kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #105548
[Bug 1414651] Re: CVE-2015-0239
This bug was fixed in the package linux-ti-omap4 - 3.2.0-1460.80
---------------
linux-ti-omap4 (3.2.0-1460.80) precise; urgency=low
* Release Tracking Bug
- LP: #1420560
[ Paolo Pisati ]
* rebased on Ubuntu-3.2.0-77.112
[ Ubuntu: 3.2.0-77.112 ]
* Release Tracking Bug
- LP: #1419968
* [Packaging] force "dpkg-source -I -i" behavior
* isofs: Fix unchecked printing of ER records
- LP: #1409808
- CVE-2014-9584
* KEYS: close race between key lookup and freeing
- LP: #1409048
- CVE-2014-9529
* vfs: new internal helper: mnt_has_parent(mnt)
- LP: #1383356
- CVE-2014-7970
* vfs: more mnt_parent cleanups
- LP: #1383356
- CVE-2014-7970
* mnt: Prevent pivot_root from creating a loop in the mount tree
- LP: #1383356
- CVE-2014-7970
* netfilter: conntrack: disable generic tracking for known protocols
- LP: #1413109
- CVE-2014-8160
* KVM: x86 emulator: reject SYSENTER in compatibility mode on AMD guests
- LP: #1414651
- CVE-2015-0239
* KVM: x86: SYSENTER emulation is broken
- LP: #1414651
- CVE-2015-0239
* x86_64, vdso: Fix the vdso address randomization algorithm
- LP: #1409811
- CVE-2014-9585
* crypto: prefix module autoloading with "crypto-"
- LP: #1415507
- CVE-2013-7421
* crypto: add missing crypto module aliases
- LP: #1415507
- CVE-2013-7421
* crypto: include crypto- module prefix in template
- LP: #1415632
- CVE-2014-9644
-- Paolo Pisati <paolo.pisati@xxxxxxxxxxxxx> Wed, 11 Feb 2015 10:02:17 +0100
** Changed in: linux-ti-omap4 (Ubuntu Precise)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1414651
Title:
CVE-2015-0239
Status in linux package in Ubuntu:
Invalid
Status in linux-armadaxp package in Ubuntu:
Invalid
Status in linux-ec2 package in Ubuntu:
Invalid
Status in linux-flo package in Ubuntu:
New
Status in linux-fsl-imx51 package in Ubuntu:
Invalid
Status in linux-goldfish package in Ubuntu:
New
Status in linux-lts-backport-maverick package in Ubuntu:
New
Status in linux-lts-backport-natty package in Ubuntu:
New
Status in linux-lts-quantal package in Ubuntu:
Invalid
Status in linux-lts-raring package in Ubuntu:
Invalid
Status in linux-lts-saucy package in Ubuntu:
Invalid
Status in linux-lts-trusty package in Ubuntu:
Invalid
Status in linux-lts-utopic package in Ubuntu:
Invalid
Status in linux-mako package in Ubuntu:
New
Status in linux-manta package in Ubuntu:
New
Status in linux-mvl-dove package in Ubuntu:
Invalid
Status in linux-ti-omap4 package in Ubuntu:
Invalid
Status in linux source package in Lucid:
New
Status in linux-armadaxp source package in Lucid:
Invalid
Status in linux-ec2 source package in Lucid:
New
Status in linux-flo source package in Lucid:
Invalid
Status in linux-fsl-imx51 source package in Lucid:
Invalid
Status in linux-goldfish source package in Lucid:
Invalid
Status in linux-lts-backport-maverick source package in Lucid:
New
Status in linux-lts-backport-natty source package in Lucid:
New
Status in linux-lts-quantal source package in Lucid:
Invalid
Status in linux-lts-raring source package in Lucid:
Invalid
Status in linux-lts-saucy source package in Lucid:
Invalid
Status in linux-lts-trusty source package in Lucid:
Invalid
Status in linux-lts-utopic source package in Lucid:
Invalid
Status in linux-mako source package in Lucid:
Invalid
Status in linux-manta source package in Lucid:
Invalid
Status in linux-mvl-dove source package in Lucid:
Invalid
Status in linux-ti-omap4 source package in Lucid:
Invalid
Status in linux source package in Precise:
Fix Released
Status in linux-armadaxp source package in Precise:
Fix Released
Status in linux-ec2 source package in Precise:
Invalid
Status in linux-flo source package in Precise:
Invalid
Status in linux-fsl-imx51 source package in Precise:
Invalid
Status in linux-goldfish source package in Precise:
Invalid
Status in linux-lts-backport-maverick source package in Precise:
New
Status in linux-lts-backport-natty source package in Precise:
New
Status in linux-lts-quantal source package in Precise:
Fix Committed
Status in linux-lts-raring source package in Precise:
Invalid
Status in linux-lts-saucy source package in Precise:
Invalid
Status in linux-lts-trusty source package in Precise:
Fix Released
Status in linux-lts-utopic source package in Precise:
Invalid
