← Back to team overview

kernel-packages team mailing list archive

[Bug 1407947] Re: CVE-2014-9420

 

This bug was fixed in the package linux-ti-omap4 - 3.2.0-1459.79

---------------
linux-ti-omap4 (3.2.0-1459.79) precise; urgency=low

  * Release Tracking Bug
    - LP: #1410908

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.2.0-76.111

  [ Ubuntu: 3.2.0-76.111 ]

  * Release Tracking Bug
    - LP: #1410459
  * Revert "xhci: clear root port wake on bits if controller isn't wake-up
    capable"
    - LP: #1408799
  * isofs: Fix infinite looping over CE entries
    - LP: #1407947
    - CVE-2014-9420
  * kvm: x86: fix stale mmio cache bug
    - LP: #1408799
  * UBIFS: remove mst_mutex
    - LP: #1408799
  * UBIFS: fix a race condition
    - LP: #1408799
  * UBIFS: fix free log space calculation
    - LP: #1408799
  * Bluetooth: Fix issue with USB suspend in btusb driver
    - LP: #1408799
  * KVM: s390: unintended fallthrough for external call
    - LP: #1408799
  * ext4: check EA value offset when loading
    - LP: #1408799
  * PCI: pciehp: Prevent NULL dereference during probe
    - LP: #1408799
  * PCI: Increase IBM ipr SAS Crocodile BARs to at least system page size
    - LP: #1408799
  * ext4: don't check quota format when there are no quota files
    - LP: #1408799
  * media: usb: uvc: add a quirk for Dell XPS M1330 webcam
    - LP: #1408799
  * USB: serial: cp210x: added Ketra N1 wireless interface support
    - LP: #1408799
  * USB: cp210x: add support for Seluxit USB dongle
    - LP: #1408799
  * PCI: Generate uppercase hex for modalias interface class
    - LP: #1408799
  * v4l2-common: fix overflow in v4l_bound_align_image()
    - LP: #1408799
  * USB: add reset resume quirk for usb3503
    - LP: #1408799
  * USB: Add device quirk for ASUS T100 Base Station keyboard
    - LP: #1408799
  * firmware_class: make sure fw requests contain a name
    - LP: #1408799
  * Drivers: hv: vmbus: Cleanup vmbus_post_msg()
    - LP: #1408799
  * Drivers: hv: vmbus: Cleanup vmbus_teardown_gpadl()
    - LP: #1408799
  * Drivers: hv: vmbus: Cleanup vmbus_establish_gpadl()
    - LP: #1408799
  * Drivers: hv: vmbus: Fix a bug in vmbus_open()
    - LP: #1408799
  * Drivers: hv: vmbus: Cleanup vmbus_close_internal()
    - LP: #1408799
  * Drivers: hv: vmbus: Cleanup hv_post_message()
    - LP: #1408799
  * spi: dw-mid: respect 8 bit mode
    - LP: #1408799
  * spi: dw-mid: check that DMA was inited before exit
    - LP: #1408799
  * spi: dw-mid: terminate ongoing transfers at exit
    - LP: #1408799
  * kvm: don't take vcpu mutex for obviously invalid vcpu ioctls
    - LP: #1408799
  * x86/intel/quark: Switch off CR4.PGE so TLB flush uses CR3 instead
    - LP: #1408799
  * lockd: Try to reconnect if statd has moved
    - LP: #1408799
  * rt2800: correct BBP1_TX_POWER_CTRL mask
    - LP: #1408799
  * staging:iio:ad5933: Drop "raw" from channel names
    - LP: #1408799
  * Documentation: lzo: document part of the encoding
    - LP: #1408799
  * libata-sff: Fix controllers with no ctl port
    - LP: #1408799
  * NFSv4: fix open/lock state recovery error handling
    - LP: #1408799
  * framebuffer: fix border color
    - LP: #1408799
  * framebuffer: fix screen corruption when copying
    - LP: #1408799
  * NFSv4.1: Fix an NFSv4.1 state renewal regression
    - LP: #1408799
  * target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE
    - LP: #1408799
  * vfs: fix data corruption when blocksize < pagesize for mmaped data
    - LP: #1408799
