kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #115014
[Bug 1438504] Re: CVE-2015-2666
This bug was fixed in the package linux - 3.13.0-51.84
---------------
linux (3.13.0-51.84) trusty; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1444141
* Merged back Ubuntu-3.13.0-49.83 security release
linux (3.13.0-50.82) trusty; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #1442285
[ Andy Whitcroft ]
* [Config] CONFIG_DEFAULT_MMAP_MIN_ADDR needs to match on armhf and arm64
- LP: #1418140
[ Chris J Arges ]
* [Config] CONFIG_PCIEASPM_DEBUG=y
- LP: #1398544
[ Upstream Kernel Changes ]
* KEYS: request_key() should reget expired keys rather than give
EKEYEXPIRED
- LP: #1124250
* audit: correctly record file names with different path name types
- LP: #1439441
* KVM: x86: Check for nested events if there is an injectable interrupt
- LP: #1413540
* be2iscsi: fix memory leak in error path
- LP: #1440156
* block: remove old blk_iopoll_enabled variable
- LP: #1440156
* be2iscsi: Fix handling timed out MBX completion from FW
- LP: #1440156
* be2iscsi: Fix doorbell format for EQ/CQ/RQ s per SLI spec.
- LP: #1440156
* be2iscsi: Fix the session cleanup when reboot/shutdown happens
- LP: #1440156
* be2iscsi: Fix scsi_cmnd leakage in driver.
- LP: #1440156
* be2iscsi : Fix DMA Out of SW-IOMMU space error
- LP: #1440156
* be2iscsi: Fix retrieving MCCQ_WRB in non-embedded Mbox path
- LP: #1440156
* be2iscsi: Fix exposing Host in sysfs after adapter initialization is
complete
- LP: #1440156
* be2iscsi: Fix interrupt Coalescing mechanism.
- LP: #1440156
* be2iscsi: Fix TCP parameters while connection offloading.
- LP: #1440156
* be2iscsi: Fix memory corruption in MBX path
- LP: #1440156
* be2iscsi: Fix destroy MCC-CQ before MCC-EQ is destroyed
- LP: #1440156
* be2iscsi: add an missing goto in error path
- LP: #1440156
* be2iscsi: remove potential junk pointer free
- LP: #1440156
* be2iscsi: Fix memory leak in mgmt_set_ip()
- LP: #1440156
* be2iscsi: Fix the sparse warning introduced in previous submission
- LP: #1440156
* be2iscsi: Fix updating the boot enteries in sysfs
- LP: #1440156
* be2iscsi: Fix processing CQE before connection resources are freed
- LP: #1440156
* be2iscsi : Fix kernel panic during reboot/shutdown
- LP: #1440156
* fixed invalid assignment of 64bit mask to host dma_boundary for scatter
gather segment boundary limit.
