← Back to team overview

kernel-packages team mailing list archive

[Bug 1403852] Re: CVE-2014-8133

 

This bug was fixed in the package linux-ec2 - 2.6.32-375.92

---------------
linux-ec2 (2.6.32-375.92) lucid; urgency=low

  [ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-71.138
  * Xen: x86, 64-bit: Move K8 B step iret fixup to fault entry asm
    - LP: #1403918
  * Xen: x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
    - LP: #1403918
  * Xen: x86-32, espfix: Remove filter for espfix32 due to race
    - LP: #1403918
  * Xen: x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit
    stack
    - LP: #1403918
  * Xen: x86, espfix: Make espfix64 a Kconfig option, fix UML
    - LP: #1403918
  * Xen: x86, espfix: Make it possible to disable 16-bit support
    - LP: #1403918
  * Xen: x86_64/entry/xen: Do not invoke espfix64 on Xen
    - LP: #1403918
  * Xen: [Config] Enable CONFIG_X86_16BIT
  * Rebased to Ubuntu-2.6.32-72.139
  * Release Tracking Bug
    - LP: #1411354

  [ Ubuntu: 2.6.32-72.139 ]

  * isofs: Fix infinite looping over CE entries
    - LP: #1407947
    - CVE-2014-9420
  * x86/tls: Validate TLS entries to protect espfix
    - LP: #1403852
    - CVE-2014-8133

  [ Ubuntu: 2.6.32-71.138 ]

  * [Config] updateconfigs CONFIG_X86_16BIT=y after v2.6.32.65 update
  * KVM: x86: Check non-canonical addresses upon WRMSR
    - LP: #1384539
    - CVE-2014-3610
  * KVM: x86: Improve thread safety in pit
    - LP: #1384540
    - CVE-2014-3611
  * net:socket: set msg_namelen to 0 if msg_name is passed as NULL in
    msghdr struct from userland.
    - LP: #1335478
  * x86, 64-bit: Move K8 B step iret fixup to fault entry asm
    - LP: #1403918
  * x86-64: Adjust frame type at paranoid_exit:
    - LP: #1403918
  * x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
    - LP: #1403918
  * x86-32, espfix: Remove filter for espfix32 due to race
    - LP: #1403918
  * x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
    - LP: #1403918
  * x86, espfix: Move espfix definitions into a separate header file
    - LP: #1403918
  * x86, espfix: Fix broken header guard
    - LP: #1403918
  * x86, espfix: Make espfix64 a Kconfig option, fix UML
    - LP: #1403918
  * x86, espfix: Make it possible to disable 16-bit support
    - LP: #1403918
  * x86_64/entry/xen: Do not invoke espfix64 on Xen
    - LP: #1403918
  * x86/espfix/xen: Fix allocation of pages for paravirt page tables
    - LP: #1403918
  * x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C
    - LP: #1403918
  * x86_64, traps: Rework bad_iret
    - LP: #1403918
 -- Stefan Bader <stefan.bader@xxxxxxxxxxxxx>   Thu, 18 Dec 2014 18:20:27 +0100