  * m68k: Disable/restore interrupts in hwreg_present()/hwreg_write()
    - LP: #1408799
  * dm bufio: update last_accessed when relinking a buffer
    - LP: #1408799
  * dm log userspace: fix memory leak in dm_ulog_tfr_init failure path
    - LP: #1408799
  * ext4: don't orphan or truncate the boot loader inode
    - LP: #1408799
  * ext4: add ext4_iget_normal() which is to be used for dir tree lookups
    - LP: #1408799
  * ecryptfs: avoid to access NULL pointer when write metadata in xattr
    - LP: #1408799
  * pata_serverworks: disable 64-KB DMA transfers on Broadcom OSB4 IDE
    Controller
    - LP: #1408799
  * fs: Fix theoretical division by 0 in super_cache_scan().
    - LP: #1408799
  * fs: make cont_expand_zero interruptible
    - LP: #1408799
  * fix misuses of f_count() in ppp and netlink
    - LP: #1408799
  * block: fix alignment_offset math that assumes io_min is a power-of-2
    - LP: #1408799
  * fanotify: enable close-on-exec on events' fd when requested in
    fanotify_init()
    - LP: #1408799
  * Input: synaptics - gate forcepad support by DMI check
    - LP: #1408799
  * Input: i8042 - add noloop quirk for Asus X750LN
    - LP: #1408799
  * ext4: fix reservation overflow in ext4_da_write_begin
    - LP: #1408799
  * spi: pl022: Fix incorrect dma_unmap_sg
    - LP: #1408799
  * kernel: add support for gcc 5
    - LP: #1408799
  * ALSA: emu10k1: Fix deadlock in synth voice lookup
    - LP: #1408799
  * libceph: ceph-msgr workqueue needs a resque worker
    - LP: #1408799
  * selinux: fix inode security list corruption
    - LP: #1408799
  * dm bufio: change __GFP_IO to __GFP_FS in shrinker callbacks
    - LP: #1408799
  * compiler: Define OPTIMIZER_HIDE_VAR
    - LP: #1408799
  * random: add and use memzero_explicit() for clearing data
    - LP: #1408799
  * xtensa: re-wire umount syscall to sys_oldumount
    - LP: #1408799
  * dm raid: ensure superblock's size matches device's logical block size
    - LP: #1408799
  * ext3: Don't check quota format when there are no quota files
    - LP: #1408799
  * USB: serial: cp210x: add Silicon Labs 358x VID and PID
    - LP: #1408799
  * usb: serial: ftdi_sio: add Awinda Station and Dongle products
    - LP: #1408799
  * usb: option: add support for Telit LE910
    - LP: #1408799
  * USB: option: add Haier CE81B CDMA modem
    - LP: #1408799
  * x86: Conditionally update time when ack-ing pending irqs
    - LP: #1408799
  * x86, apic: Handle a bad TSC more gracefully
    - LP: #1408799
  * scsi: Fix error handling in SCSI_IOCTL_SEND_COMMAND
    - LP: #1408799
  * usb: serial: ftdi_sio: add "bricked" FTDI device PID
    - LP: #1408799
  * usb: gadget: udc: core: fix kernel oops with soft-connect
    - LP: #1408799
  * nfsd4: fix crash on unknown operation number
    - LP: #1408799
  * MIPS: ftrace: Fix a microMIPS build problem
    - LP: #1408799
  * kvm: x86: don't kill guest on unknown exit reason
    - LP: #1408799
  * Input: i8042 - quirks for Fujitsu Lifebook A544 and Lifebook AH544
    - LP: #1408799
  * posix-timers: Fix stack info leak in timer_create()
    - LP: #1408799
  * futex: Fix a race condition between REQUEUE_PI and task death
    - LP: #1408799
  * ahci: disable MSI instead of NCQ on Samsung pci-e SSDs on macbooks
    - LP: #1408799
  * ahci: Add Device IDs for Intel Sunrise Point PCH
    - LP: #1408799
  * PM / Sleep: fix recovery during resuming from hibernation
    - LP: #1408799
  * ALSA: pcm: Zero-clear reserved fields of PCM status ioctl in compat
    mode
    - LP: #1408799
