← Back to team overview

kernel-packages team mailing list archive

[Bug 1416498] Re: CVE-2014-7822

 

This bug was fixed in the package linux - 3.13.0-48.80

---------------
linux (3.13.0-48.80) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1431263
  * Merged back all changes that were in Ubuntu-3.13.0-47.78

  [ Upstream Kernel Changes ]

  * xfs: remote attribute overwrite causes transaction overrun
    - LP: #1429821
    - CVE-2015-0274

linux (3.13.0-47.78) trusty; urgency=low

  [ Seth Forshee ]

  * Release Tracking Bug
    - LP: #1427733

  [ Rodrigo Vivi ]

  * SAUCE: drm/i915: Fix and clean BDW PCH identification
    - LP: #1423292
  * SAUCE: drm/i915: BDW Fix Halo PCI IDs marked as ULT.
    - LP: #1423292

  [ Upstream Kernel Changes ]

  * ext4: prevent bugon on race between write/fcntl
  * Bluetooth: ath3k: workaround the compatibility issue with xHCI
    controller
    - LP: #1400215
  * openvswitch: Silence RCU lockdep checks from flow lookup.
    - LP: #1408972
  * openvswitch: Use exact lookup for flow_get and flow_del.
    - LP: #1408972
  * splice: Apply generic position and size checks to each write
    - LP: #1416498
    - CVE-2014-7822
  * ALSA: hda - enable mute led quirk for one more hp machine.
    - LP: #1410704
  * crypto: prefix module autoloading with "crypto-"
    - LP: #1427438
  * crypto: add missing crypto module aliases
    - LP: #1427438
  * crypto: include crypto- module prefix in template
    - LP: #1427438
  * crypto: crc32c - add missing crypto module alias
    - LP: #1427438
  * drm/i915: Invalidate media caches on gen7
    - LP: #1427438
  * drm/i915: Force the CS stall for invalidate flushes
    - LP: #1427438
  * audit: restore AUDIT_LOGINUID unset ABI
    - LP: #1427438
  * parisc: fix out-of-register compiler error in ldcw inline assembler
    function
    - LP: #1427438
  * kvm: x86: drop severity of "generation wraparound" message
    - LP: #1427438
  * udf: Verify i_size when loading inode
    - LP: #1427438
  * udf: Verify symlink size before loading it
    - LP: #1427438
  * udf: Check path length when reading symlink
    - LP: #1427438
  * udf: Check component length before reading it
    - LP: #1427438
  * crypto: af_alg - fix backlog handling
    - LP: #1427438
  * ASoC: dwc: Ensure FIFOs are flushed to prevent channel swap
    - LP: #1427438
  * video/logo: prevent use of logos after they have been freed
    - LP: #1427438
  * video/fbdev: fix defio's fsync
    - LP: #1427438
  * Add USB_EHCI_EXYNOS to multi_v7_defconfig
    - LP: #1427438
  * drm/i915: Swap primary planes on gen2 for FBC
    - LP: #1427438
  * drm/i915: Don't swap planes on 830M
    - LP: #1427438
  * drm/i915: Don't call intel_prepare_page_flip() multiple times on gen2-4
    - LP: #1427438
  * x86, vdso: Use asm volatile in __getcpu
    - LP: #1427438
  * drivers: net: cpsw: enable interrupts after napi enable and clearing
    previous interrupts
    - LP: #1427438
  * net: ethernet: cpsw: fix hangs with interrupts
    - LP: #1427438
  * ALSA: hda - Fix wrong gpio_dir & gpio_mask hint setups for IDT/STAC
    codecs
    - LP: #1427438
  * drm/radeon: KV has three PPLLs (v2)
    - LP: #1427438
  * drm/radeon: properly filter DP1.2 4k modes on non-DP1.2 hw
    - LP: #1427438
  * virtio_pci: defer kfree until release callback
    - LP: #1427438
  * virtio_pci: document why we defer kfree
    - LP: #1427438
  * mm: propagate error from stack expansion even for guard page
    - LP: #1427438
  * ALSA: hda - Add new GPU codec ID to snd-hda
    - LP: #1427438
  * ALSA: hda - Add new GPU codec ID 0x10de0070 to snd-hda
    - LP: #1427438
  * ALSA: hda - Add new GPU codec ID 0x10de0072 to snd-hda
    - LP: #1427438
  * vfio-pci: Fix the check on pci device type in vfio_pci_probe()
    - LP: #1427438
  * mm: prevent endless growth of anon_vma hierarchy
    - LP: #1427438
  * mm: protect set_page_dirty() from ongoing truncation
    - LP: #1427438
  * mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process
    being killed
    - LP: #1427438
  * HID: roccat: potential out of bounds in pyra_sysfs_write_settings()
    - LP: #1427438
  * mm: Don't count the stack guard page towards RLIMIT_STACK
    - LP: #1427438
  * mm: fix corner case in anon_vma endless growing prevention
    - LP: #1427438
  * usb: musb: stuff leak of struct usb_hcd
    - LP: #1427438
  * usb: gadget: udc: atmel: change setting for DMA
    - LP: #1427438
  * usb: gadget: udc: atmel: fix possible IN hang issue
    - LP: #1427438
  * ARM: clk-imx6q: fix video divider for rev T0 1.0
    - LP: #1427438