- LP: #1440156
* quota: Store maximum space limit in bytes
- LP: #1441284
* ip: zero sockaddr returned on error queue
- LP: #1441284
* net: rps: fix cpu unplug
- LP: #1441284
* ipv6: stop sending PTB packets for MTU < 1280
- LP: #1441284
* netxen: fix netxen_nic_poll() logic
- LP: #1441284
* udp_diag: Fix socket skipping within chain
- LP: #1441284
* ping: Fix race in free in receive path
- LP: #1441284
* bnx2x: fix napi poll return value for repoll
- LP: #1441284
* net: don't OOPS on socket aio
- LP: #1441284
* bridge: dont send notification when skb->len == 0 in rtnl_bridge_notify
- LP: #1441284
* ipv4: tcp: get rid of ugly unicast_sock
- LP: #1441284
* ppp: deflate: never return len larger than output buffer
- LP: #1441284
* net: sctp: fix passing wrong parameter header to param_type2af in
sctp_process_param
- LP: #1441284
* ARM: pxa: add regulator_has_full_constraints to corgi board file
- LP: #1441284
* ARM: pxa: add regulator_has_full_constraints to poodle board file
- LP: #1441284
* ARM: pxa: add regulator_has_full_constraints to spitz board file
- LP: #1441284
* hx4700: regulator: declare full constraints
- LP: #1441284
* HID: input: fix confusion on conflicting mappings
- LP: #1441284
* HID: fixup the conflicting keyboard mappings quirk
- LP: #1441284
* megaraid_sas: disable interrupt_mask before enabling hardware
interrupts
- LP: #1441284
* PCI: Generate uppercase hex for modalias var in uevent
- LP: #1441284
* usb: core: buffer: smallest buffer should start at ARCH_DMA_MINALIGN
- LP: #1441284
* tty/serial: at91: enable peripheral clock before accessing I/O
registers
- LP: #1441284
* tty/serial: at91: fix error handling in atmel_serial_probe()
- LP: #1441284
* axonram: Fix bug in direct_access
- LP: #1441284
* ksoftirqd: Enable IRQs and call cond_resched() before poking RCU
- LP: #1441284
* TPM: Add new TPMs to the tail of the list to prevent inadvertent change
of dev
- LP: #1441284
* char: tpm: Add missing error check for devm_kzalloc
- LP: #1441284
* tpm_tis: verify interrupt during init
- LP: #1441284
* tpm: Fix NULL return in tpm_ibmvtpm_get_desired_dma
- LP: #1441284
* tpm/tpm_i2c_stm_st33: Fix potential bug in tpm_stm_i2c_send
- LP: #1441284
* tpm/tpm_i2c_stm_st33: Add status check when reading data on the FIFO
- LP: #1441284
* mmc: sdhci-pxav3: fix unbalanced clock issues during probe
- LP: #1441284
* iwlwifi: mvm: validate tid and sta_id in ba_notif
- LP: #1441284
* power: bq24190: Fix ignored supplicants
- LP: #1441284
* ARM: DRA7: hwmod: Fix boot crash with DEBUG_LL enabled on UART3
- LP: #1441284
* Bluetooth: ath3k: Add support of AR3012 bluetooth 13d3:3423 device
- LP: #1411193, #1441284
* cfq-iosched: fix incorrect filing of rt async cfqq
- LP: #1441284
* smack: fix possible use after frees in task_security() callers
- LP: #1441284
* xfs: ensure buffer types are set correctly
- LP: #1441284
* xfs: inode unlink does not set AGI buffer type
- LP: #1441284
* xfs: set buf types when converting extent formats
- LP: #1441284
* xfs: set superblock buffer type correctly
- LP: #1441284
* btrfs: set proper message level for skinny metadata
- LP: #1441284
* KVM: s390: base hrtimer on a monotonic clock
- LP: #1441284
* PCI: Fix infinite loop with ROM image of size 0
- LP: #1441284
* USB: cp210x: add ID for RUGGEDCOM USB Serial Console
- LP: #1441284
* clk: zynq: Force CPU_2X clock to be ungated
- LP: #1441284
* mmc: sdhci-pxav3: Remove checks for mandatory host clock
- LP: #1441284
* mmc: sdhci-pxav3: fix race between runtime pm and irq
- LP: #1441284
* power_supply: 88pm860x: Fix leaked power supply on probe fail
- LP: #1441284
* staging: comedi: comedi_compat32.c: fix COMEDI_CMD copy back
- LP: #1441284
* mmc: sdhci-pxav3: fix setting of pdata->clk_delay_cycles
- LP: #1441284
* ARM: 8284/1: sa1100: clear RCSR_SMR on resume
- LP: #1441284
* usb: musb: omap2plus bus glue needs USB host support
