← Back to team overview

kernel-packages team mailing list archive

[Bug 1277722] Re: Quantal update to v3.5.7.29 stable release

 

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1874

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6367

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6368

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4587

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1277722

Title:
  Quantal update to v3.5.7.29 stable release

Status in linux package in Ubuntu:
  Confirmed
Status in linux source package in Quantal:
  Fix Released

Bug description:
  SRU Justification

      Impact:
         The upstream process for stable tree updates is quite similar
         in scope to the Ubuntu SRU process, e.g., each patch has to
         demonstrably fix a bug, and each patch is vetted by upstream
         by originating either directly from Linus' tree or in a minimally
         backported form of that patch. The v3.5.7.29 upstream stable
         patch set is now available. It should be included in the Ubuntu
         kernel as well.

         git://git.kernel.org/

      TEST CASE: TBD

         The following patches are in the v3.5.7.29 stable release:

  Linux 3.5.7.29
  SELinux: Fix possible NULL pointer dereference in selinux_inode_permission()
  mac80211: move "bufferable MMPDU" check to fix AP mode scan
  x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround
  bridge: use spin_lock_bh() in br_multicast_set_hash_max
  net: llc: fix use after free in llc_ui_recvmsg
  vlan: Fix header ops passthru when doing TX VLAN offload.
  net: rose: restore old recvmsg behavior
  rds: prevent dereference of a NULL device
  hamradio/yam: fix info leak in ioctl
  drivers/net/hamradio: Integer overflow in hdlcdrv_ioctl()
  net: inet_diag: zero out uninitialized idiag_{src,dst} fields
  net: unix: allow bind to fail on mutex lock
  netvsc: don't flush peers notifying work during setting mtu
  tg3: Initialize REG_BASE_ADDR at PCI config offset 120 to 0
  net: unix: allow set_peek_off to fail
  net: drop_monitor: fix the value of maxattr
  ipv6: don't count addrconf generated routes against gc limit
  macvtap: signal truncated packets
  tun: update file current position
  macvtap: update file current position
  macvtap: Do not double-count received packets
  rds: prevent BUG_ON triggered on congestion update to loopback
  net: do not pretend FRAGLIST support
  sched: Guarantee new group-entities always have weight
  sched: Fix hrtimer_cancel()/rq->lock deadlock
  sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining
  sched: Fix race on toggling cfs_bandwidth_used
  ftrace: Check module functions being traced on reload
  mm: ensure get_unmapped_area() returns higher address than mmap_min_addr
  Revert "mm: ensure get_unmapped_area() returns higher address than mmap_min_addr"
  ceph: Avoid data inconsistency due to d-cache aliasing in readpage()
  sh: always link in helper functions extracted from libgcc
  jbd2: don't BUG but return ENOSPC if a handle runs out of space
  GFS2: Fix incorrect invalidation for DIO/buffered I/O
  GFS2: don't hold s_umount over blkdev_put
  Input: allocate absinfo data when setting ABS capability
  powerpc: Align p_end
  ath9k_htc: properly set MAC address and BSSID mask
  ARM: fix "bad mode in ... handler" message for undefined instructions
  powerpc: Fix bad stack check in exception entry
  selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()
  selinux: fix broken peer recv check
  drm/radeon: 0x9649 is SUMO2 not SUMO
  ext4: add explicit casts when masking cluster sizes
  drm/radeon: fix asic gfx values for scrapper asics
  libata, freezer: avoid block device removal while system is frozen
  dm9601: work around tx fifo sync issue on dm962x
  dm9601: fix reception of full size ethernet frames on dm9620/dm9621a
  net_dma: mark broken
  ASoC: wm8904: fix DSP mode B configuration
  iio:adc:ad7887 Fix channel reported endianness from cpu to big endian
  cpupower: Fix segfault due to incorrect getopt_long arugments
  ath9k: Fix interrupt handling for the AR9002 family
  rtlwifi: pci: Fix oops on driver unload
  ALSA: Add SNDRV_PCM_STATE_PAUSED case in wait_for_avail function