  * ARM: dts: imx25: Fix the SPI1 clocks
    - LP: #1427438
  * USB: cp210x: fix ID for production CEL MeshConnect USB Stick
    - LP: #1427438
  * USB: keyspan: fix null-deref at probe
    - LP: #1427438
  * ARM: omap5/dra7xx: Fix frequency typos
    - LP: #1427438
  * LOCKD: Fix a race when initialising nlmsvc_timeout
    - LP: #1427438
  * NFSv4.1: Fix client id trunking on Linux
    - LP: #1427438
  * USB: cp210x: add IDs for CEL USB sticks and MeshWorks devices
    - LP: #1427438
  * USB: qcserial/option: make AT URCs work for Sierra Wireless MC73xx
    - LP: #1427438
  * USB: EHCI: fix initialization bug in iso_stream_schedule()
    - LP: #1427438
  * OHCI: add a quirk for ULi M5237 blocking on reset
    - LP: #1427438
  * mei: clean reset bit before reset
    - LP: #1427438
  * target: Drop arbitrary maximum I/O size limit
    - LP: #1427438
  * usb: gadget: udc: atmel: fix possible oops when unloading module
    - LP: #1427438
  * USB: console: fix uninitialised ldisc semaphore
    - LP: #1427438
  * USB: console: fix potential use after free
    - LP: #1427438
  * mmc: sdhci: Fix sleep in atomic after inserting SD card
    - LP: #1427438
  * usb: dwc3: gadget: Fix TRB preparation during SG
    - LP: #1427438
  * usb: dwc3: gadget: Stop TRB preparation after limit is reached
    - LP: #1427438
  * ftrace/jprobes/x86: Fix conflict between jprobes and function graph
    tracing
    - LP: #1427438
  * clocksource: exynos_mct: Fix bitmask regression for exynos4_mct_write
    - LP: #1427438
  * time: settimeofday: Validate the values of tv from user
    - LP: #1427438
  * Input: i8042 - reset keyboard to fix Elantech touchpad detection
    - LP: #1427438
  * drm/radeon: fix VM flush on cayman/aruba (v3)
    - LP: #1427438
  * drm/radeon: fix VM flush on SI (v3)
    - LP: #1427438
  * drm/radeon: fix VM flush on CIK (v3)
    - LP: #1427438
  * drm/radeon: add a dpm quirk list
    - LP: #1427438
  * Input: elantech - support new ICs types for version 4
    - LP: #1427438
  * Input: I8042 - add Acer Aspire 7738 to the nomux list
    - LP: #1427438
  * drm/i915: Fix mutex->owner inspection race under DEBUG_MUTEXES
    - LP: #1427438
  * drm/radeon: add si dpm quirk list
    - LP: #1427438
  * pinctrl: Fix two deadlocks
    - LP: #1427438
  * gpio / ACPI: register to ACPI events automatically
    - LP: #1427438
  * gpio: fix memory and reference leaks in gpiochip_add error path
    - LP: #1427438
  * gpio: fix sleep-while-atomic in gpiochip_remove
    - LP: #1427438
  * can: dev: fix crtlmode_supported check
    - LP: #1427438
  * can: kvaser_usb: Don't free packets when tight on URBs
    - LP: #1427438
  * can: kvaser_usb: Reset all URB tx contexts upon channel close
    - LP: #1427438
  * can: kvaser_usb: Don't send a RESET_CHIP for non-existing channels
    - LP: #1427438
  * gpio: sysfs: fix gpio-chip device-attribute leak
    - LP: #1427438
  * gpio: sysfs: fix gpio device-attribute leak
    - LP: #1427438
  * gpiolib: of: Correct error handling in of_get_named_gpiod_flags
    - LP: #1427438
  * ALSA: usb-audio: Add mic volume fix quirk for Logitech Webcam C210
    - LP: #1427438
  * fix deadlock in cifs_ioctl_clone()
    - LP: #1427438
  * ipr: wait for aborted command responses
    - LP: #1427438
  * libata: allow sata_sil24 to opt-out of tag ordered submission
    - LP: #1427438
  * scripts/recordmcount.pl: There is no -m32 gcc option on Super-H anymore
    - LP: #1427438
  * libata: prevent HSM state change race between ISR and PIO
    - LP: #1427438
  * bus: mvebu-mbus: fix support of MBus window 13
    - LP: #1427438
  * ARM: dts: imx25: Fix PWM "per" clocks
    - LP: #1427438
  * x86, boot: Skip relocs when load address unchanged
    - LP: #1427438
  * x86, hyperv: Mark the Hyper-V clocksource as being continuous
    - LP: #1427438
  * x86, tls, ldt: Stop checking lm in LDT_empty
    - LP: #1427438
  * x86, tls: Interpret an all-zero struct user_desc as "no segment"
    - LP: #1427438
  * x86/apic: Re-enable PCI_MSI support for non-SMP X86_32
    - LP: #1427438
  * x86/tsc: Change Fast TSC calibration failed from error to info
    - LP: #1427438
  * dm cache: share cache-metadata object across inactive and active DM
    tables
    - LP: #1427438
  * dm cache: fix problematic dual use of a single migration count variable
    - LP: #1427438
  * time: adjtimex: Validate the ADJ_FREQUENCY values
    - LP: #1427438
  * ntp: Fixup adjtimex freq validation on 32-bit systems
    - LP: #1427438
  * Linux 3.13.11-ckt16
    - LP: #1427438
 -- Luis Henriques <luis.henriques@xxxxxxxxxxxxx>   Thu, 12 Mar 2015 10:21:27 +0000