- LP: #1441284
* USB: add flag for HCDs that can't receive wakeup requests (isp1760-hcd)
- LP: #1441284
* USB: fix use-after-free bug in usb_hcd_unlink_urb()
- LP: #1441284
* iwlwifi: mvm: always use mac color zero
- LP: #1441284
* iwlwifi: pcie: disable the SCD_BASE_ADDR when we resume from WoWLAN
- LP: #1441284
* vt: provide notifications on selection changes
- LP: #1441284
* tty: Prevent untrappable signals from malicious program
- LP: #1441284
* cpufreq: Set cpufreq_cpu_data to NULL before putting kobject
- LP: #1441284
* lmedm04: Fix usb_submit_urb BOGUS urb xfer, pipe 1 != type 3 in
interrupt urb
- LP: #1441284
* mei: mask interrupt set bit on clean reset bit
- LP: #1441284
* mei: me: release hw from reset only during the reset flow
- LP: #1441284
* MIPS: KVM: Deliver guest interrupts after local_irq_disable()
- LP: #1441284
* KVM: MIPS: Don't leak FPU/DSP to guest
- LP: #1441284
* ALSA: hda - Add the pin fixup for HP Envy TS bass speaker
- LP: #1441284
* ALSA: hda - Set up GPIO for Toshiba Satellite S50D
- LP: #1441284
* xen/manage: Fix USB interaction issues when resuming
- LP: #1441284
* drm/i915: Correct the IOSF Dev_FN field for IOSF transfers
- LP: #1441284
* cfq-iosched: handle failure of cfq group allocation
- LP: #1441284
* tracing: Fix unmapping loop in tracing_mark_write
- LP: #1441284
* fsnotify: fix handling of renames in audit
- LP: #1441284
* drm/radeon: workaround for CP HW bug on CIK
- LP: #1441284
* drm/radeon: only enable kv/kb dpm interrupts once v3
- LP: #1441284
* NFSv4.1: Fix a kfree() of uninitialised pointers in
decode_cb_sequence_args
- LP: #1441284
* cpufreq: speedstep-smi: enable interrupts when waiting
- LP: #1441284
* mm/hugetlb: pmd_huge() returns true for non-present hugepage
- LP: #1441284
* mm: cleanup follow_page_mask()
- LP: #1441284
* mm/hugetlb: take page table lock in follow_huge_pmd()
- LP: #1441284
* mm/hugetlb: fix getting refcount 0 page in hugetlb_fault()
- LP: #1441284
* mm/hugetlb: add migration/hwpoisoned entry check in
hugetlb_change_protection
- LP: #1441284
* mm/hugetlb: add migration entry check in __unmap_hugepage_range
- LP: #1441284
* mm: softdirty: unmapped addresses between VMAs are clean
- LP: #1441284
* proc/pagemap: walk page tables under pte lock
- LP: #1441284
* mm: when stealing freepages, also take pages created by splitting buddy
page
- LP: #1441284
* mm/mmap.c: fix arithmetic overflow in __vm_enough_memory()
- LP: #1441284
* mm/nommu.c: fix arithmetic overflow in __vm_enough_memory()
- LP: #1441284
* iscsi-target: Drop problematic active_ts_list usage
- LP: #1441284
* target: Fix PR_APTPL_BUF_LEN buffer size limitation
- LP: #1441284
* mm/compaction: fix wrong order check in compact_finished()
- LP: #1441284
* mm/memory.c: actually remap enough memory
- LP: #1441284
* mm: hwpoison: drop lru_add_drain_all() in __soft_offline_page()
- LP: #1441284
* ARC: fix page address calculation if PAGE_OFFSET != LINUX_LINK_BASE
- LP: #1441284
* drm/radeon/dp: Set EDP_CONFIGURATION_SET for bridge chips if necessary
- LP: #1441284
* drm/radeon: fix voltage setup on hawaii
- LP: #1441284
* ALSA: hdspm - Constrain periods to 2 on older cards
- LP: #1441284
* jffs2: fix handling of corrupted summary length
- LP: #1441284
* dm mirror: do not degrade the mirror on discard error
- LP: #1441284
* dm io: reject unsupported DISCARD requests with EOPNOTSUPP
- LP: #1441284
* target: Add missing WRITE_SAME end-of-device sanity check
- LP: #1441284
* target: Check for LBA + sectors wrap-around in sbc_parse_cdb
- LP: #1441284
* Btrfs: fix fsync data loss after adding hard link to inode
- LP: #1441284
* Added Little Endian support to vtpm module
- LP: #1441284
* sg: fix read() error reporting
- LP: #1441284
* IB/qib: Do not write EEPROM
- LP: #1441284
* md/raid5: Fix livelock when array is both resyncing and degraded.