  sched/rt: Fix rq's cpupri leak while enqueue/dequeue child RT entities
  drm/edid: add quirk for BPC in Samsung NP700G7A-S01PL notebook
  libata: disable a disk via libata.force params
  ftrace: Initialize the ftrace profiler for each possible cpu
  radiotap: fix bitmap-end-finding buffer overrun
  gpio: msm: Fix irq mask/unmask by writing bits instead of numbers
  ALSA: hda - Add enable_msi=0 workaround for four HP machines
  drm/radeon: Fix sideport problems on certain RS690 boards
  iscsi-target: Fix-up all zero data-length CDBs with R/W_BIT set
  drm/i915: don't update the dri1 breadcrumb with modesetting
  xhci: Limit the spurious wakeup fix only to HP machines
  scripts/link-vmlinux.sh: only filter kernel symbols for arm
  usb: cdc-wdm: manage_power should always set needs_remote_wakeup
  ext4: fix del_timer() misuse for ->s_err_report
  ext2: Fix oops in ext2_get_block() called from ext2_quota_write()
  ext4: check for overlapping extents in ext4_valid_extent_entries()
  ext4: fix use-after-free in ext4_mb_new_blocks
  libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus SpinPoint M8
  powerpc: kvm: fix rare but potential deadlock scene
  ceph: wake up 'safe' waiters when unregistering request
  ceph: cleanup aborted requests when re-sending requests.
  TTY: pmac_zilog, check existence of ports in pmz_console_init()
  Staging: zram: Fix memory leak by refcount mismatch
  ARM: pxa: prevent PXA270 occasional reboot freezes
  Staging: zram: Fix access of NULL pointer
  IB/qib: Convert qib_user_sdma_pin_pages() to use get_user_pages_fast()
  KVM: IOMMU: hva align mapping page size
  dm mpath: fix race condition between multipath_dtr and pg_init_done
  mm/hugetlb: check for pte NULL pointer in __page_check_address()
  intel_idle: enable IVB Xeon support
  intel_idle: initial IVB support
  selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute()
  selinux: look for IPsec labels on both inbound and outbound packets
  HID: Bump maximum global item tag report size to 128 bytes
  staging: comedi: pcmuio: fix possible NULL deref on detach
  staging: comedi: ssv_dnp: use comedi_dio_update_state()
  [media] cxd2820r_core: fix sparse warnings
  sc1200_wdt: Fix oops
  Input: usbtouchscreen - separate report and transmit buffer size handling
  ARM: OMAP2+: hwmod: Fix SOFTRESET logic
  ARM: OMAP3: hwmod data: Don't prevent RESET of USB Host module
  Linux 3.5.7.28
  xfs: underflow bug in xfs_attrlist_by_handle()
  MIPS: DMA: For BMIPS5000 cores flush region just like non-coherent R10000
  drivers/rtc/rtc-at91rm9200.c: correct alarm over day/month wrap
  selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()
  selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()
  KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368)
  KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
  KVM: Improve create VCPU parameter (CVE-2013-4587)
  futex: fix handling of read-only-mapped hugepages
  hwmon: Prevent some divide by zeros in FAN_TO_REG()
  hwmon: (w83l768ng) Fix fan speed control range
  hwmon: (w83l786ng) Fix fan speed control mode setting and reporting
  ARM: pxa: tosa: fix keys mapping
  dm bufio: initialize read-only module parameters
  x86, efi: Don't use (U)EFI time services on 32 bit
  x86, build, icc: Remove uninitialized_var() from compiler-intel.h
  dm table: fail dm_table_create on dm_round_up overflow
  dm snapshot: avoid snapshot space leak on crash
  ALSA: memalloc.h - fix wrong truncation of dma_addr_t
  ARM: 7913/1: fix framepointer check in unwind_frame
  ARM: 7912/1: check stack pointer in get_wchan
  crypto: scatterwalk - Use sg_chain_ptr on chain entries
  crypto: scatterwalk - Set the chain pointer indication bit
  drivers/char/i8k.c: add Dell XPLS L421X
  usb: hub: Use correct reset for wedged USB3 devices that are NOTATTACHED
  drm/radeon: fixup bad vram size on SI
  USB: cdc-acm: Added support for the Lenovo RD02-D400 USB Modem
  USB: pl2303: fixed handling of CS5 setting
  USB: ftdi_sio: fixed handling of unsupported CSIZE setting
  USB: mos7840: correct handling of CS5 setting
  USB: spcp8x5: correct handling of CS5 setting
  USB: option: support new huawei devices
  USB: serial: option: blacklist interface 1 for Huawei E173s-6