** Changed in: linux (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1416498

Title:
  CVE-2014-7822

Status in linux package in Ubuntu:
  Invalid
Status in linux-armadaxp package in Ubuntu:
  Invalid
Status in linux-ec2 package in Ubuntu:
  Invalid
Status in linux-flo package in Ubuntu:
  New
Status in linux-fsl-imx51 package in Ubuntu:
  Invalid
Status in linux-goldfish package in Ubuntu:
  New
Status in linux-lts-backport-maverick package in Ubuntu:
  New
Status in linux-lts-backport-natty package in Ubuntu:
  New
Status in linux-lts-quantal package in Ubuntu:
  Invalid
Status in linux-lts-raring package in Ubuntu:
  Invalid
Status in linux-lts-saucy package in Ubuntu:
  Invalid
Status in linux-lts-trusty package in Ubuntu:
  Invalid
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux-mako package in Ubuntu:
  New
Status in linux-manta package in Ubuntu:
  New
Status in linux-mvl-dove package in Ubuntu:
  Invalid
Status in linux-ti-omap4 package in Ubuntu:
  Invalid
Status in linux source package in Lucid:
  New
Status in linux-armadaxp source package in Lucid:
  Invalid
Status in linux-ec2 source package in Lucid:
  New
Status in linux-flo source package in Lucid:
  Invalid
Status in linux-fsl-imx51 source package in Lucid:
  Invalid
Status in linux-goldfish source package in Lucid:
  Invalid
Status in linux-lts-backport-maverick source package in Lucid:
  New
Status in linux-lts-backport-natty source package in Lucid:
  New
Status in linux-lts-quantal source package in Lucid:
  Invalid
Status in linux-lts-raring source package in Lucid:
  Invalid
Status in linux-lts-saucy source package in Lucid:
  Invalid
Status in linux-lts-trusty source package in Lucid:
  Invalid
Status in linux-lts-utopic source package in Lucid:
  Invalid
Status in linux-mako source package in Lucid:
  Invalid
Status in linux-manta source package in Lucid:
  Invalid
Status in linux-mvl-dove source package in Lucid:
  Invalid
Status in linux-ti-omap4 source package in Lucid:
  Invalid
Status in linux source package in Precise:
  Fix Committed
Status in linux-armadaxp source package in Precise:
  New
Status in linux-ec2 source package in Precise:
  Invalid
Status in linux-flo source package in Precise:
  Invalid
Status in linux-fsl-imx51 source package in Precise:
  Invalid
Status in linux-goldfish source package in Precise:
  Invalid
Status in linux-lts-backport-maverick source package in Precise:
  New
Status in linux-lts-backport-natty source package in Precise:
  New
Status in linux-lts-quantal source package in Precise:
  New
Status in linux-lts-raring source package in Precise:
  Invalid
Status in linux-lts-saucy source package in Precise:
  New
Status in linux-lts-trusty source package in Precise:
  Fix Released
Status in linux-lts-utopic source package in Precise:
  Invalid
Status in linux-mako source package in Precise:
  Invalid
Status in linux-manta source package in Precise:
  Invalid
Status in linux-mvl-dove source package in Precise:
  Invalid
Status in linux-ti-omap4 source package in Precise:
  Fix Committed
Status in linux source package in Trusty:
  Fix Released
Status in linux-armadaxp source package in Trusty:
  Invalid
Status in linux-ec2 source package in Trusty:
  Invalid
Status in linux-flo source package in Trusty:
  Invalid
Status in linux-fsl-imx51 source package in Trusty:
  Invalid
Status in linux-goldfish source package in Trusty:
  Invalid
Status in linux-lts-backport-maverick source package in Trusty:
  New
Status in linux-lts-backport-natty source package in Trusty:
  New
Status in linux-lts-quantal source package in Trusty:
  Invalid
Status in linux-lts-raring source package in Trusty:
  Invalid
Status in linux-lts-saucy source package in Trusty:
  Invalid
Status in linux-lts-trusty source package in Trusty:
  Invalid
Status in linux-lts-utopic source package in Trusty:
  Invalid
Status in linux-mako source package in Trusty:
  Invalid
Status in linux-manta source package in Trusty:
  Invalid
Status in linux-mvl-dove source package in Trusty:
  Invalid
Status in linux-ti-omap4 source package in Trusty:
  Invalid
Status in linux source package in Utopic:
  Invalid
Status in linux-armadaxp source package in Utopic:
  Invalid
Status in linux-ec2 source package in Utopic:
  Invalid
Status in linux-flo source package in Utopic:
  New
Status in linux-fsl-imx51 source package in Utopic:
  Invalid
Status in linux-goldfish source package in Utopic:
  New
Status in linux-lts-backport-maverick source package in Utopic:
  New
Status in linux-lts-backport-natty source package in Utopic:
  New
Status in linux-lts-quantal source package in Utopic:
  Invalid
Status in linux-lts-raring source package in Utopic:
  Invalid
Status in linux-lts-saucy source package in Utopic:
  Invalid
Status in linux-lts-trusty source package in Utopic:
  Invalid
Status in linux-lts-utopic source package in Utopic:
  Invalid
Status in linux-mako source package in Utopic:
  New
Status in linux-manta source package in Utopic:
  New
Status in linux-mvl-dove source package in Utopic:
  Invalid
Status in linux-ti-omap4 source package in Utopic:
  Invalid
Status in linux source package in Vivid:
  Invalid
Status in linux-armadaxp source package in Vivid:
  Invalid
Status in linux-ec2 source package in Vivid:
  Invalid
Status in linux-flo source package in Vivid:
  New
Status in linux-fsl-imx51 source package in Vivid:
  Invalid
Status in linux-goldfish source package in Vivid:
  New
Status in linux-lts-backport-maverick source package in Vivid:
  New
Status in linux-lts-backport-natty source package in Vivid:
  New
Status in linux-lts-quantal source package in Vivid:
  Invalid
Status in linux-lts-raring source package in Vivid:
  Invalid
Status in linux-lts-saucy source package in Vivid:
  Invalid
Status in linux-lts-trusty source package in Vivid:
  Invalid
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux-mako source package in Vivid:
  New
Status in linux-manta source package in Vivid:
  New
Status in linux-mvl-dove source package in Vivid:
  Invalid
Status in linux-ti-omap4 source package in Vivid:
  Invalid

Bug description:
  The implementation of certain splice_write file operations in the
  Linux kernel before 3.16 does not enforce a restriction on the maximum
  size of a single file, which allows local users to cause a denial of
  service (system crash) or possibly have unspecified other impact via a
  crafted splice system call, as demonstrated by use of a file
  descriptor associated with an ext4 filesystem.

  Break-Fix: - 8d0207652cbe27d1f962050737848e5ad4671958

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1416498/+subscriptions


References