- LP: #1441284
* dm: fix a race condition in dm_get_md
- LP: #1441284
* dm snapshot: fix a possible invalid memory access on unload
- LP: #1441284
* cpufreq: s3c: remove incorrect __init annotations
- LP: #1441284
* libceph: assert both regular and lingering lists in __remove_osd()
- LP: #1441284
* libceph: change from BUG to WARN for __remove_osd() asserts
- LP: #1441284
* libceph: fix double __remove_osd() problem
- LP: #1441284
* MIPS: Export FP functions used by lose_fpu(1) for KVM
- LP: #1441284
* kdb: fix incorrect counts in KDB summary command output
- LP: #1441284
* blk-throttle: check stats_cpu before reading it from sysfs
- LP: #1441284
* procfs: fix race between symlink removals and traversals
- LP: #1441284
* autofs4 copy_dev_ioctl(): keep the value of ->size we'd used for
allocation
- LP: #1441284
* pktgen: fix UDP checksum computation
- LP: #1441284
* ipv6: fix ipv6_cow_metrics for non DST_HOST case
- LP: #1441284
* clk-gate: fix bit # check in clk_register_gate()
- LP: #1441284
* ALSA: off by one bug in snd_riptide_joystick_probe()
- LP: #1441284
* ath5k: fix spontaneus AR5312 freezes
- LP: #1441284
* pinctrl: pinctrl-imx: don't use invalid value of conf_reg
- LP: #1441284
* ALSA: hda - Add one more node in the EAPD supporting candidate list
- LP: #1436745, #1441284
* ALSA: hda - Add pin configs for ASUS mobo with IDT 92HD73XX codec
- LP: #1441284
* drm/i915/bdw: PCI IDs ending in 0xb are ULT.
- LP: #1441284
* xfs: Fix quota type in quota structures when reusing quota file
- LP: #1441284
* gpiolib: of: allow of_gpiochip_find_and_xlate to find more than one
chip per node
- LP: #1441284
* gpio: tps65912: fix wrong container_of arguments
- LP: #1441284
* ALSA: pcm: Don't leave PREPARED state after draining
- LP: #1441284
* metag: Fix KSTK_EIP() and KSTK_ESP() macros
- LP: #1441284
* md/raid1: fix read balance when a drive is write-mostly.