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1403852

Title:
  CVE-2014-8133

Status in linux package in Ubuntu:
  Fix Committed
Status in linux-armadaxp package in Ubuntu:
  Invalid
Status in linux-ec2 package in Ubuntu:
  Invalid
Status in linux-flo package in Ubuntu:
  New
Status in linux-fsl-imx51 package in Ubuntu:
  Invalid
Status in linux-goldfish package in Ubuntu:
  New
Status in linux-lts-backport-maverick package in Ubuntu:
  New
Status in linux-lts-backport-natty package in Ubuntu:
  New
Status in linux-lts-quantal package in Ubuntu:
  Invalid
Status in linux-lts-raring package in Ubuntu:
  Invalid
Status in linux-lts-saucy package in Ubuntu:
  Invalid
Status in linux-lts-trusty package in Ubuntu:
  Invalid
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux-mako package in Ubuntu:
  New
Status in linux-manta package in Ubuntu:
  New
Status in linux-mvl-dove package in Ubuntu:
  Invalid
Status in linux-ti-omap4 package in Ubuntu:
  Invalid
Status in linux source package in Lucid:
  Fix Released
Status in linux-armadaxp source package in Lucid:
  Invalid
Status in linux-ec2 source package in Lucid:
  Fix Released
Status in linux-flo source package in Lucid:
  Invalid
Status in linux-fsl-imx51 source package in Lucid:
  Invalid
Status in linux-goldfish source package in Lucid:
  Invalid
Status in linux-lts-backport-maverick source package in Lucid:
  New
Status in linux-lts-backport-natty source package in Lucid:
  New
Status in linux-lts-quantal source package in Lucid:
  Invalid
Status in linux-lts-raring source package in Lucid:
  Invalid
Status in linux-lts-saucy source package in Lucid:
  Invalid
Status in linux-lts-trusty source package in Lucid:
  Invalid
Status in linux-lts-utopic source package in Lucid:
  Invalid
Status in linux-mako source package in Lucid:
  Invalid
Status in linux-manta source package in Lucid:
  Invalid
Status in linux-mvl-dove source package in Lucid:
  Invalid
Status in linux-ti-omap4 source package in Lucid:
  Invalid
Status in linux source package in Precise:
  Fix Committed
Status in linux-armadaxp source package in Precise:
  Fix Committed
Status in linux-ec2 source package in Precise:
  Invalid
Status in linux-flo source package in Precise:
  Invalid
Status in linux-fsl-imx51 source package in Precise:
  Invalid
Status in linux-goldfish source package in Precise:
  Invalid
Status in linux-lts-backport-maverick source package in Precise:
  New
Status in linux-lts-backport-natty source package in Precise:
  New
Status in linux-lts-quantal source package in Precise:
  New
Status in linux-lts-raring source package in Precise:
  Invalid
Status in linux-lts-saucy source package in Precise:
  New
Status in linux-lts-trusty source package in Precise:
  New
Status in linux-lts-utopic source package in Precise:
  Invalid
Status in linux-mako source package in Precise:
  Invalid
Status in linux-manta source package in Precise:
  Invalid
Status in linux-mvl-dove source package in Precise:
  Invalid
Status in linux-ti-omap4 source package in Precise:
  Fix Committed
Status in linux source package in Trusty:
  New
Status in linux-armadaxp source package in Trusty:
  Invalid
Status in linux-ec2 source package in Trusty:
  Invalid
Status in linux-flo source package in Trusty:
  Invalid
Status in linux-fsl-imx51 source package in Trusty:
  Invalid
Status in linux-goldfish source package in Trusty:
  Invalid
Status in linux-lts-backport-maverick source package in Trusty:
  New
Status in linux-lts-backport-natty source package in Trusty:
  New
Status in linux-lts-quantal source package in Trusty:
  Invalid
Status in linux-lts-raring source package in Trusty:
  Invalid
Status in linux-lts-saucy source package in Trusty:
  Invalid
Status in linux-lts-trusty source package in Trusty:
  Invalid
Status in linux-lts-utopic source package in Trusty:
  New
Status in linux-mako source package in Trusty:
  Invalid
Status in linux-manta source package in Trusty:
  Invalid
Status in linux-mvl-dove source package in Trusty:
  Invalid
Status in linux-ti-omap4 source package in Trusty:
  Invalid
Status in linux source package in Utopic:
  New
Status in linux-armadaxp source package in Utopic:
  Invalid
Status in linux-ec2 source package in Utopic:
  Invalid
Status in linux-flo source package in Utopic:
  New
Status in linux-fsl-imx51 source package in Utopic:
  Invalid
Status in linux-goldfish source package in Utopic:
  New
Status in linux-lts-backport-maverick source package in Utopic:
  New
Status in linux-lts-backport-natty source package in Utopic:
  New
Status in linux-lts-quantal source package in Utopic:
  Invalid
Status in linux-lts-raring source package in Utopic:
  Invalid
Status in linux-lts-saucy source package in Utopic:
  Invalid
Status in linux-lts-trusty source package in Utopic:
  Invalid
Status in linux-lts-utopic source package in Utopic:
  Invalid
Status in linux-mako source package in Utopic:
  New
Status in linux-manta source package in Utopic:
  New
Status in linux-mvl-dove source package in Utopic:
  Invalid
Status in linux-ti-omap4 source package in Utopic:
  Invalid
Status in linux source package in Vivid:
  Fix Committed
Status in linux-armadaxp source package in Vivid:
  Invalid
Status in linux-ec2 source package in Vivid:
  Invalid
Status in linux-flo source package in Vivid:
  New
Status in linux-fsl-imx51 source package in Vivid:
  Invalid
Status in linux-goldfish source package in Vivid:
  New
Status in linux-lts-backport-maverick source package in Vivid:
  New
Status in linux-lts-backport-natty source package in Vivid:
  New
Status in linux-lts-quantal source package in Vivid:
  Invalid
Status in linux-lts-raring source package in Vivid:
  Invalid
Status in linux-lts-saucy source package in Vivid:
  Invalid
Status in linux-lts-trusty source package in Vivid:
  Invalid
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux-mako source package in Vivid:
  New
Status in linux-manta source package in Vivid:
  New
Status in linux-mvl-dove source package in Vivid:
  Invalid
Status in linux-ti-omap4 source package in Vivid:
  Invalid

Bug description:
  arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation
  in the Linux kernel through 3.18.1 allows local users to bypass the
  espfix protection mechanism, and consequently makes it easier for
  local users to bypass the ASLR protection mechanism, via a crafted
  application that makes a set_thread_area system call and later reads a
  16-bit value.

  Break-Fix: - 41bdc78544b8a93a9c6814b8bbbfef966272abbe

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1403852/+subscriptions


References