  * evm: check xattr value length and type in evm_inode_setxattr()
    - LP: #1408799
  * drm/radeon: remove invalid pci id
    - LP: #1408799
  * zap_pte_range: update addr when forcing flush after TLB batching faiure
    - LP: #1408799
  * ASoC: fsi: remove unsupported PAUSE flag
    - LP: #1408799
  * cgroup/kmemleak: add kmemleak_free() for cgroup deallocations.
    - LP: #1408799
  * mm, thp: fix collapsing of hugepages on madvise
    - LP: #1408799
  * lib/bitmap.c: fix undefined shift in __bitmap_shift_{left|right}()
    - LP: #1408799
  * mac80211: properly flush delayed scan work on interface removal
    - LP: #1408799
  * ext4: fix overflow when updating superblock backups after resize
    - LP: #1408799
  * ext4: fix oops when loading block bitmap failed
    - LP: #1408799
  * ext4: bail out from make_indexed_dir() on first error
    - LP: #1408799
  * ds3000: fix LNB supply voltage on Tevii S480 on initialization
    - LP: #1408799
  * wireless: rt2x00: add new rt2800usb device
    - LP: #1408799
  * drm/vmwgfx: Filter out modes those cannot be supported by the current
    VRAM size.
    - LP: #1408799
  * block: Fix computation of merged request priority
    - LP: #1408799
  * USB: kobil_sct: fix non-atomic allocation in write path
    - LP: #1408799
  * USB: opticon: fix non-atomic allocation in write path
    - LP: #1408799
  * mac80211: fix use-after-free in defragmentation
    - LP: #1408799
  * USB: cdc-acm: add device id for GW Instek AFG-2225
    - LP: #1408799
  * usb: Do not allow usb_alloc_streams on unconfigured devices
    - LP: #1408799
  * usb-storage: handle a skipped data phase
    - LP: #1408799
  * xhci: no switching back on non-ULT Haswell
    - LP: #1408799
  * ALSA: usb-audio: Fix device_del() sysfs warnings at disconnect
    - LP: #1408799
  * staging:iio:ade7758: Remove "raw" from channel name
    - LP: #1408799
  * USB: cdc-acm: only raise DTR on transitions from B0
    - LP: #1408799
  * serial: Fix divide-by-zero fault in uart_get_divisor()
    - LP: #1408799
  * tty: Fix high cpu load if tty is unreleaseable
    - LP: #1408799
  * tty/vt: don't set font mappings on vc not supporting this
    - LP: #1408799
  * spi: dw: Fix dynamic speed change.
    - LP: #1408799
  * Input: alps - ignore potential bare packets when device is out of sync
    - LP: #1408799
  * Input: alps - allow up to 2 invalid packets without resetting device
    - LP: #1408799
  * USB: serial: cp210x: add IDs for CEL MeshConnect USB Stick
    - LP: #1408799
  * scsi: only re-lock door after EH on devices that were reset
    - LP: #1408799
  * audit: keep inode pinned
    - LP: #1408799
  * rt2x00: do not align payload on modern H/W
    - LP: #1408799
  * libceph: do not crash on large auth tickets
    - LP: #1408799
  * ASoC: sgtl5000: Fix SMALL_POP bit definition
    - LP: #1408799
  * firewire: cdev: prevent kernel stack leaking into ioctl arguments
    - LP: #1408799
  * iio: Fix IIO_EVENT_CODE_EXTRACT_DIR bit mask
    - LP: #1408799
  * x86: Require exact match for 'noxsave' command line option
    - LP: #1408799
  * can: dev: avoid calling kfree_skb() from interrupt context
    - LP: #1408799
  * can: esd_usb2: fix memory leak on disconnect
    - LP: #1408799
  * of/base: Fix PowerPC address parsing hack
    - LP: #1408799
  * usb: serial: ftdi_sio: add PIDs for Matrix Orbital products
    - LP: #1408799
  * USB: keyspan: fix tty line-status reporting
    - LP: #1408799
  * USB: keyspan: fix overrun-error reporting
    - LP: #1408799