  [media] saa7164: fix return value check in saa7164_initdev()
  usb: dwc3: fix implementation of endpoint wedge
  usb: gadget: composite: reset delayed_status on reset_config
  USB: serial: fix race in generic write
  mac80211: don't attempt to reorder multicast frames
  dm delay: fix a possible deadlock due to shared workqueue
  nfs: fix do_div() warning by instead using sector_div()
  sched: Avoid throttle_cfs_rq() racing with period_timer stopping
  NFSv4 wait on recovery for async session errors
  9p: send uevent after adding/removing mount_tag attribute
  HID: apple: option to swap the 'Option' ("Alt") and 'Command' ("Flag") keys.
  HID: roccat: fix Coverity CID 141438
  HID: hid-multitouch: add support for SiS panels
  HID: add quirk for Freescale i.MX23 ROM recovery
  i2c: i801: SMBus patch for Intel Avoton DeviceIDs
  Input: mousedev - allow disabling even without CONFIG_EXPERT
  Input: allow deselecting serio drivers even without CONFIG_EXPERT
  video: kyro: fix incorrect sizes when copying to userspace
  iommu/vt-d: Fixed interaction of VFIO_IOMMU_MAP_DMA with IOMMU address limits
  elevator: acquire q->sysfs_lock in elevator_change()
  dm: fix truncated status strings
  um: add missing declaration of 'getrlimit()' and friends
  iwlwifi: dvm: don't override mac80211's queue setting
  cpuidle: Check for dev before deregistering it.
  ASoC: wm8731: fix dsp mode configuration
  powerpc/gpio: Fix the wrong GPIO input data on MPC8572/MPC8536
  [SCSI] enclosure: fix WARN_ON in dual path device removing
  ALSA: hda - Another fixup for ASUS laptop with ALC660 codec
  [SCSI] hpsa: return 0 from driver probe function on success, not 1
  [SCSI] hpsa: do not discard scsi status on aborted commands
  ARM: footbridge: fix VGA initialisation
  net: smc91: fix crash regression on the versatile
  ALSA: hda - Fix silent output on ASUS W7J laptop
  crypto: ccm - Fix handling of zero plaintext when computing mac
  crypto: s390 - Fix aes-xts parameter corruption
  s390/crypto: Don't panic after crypto instruction failures
  crypto: authenc - Find proper IV address in ablkcipher callback
  [SCSI] libsas: fix usage of ata_tf_to_fis
  xen/gnttab: leave lazy MMU mode in the case of a m2p override failure
  irq: Enable all irqs unconditionally in irq_resume
  ASoC: wm8990: Mark the register map as dirty when powering down
  Update of blkg_stat and blkg_rwstat may happen in bh context. While u64_stats_fetch_retry is only preempt_disable on 32bit UP system. This is not enough to avoid preemption by bh and may read strange 64 bit value.
  NFSv4: Update list of irrecoverable errors on DELEGRETURN
  mmc: block: fix a bug of error handling in MMC driver
  bridge: flush br's address entry in fdb when remove the
  {pktgen, xfrm} Update IPv4 header total len and checksum after tranformation
  af_packet: block BH in prb_shutdown_retire_blk_timer()
  ipv6: fix possible seqlock deadlock in ip6_finish_output2
  inet: fix possible seqlock deadlocks
  net: clamp ->msg_namelen instead of returning an error
  net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
  ipv6: fix leaking uninitialized port number of offender sockaddr
  inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions
  packet: fix use after free race in send path when dev is released
  net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage)
  net: rework recvmsg handler msg_name and msg_namelen logic
  net: core: Always propagate flag changes to interfaces
  atm: idt77252: fix dev refcnt leak
  inet: prevent leakage of uninitialized memory to user in recv syscalls
  ipv4: fix possible seqlock deadlock
  connector: improved unaligned access error fix
  isdnloop: use strlcpy() instead of strcpy()
  bonding: fix two race conditions in bond_store_updelay/downdelay
  6lowpan: Uncompression of traffic class field was incorrect
  bonding: don't permit to use ARP monitoring in 802.3ad mode
  random32: fix off-by-one in seeding requirement
  ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
  net: Fix "ip rule delete table 256"
  [media] lirc_zilog: Don't use dynamic static allocation

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1277722/+subscriptions


References