Status in linux-mako source package in Precise:
Invalid
Status in linux-manta source package in Precise:
Invalid
Status in linux-mvl-dove source package in Precise:
Invalid
Status in linux-ti-omap4 source package in Precise:
Fix Released
Status in linux source package in Trusty:
Fix Released
Status in linux-armadaxp source package in Trusty:
Invalid
Status in linux-ec2 source package in Trusty:
Invalid
Status in linux-flo source package in Trusty:
Invalid
Status in linux-fsl-imx51 source package in Trusty:
Invalid
Status in linux-goldfish source package in Trusty:
Invalid
Status in linux-lts-backport-maverick source package in Trusty:
New
Status in linux-lts-backport-natty source package in Trusty:
New
Status in linux-lts-quantal source package in Trusty:
Invalid
Status in linux-lts-raring source package in Trusty:
Invalid
Status in linux-lts-saucy source package in Trusty:
Invalid
Status in linux-lts-trusty source package in Trusty:
Invalid
Status in linux-lts-utopic source package in Trusty:
Fix Released
Status in linux-mako source package in Trusty:
Invalid
Status in linux-manta source package in Trusty:
Invalid
Status in linux-mvl-dove source package in Trusty:
Invalid
Status in linux-ti-omap4 source package in Trusty:
Invalid
Status in linux source package in Utopic:
Fix Released
Status in linux-armadaxp source package in Utopic:
Invalid
Status in linux-ec2 source package in Utopic:
Invalid
Status in linux-flo source package in Utopic:
New
Status in linux-fsl-imx51 source package in Utopic:
Invalid
Status in linux-goldfish source package in Utopic:
New
Status in linux-lts-backport-maverick source package in Utopic:
New
Status in linux-lts-backport-natty source package in Utopic:
New
Status in linux-lts-quantal source package in Utopic:
Invalid
Status in linux-lts-raring source package in Utopic:
Invalid
Status in linux-lts-saucy source package in Utopic:
Invalid
Status in linux-lts-trusty source package in Utopic:
Invalid
Status in linux-lts-utopic source package in Utopic:
Invalid
Status in linux-mako source package in Utopic:
New
Status in linux-manta source package in Utopic:
New
Status in linux-mvl-dove source package in Utopic:
Invalid
Status in linux-ti-omap4 source package in Utopic:
Invalid
Status in linux source package in Vivid:
Invalid
Status in linux-armadaxp source package in Vivid:
Invalid
Status in linux-ec2 source package in Vivid:
Invalid
Status in linux-flo source package in Vivid:
New
Status in linux-fsl-imx51 source package in Vivid:
Invalid
Status in linux-goldfish source package in Vivid:
New
Status in linux-lts-backport-maverick source package in Vivid:
New
Status in linux-lts-backport-natty source package in Vivid:
New
Status in linux-lts-quantal source package in Vivid:
Invalid
Status in linux-lts-raring source package in Vivid:
Invalid
Status in linux-lts-saucy source package in Vivid:
Invalid
Status in linux-lts-trusty source package in Vivid:
Invalid
Status in linux-lts-utopic source package in Vivid:
Invalid
Status in linux-mako source package in Vivid:
New
Status in linux-manta source package in Vivid:
New
Status in linux-mvl-dove source package in Vivid:
Invalid
Status in linux-ti-omap4 source package in Vivid:
Invalid
Bug description:
Linux 2.6.32 - 3.18 that runs KVM may enable a malicious guest process
to crash the guest OS or launch a privilege escalation attack on the
guest. The attack can be launched by tricking the hypervisor to
emulate a SYSENTER instruction in 16-bit mode, if the guest OS does
not initialize the SYSENTER MSRs. KVM does not check under these
conditions that the selector IA32_SYSENTER_CS is not zero, and does
not generate a #GP exception as real hardware does. Instead, it sets
the guest instruction pointer to zero and changes the code privilege
level (CPL) to zero (privileged). Note that the attack can only be
issued under very certain conditions (see the details below). Windows
and distro Linux guest OSes should be safe. The bug existed since the
introduction of SYSENTER emulation (em_sysenter function on recent
Linux releases), in commit 8c60435261deaefeb53ce3222d04d7d5bea81296 ,
which is present in Linux 2.6.32 - 3.18.
Break-Fix: - f3747379accba8e95d70cec0eae0582c8c182050
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1414651/+subscriptions
References