  * USB: ssu100: fix overrun-error reporting
    - LP: #1408799
  * sunrpc: fix byte-swapping of displayed XID
    - LP: #1408799
  * SUNRPC: Fix locking around callback channel reply receive
    - LP: #1408799
  * MIPS: oprofile: Fix backtrace on 64-bit kernel
    - LP: #1408799
  * nfsd: Fix slot wake up race in the nfsv4.1 callback code
    - LP: #1408799
  * bnx2fc: do not add shared skbs to the fcoe_rx_list
    - LP: #1408799
  * ARM: 8216/1: xscale: correct auxiliary register in suspend/resume
    - LP: #1408799
  * USB: xhci: don't start a halted endpoint before its new dequeue is set
    - LP: #1408799
  * USB: xhci: Reset a halted endpoint immediately when we encounter a
    stall.
    - LP: #1408799
  * usb: xhci: rework root port wake bits if controller isn't allowed to
    wakeup
    - LP: #1408799
  * x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and
    sync_regs
    - LP: #1408799
  * ALSA: hda - Limit 40bit DMA for AMD HDMI controllers
    - LP: #1408799
  * MIPS: Loongson: Make platform serial setup always built-in.
    - LP: #1408799
  * usb-quirks: Add reset-resume quirk for MS Wireless Laser Mouse 6000
    - LP: #1408799
  * Input: xpad - use proper endpoint type
    - LP: #1408799
  * mei: limit the number of consecutive resets
    - LP: #1408799
  * tcp: be more strict before accepting ECN negociation
    - LP: #1408799
  * hpsa: fix a race in cmd_free/scsi_done
    - LP: #1408799
  * Patch for 3.2.x, 3.4.x IP identifier regression
    - LP: #1408799
  * crypto: algif - avoid excessive use of socket buffer in skcipher
    - LP: #1408799
  * perf: Handle compat ioctl
    - LP: #1408799
  * mm: Remove false WARN_ON from pagecache_isize_extended()
    - LP: #1408799
  * Linux 3.2.65
    - LP: #1408799
  * drm/i915: Unlock panel even when LVDS is disabled
    - LP: #1408857
  * AHCI: Add DeviceIDs for Sunrise Point-LP SATA controller
    - LP: #1408857
  * sata_fsl: fix error handling of irq_of_parse_and_map
    - LP: #1408857
  * mm: fix swapoff hang after page migration and fork
    - LP: #1408857
  * ahci: disable MSI on SAMSUNG 0xa800 SSD
    - LP: #1408857
  * i2c: davinci: generate STP always when NACK is received
    - LP: #1408857
  * x86/tls: Validate TLS entries to protect espfix
    - LP: #1408857
  * move d_rcu from overlapping d_child to overlapping d_alias
    - LP: #1408857
  * deal with deadlock in d_walk()
    - LP: #1408857
  * ext4: make orphan functions be no-op in no-journal mode
    - LP: #1408857
  * s390,time: revert direct ktime path for s390 clockevent device
    - LP: #1408857
  * drm: fix DRM_IOCTL_MODE_GETFB handle-leak
    - LP: #1408857
  * crypto: ghash-clmulni-intel - use C implementation for setkey()
    - LP: #1408857
  * drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets
    - LP: #1408857
  * net: sctp: fix memory leak in auth key management
    - LP: #1408857
  * ipv4: fix nexthop attlen check in fib_nh_match
    - LP: #1408857
  * tcp: md5: remove spinlock usage in fast path
    - LP: #1408857
  * tcp: md5: do not use alloc_percpu()
    - LP: #1408857
  * ipv4: dst_entry leak in ip_send_unicast_reply()
    - LP: #1408857
  * drivers/net: macvtap and tun depend on INET
    - LP: #1408857
  * net: sctp: use MAX_HEADER for headroom reserve in output path
    - LP: #1408857
  * x86: kvm: use alternatives for VMCALL vs. VMMCALL if kernel text is
    read-only
    - LP: #1408857
  * Linux 3.2.66
    - LP: #1408857
 -- Paolo Pisati <paolo.pisati@xxxxxxxxxxxxx>   Fri, 16 Jan 2015 08:20:46 +0100

