vs logbuf_lock unlock lock inversion
- LP: #1204600
* charger-manager: Ensure event is not used as format string
- LP: #1204600
* iommu/amd: Only unmap large pages from the first pte
- LP: #1204600
* Linux 3.5.7.17
- LP: #1204600
* fanotify: info leak in copy_event_to_user()
- LP: #1188356
- CVE-2013-2148
-- Brad Figg <brad.figg@xxxxxxxxxxxxx> Thu, 15 Aug 2013 10:03:42 -0700
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1188356
Title:
CVE-2013-2148
Status in “linux” package in Ubuntu:
Invalid
Status in “linux-armadaxp” package in Ubuntu:
Invalid
Status in “linux-ec2” package in Ubuntu:
Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
Invalid
Status in “linux-lts-backport-natty” package in Ubuntu:
Invalid
Status in “linux-lts-backport-oneiric” package in Ubuntu:
Invalid
Status in “linux-lts-quantal” package in Ubuntu:
Invalid
Status in “linux-lts-raring” package in Ubuntu:
Invalid
Status in “linux-mvl-dove” package in Ubuntu:
Invalid
Status in “linux-ti-omap4” package in Ubuntu:
Fix Released
Status in “linux” source package in Lucid:
Invalid
Status in “linux-armadaxp” source package in Lucid:
Invalid
Status in “linux-ec2” source package in Lucid:
Invalid
Status in “linux-fsl-imx51” source package in Lucid:
Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
Invalid
Status in “linux-lts-backport-natty” source package in Lucid:
Invalid
Status in “linux-lts-backport-oneiric” source package in Lucid:
Invalid
Status in “linux-lts-quantal” source package in Lucid:
Invalid
Status in “linux-lts-raring” source package in Lucid:
Invalid
Status in “linux-mvl-dove” source package in Lucid:
Invalid
Status in “linux-ti-omap4” source package in Lucid:
Invalid
Status in “linux” source package in Precise:
Fix Released
Status in “linux-armadaxp” source package in Precise:
Fix Released
Status in “linux-ec2” source package in Precise:
Invalid
Status in “linux-fsl-imx51” source package in Precise:
Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
Invalid
Status in “linux-lts-backport-natty” source package in Precise:
Invalid
Status in “linux-lts-backport-oneiric” source package in Precise:
Invalid
Status in “linux-lts-quantal” source package in Precise:
Fix Released
Status in “linux-lts-raring” source package in Precise:
Fix Committed
Status in “linux-mvl-dove” source package in Precise:
Invalid
Status in “linux-ti-omap4” source package in Precise:
Fix Released
Status in “linux” source package in Quantal:
Fix Released
Status in “linux-armadaxp” source package in Quantal:
Fix Released
Status in “linux-ec2” source package in Quantal:
Invalid
Status in “linux-fsl-imx51” source package in Quantal:
Invalid
Status in “linux-lts-backport-maverick” source package in Quantal:
Invalid
Status in “linux-lts-backport-natty” source package in Quantal:
Invalid
Status in “linux-lts-backport-oneiric” source package in Quantal:
Invalid
Status in “linux-lts-quantal” source package in Quantal:
Invalid
Status in “linux-lts-raring” source package in Quantal:
Invalid
Status in “linux-mvl-dove” source package in Quantal:
Invalid
Status in “linux-ti-omap4” source package in Quantal:
Fix Released
Status in “linux” source package in Raring:
Fix Committed
Status in “linux-armadaxp” source package in Raring:
Invalid
Status in “linux-ec2” source package in Raring:
Invalid
Status in “linux-fsl-imx51” source package in Raring:
Invalid
Status in “linux-lts-backport-maverick” source package in Raring:
Invalid
Status in “linux-lts-backport-natty” source package in Raring:
Invalid
Status in “linux-lts-backport-oneiric” source package in Raring:
Invalid
Status in “linux-lts-quantal” source package in Raring:
Invalid
Status in “linux-lts-raring” source package in Raring:
Invalid
Status in “linux-mvl-dove” source package in Raring:
Invalid
Status in “linux-ti-omap4” source package in Raring:
Fix Released
Status in “linux” source package in Saucy:
Invalid
Status in “linux-armadaxp” source package in Saucy:
Invalid
Status in “linux-ec2” source package in Saucy:
Invalid
Status in “linux-fsl-imx51” source package in Saucy:
Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
Invalid
Status in “linux-lts-backport-natty” source package in Saucy:
Invalid
Status in “linux-lts-backport-oneiric” source package in Saucy:
Invalid
Status in “linux-lts-quantal” source package in Saucy:
Invalid
Status in “linux-lts-raring” source package in Saucy:
Invalid
Status in “linux-mvl-dove” source package in Saucy:
Invalid
Status in “linux-ti-omap4” source package in Saucy:
Fix Released
Bug description:
The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c
in the Linux kernel through 3.9.4 does not initialize a certain
structure member, which allows local users to obtain sensitive
information from kernel memory via a read operation on the fanotify
descriptor.
Break-Fix: 62731fa0c893515dc6cbc3e0a2879a92793c735f
de1e0c40aceb9d5bff09c3a3b97b2f1b178af53f
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1188356/+subscriptions