** Changed in: linux-ti-omap4 (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1407947

Title:
  CVE-2014-9420

Status in linux package in Ubuntu:
  Fix Committed
Status in linux-armadaxp package in Ubuntu:
  Invalid
Status in linux-ec2 package in Ubuntu:
  Invalid
Status in linux-flo package in Ubuntu:
  New
Status in linux-fsl-imx51 package in Ubuntu:
  Invalid
Status in linux-goldfish package in Ubuntu:
  New
Status in linux-lts-backport-maverick package in Ubuntu:
  New
Status in linux-lts-backport-natty package in Ubuntu:
  New
Status in linux-lts-quantal package in Ubuntu:
  Invalid
Status in linux-lts-raring package in Ubuntu:
  Invalid
Status in linux-lts-saucy package in Ubuntu:
  Invalid
Status in linux-lts-trusty package in Ubuntu:
  Invalid
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux-mako package in Ubuntu:
  New
Status in linux-manta package in Ubuntu:
  New
Status in linux-mvl-dove package in Ubuntu:
  Invalid
Status in linux-ti-omap4 package in Ubuntu:
  Invalid
Status in linux source package in Lucid:
  Fix Released
Status in linux-armadaxp source package in Lucid:
  Invalid
Status in linux-ec2 source package in Lucid:
  Fix Released
Status in linux-flo source package in Lucid:
  Invalid
Status in linux-fsl-imx51 source package in Lucid:
  Invalid
Status in linux-goldfish source package in Lucid:
  Invalid
Status in linux-lts-backport-maverick source package in Lucid:
  New
Status in linux-lts-backport-natty source package in Lucid:
  New
Status in linux-lts-quantal source package in Lucid:
  Invalid
Status in linux-lts-raring source package in Lucid:
  Invalid
Status in linux-lts-saucy source package in Lucid:
  Invalid
Status in linux-lts-trusty source package in Lucid:
  Invalid
Status in linux-lts-utopic source package in Lucid:
  Invalid
Status in linux-mako source package in Lucid:
  Invalid
Status in linux-manta source package in Lucid:
  Invalid
Status in linux-mvl-dove source package in Lucid:
  Invalid
Status in linux-ti-omap4 source package in Lucid:
  Invalid
Status in linux source package in Precise:
  Fix Released
Status in linux-armadaxp source package in Precise:
  Fix Released
Status in linux-ec2 source package in Precise:
  Invalid
Status in linux-flo source package in Precise:
  Invalid
Status in linux-fsl-imx51 source package in Precise:
  Invalid
Status in linux-goldfish source package in Precise:
  Invalid
Status in linux-lts-backport-maverick source package in Precise:
  New
Status in linux-lts-backport-natty source package in Precise:
  New
Status in linux-lts-quantal source package in Precise:
  New
Status in linux-lts-raring source package in Precise:
  Invalid
Status in linux-lts-saucy source package in Precise:
  New
Status in linux-lts-trusty source package in Precise:
  New
Status in linux-lts-utopic source package in Precise:
  Invalid
Status in linux-mako source package in Precise:
  Invalid
Status in linux-manta source package in Precise:
  Invalid
Status in linux-mvl-dove source package in Precise:
  Invalid
Status in linux-ti-omap4 source package in Precise:
  Fix Released
Status in linux source package in Trusty:
  New
Status in linux-armadaxp source package in Trusty:
  Invalid
Status in linux-ec2 source package in Trusty:
  Invalid
Status in linux-flo source package in Trusty:
  Invalid
Status in linux-fsl-imx51 source package in Trusty:
  Invalid
Status in linux-goldfish source package in Trusty:
  Invalid
Status in linux-lts-backport-maverick source package in Trusty:
  New
Status in linux-lts-backport-natty source package in Trusty:
  New
Status in linux-lts-quantal source package in Trusty:
  Invalid
Status in linux-lts-raring source package in Trusty:
  Invalid
Status in linux-lts-saucy source package in Trusty:
  Invalid
Status in linux-lts-trusty source package in Trusty:
  Invalid
Status in linux-lts-utopic source package in Trusty:
  New
Status in linux-mako source package in Trusty:
  Invalid
Status in linux-manta source package in Trusty:
  Invalid
Status in linux-mvl-dove source package in Trusty:
  Invalid
Status in linux-ti-omap4 source package in Trusty:
  Invalid
Status in linux source package in Utopic:
  New
Status in linux-armadaxp source package in Utopic:
  Invalid
Status in linux-ec2 source package in Utopic:
  Invalid
Status in linux-flo source package in Utopic:
  New
Status in linux-fsl-imx51 source package in Utopic:
  Invalid
Status in linux-goldfish source package in Utopic:
  New
Status in linux-lts-backport-maverick source package in Utopic:
  New
Status in linux-lts-backport-natty source package in Utopic:
  New
Status in linux-lts-quantal source package in Utopic:
  Invalid
Status in linux-lts-raring source package in Utopic:
  Invalid
Status in linux-lts-saucy source package in Utopic:
  Invalid
Status in linux-lts-trusty source package in Utopic:
  Invalid
Status in linux-lts-utopic source package in Utopic:
  Invalid
Status in linux-mako source package in Utopic:
  New
Status in linux-manta source package in Utopic:
  New
Status in linux-mvl-dove source package in Utopic:
  Invalid
Status in linux-ti-omap4 source package in Utopic:
  Invalid
Status in linux source package in Vivid:
  Fix Committed
Status in linux-armadaxp source package in Vivid:
  Invalid
Status in linux-ec2 source package in Vivid:
  Invalid
Status in linux-flo source package in Vivid:
  New
Status in linux-fsl-imx51 source package in Vivid:
  Invalid
Status in linux-goldfish source package in Vivid:
  New
Status in linux-lts-backport-maverick source package in Vivid:
  New
Status in linux-lts-backport-natty source package in Vivid:
  New
Status in linux-lts-quantal source package in Vivid:
  Invalid
Status in linux-lts-raring source package in Vivid:
  Invalid
Status in linux-lts-saucy source package in Vivid:
  Invalid
Status in linux-lts-trusty source package in Vivid:
  Invalid
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux-mako source package in Vivid:
  New
Status in linux-manta source package in Vivid:
  New
Status in linux-mvl-dove source package in Vivid:
  Invalid
Status in linux-ti-omap4 source package in Vivid:
  Invalid

Bug description:
  The rock_continue function in fs/isofs/rock.c in the Linux kernel
  through 3.18.1 does not restrict the number of Rock Ridge continuation
  entries, which allows local users to cause a denial of service
  (infinite loop, and system crash or hang) via a crafted iso9660 image.

  Break-Fix: - f54e18f1b831c92f6512d2eedb224cd63d607d3d

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1407947/+subscriptions


References