- LP: #1441284
* drm/radeon: use drm_mode_vrefresh() rather than mode->vrefresh
- LP: #1441284
* drm/radeon: fix 1 RB harvest config setup for TN/RL
- LP: #1441284
* arm64: compat Fix siginfo_t -> compat_siginfo_t conversion on big
endian
- LP: #1441284
* nilfs2: fix potential memory overrun on inode
- LP: #1441284
* HID: i2c-hid: Limit reads to wMaxInputLength bytes for input events
- LP: #1441284
* Linux 3.13.11-ckt18
- LP: #1441284
* ipv6: Don't reduce hop limit for an interface
- LP: #1441103
- CVE-2015-2922
* x86/microcode/intel: Guard against stack overflow in the loader
- LP: #1438504
- CVE-2015-2666
-- Luis Henriques <luis.henriques@xxxxxxxxxxxxx> Tue, 14 Apr 2015 21:38:57 +0100
** Changed in: linux-lts-trusty (Ubuntu Precise)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1438504
Title:
CVE-2015-2666
Status in linux package in Ubuntu:
Fix Released
Status in linux-armadaxp package in Ubuntu:
Invalid
Status in linux-ec2 package in Ubuntu:
Invalid
Status in linux-flo package in Ubuntu:
Invalid
Status in linux-fsl-imx51 package in Ubuntu:
Invalid
Status in linux-goldfish package in Ubuntu:
Invalid
Status in linux-lts-backport-maverick package in Ubuntu:
New
Status in linux-lts-backport-natty package in Ubuntu:
New
Status in linux-lts-quantal package in Ubuntu:
Invalid
Status in linux-lts-raring package in Ubuntu:
Invalid
Status in linux-lts-saucy package in Ubuntu:
Invalid
Status in linux-lts-trusty package in Ubuntu:
Invalid
Status in linux-lts-utopic package in Ubuntu:
Invalid
Status in linux-mako package in Ubuntu:
Invalid
Status in linux-manta package in Ubuntu:
Invalid
Status in linux-mvl-dove package in Ubuntu:
Invalid
Status in linux-ti-omap4 package in Ubuntu:
Invalid
Status in linux source package in Lucid:
Invalid
Status in linux-armadaxp source package in Lucid:
Invalid
Status in linux-ec2 source package in Lucid:
Invalid
Status in linux-flo source package in Lucid:
Invalid
Status in linux-fsl-imx51 source package in Lucid:
Invalid
Status in linux-goldfish source package in Lucid:
Invalid
Status in linux-lts-backport-maverick source package in Lucid:
New
Status in linux-lts-backport-natty source package in Lucid:
New
Status in linux-lts-quantal source package in Lucid:
Invalid
Status in linux-lts-raring source package in Lucid:
Invalid
Status in linux-lts-saucy source package in Lucid:
Invalid
Status in linux-lts-trusty source package in Lucid:
Invalid
Status in linux-lts-utopic source package in Lucid:
Invalid
Status in linux-mako source package in Lucid:
Invalid
Status in linux-manta source package in Lucid:
Invalid
Status in linux-mvl-dove source package in Lucid:
Invalid
Status in linux-ti-omap4 source package in Lucid:
Invalid
Status in linux source package in Precise:
Invalid
Status in linux-armadaxp source package in Precise:
Invalid
Status in linux-ec2 source package in Precise:
Invalid
Status in linux-flo source package in Precise:
Invalid
Status in linux-fsl-imx51 source package in Precise:
Invalid
Status in linux-goldfish source package in Precise:
Invalid
Status in linux-lts-backport-maverick source package in Precise:
New
Status in linux-lts-backport-natty source package in Precise:
New
Status in linux-lts-quantal source package in Precise:
Invalid
Status in linux-lts-raring source package in Precise:
Invalid
Status in linux-lts-saucy source package in Precise:
Invalid
Status in linux-lts-trusty source package in Precise:
Fix Released
Status in linux-lts-utopic source package in Precise:
Invalid
Status in linux-mako source package in Precise:
Invalid
Status in linux-manta source package in Precise:
Invalid
Status in linux-mvl-dove source package in Precise:
Invalid
Status in linux-ti-omap4 source package in Precise:
Invalid
Status in linux source package in Trusty:
Fix Released
Status in linux-armadaxp source package in Trusty:
Invalid
Status in linux-ec2 source package in Trusty:
Invalid
Status in linux-flo source package in Trusty:
Invalid
Status in linux-fsl-imx51 source package in Trusty:
Invalid
Status in linux-goldfish source package in Trusty:
Invalid
Status in linux-lts-backport-maverick source package in Trusty:
New
Status in linux-lts-backport-natty source package in Trusty:
New
Status in linux-lts-quantal source package in Trusty:
Invalid
Status in linux-lts-raring source package in Trusty:
Invalid
Status in linux-lts-saucy source package in Trusty:
Invalid
Status in linux-lts-trusty source package in Trusty:
Invalid
Status in linux-lts-utopic source package in Trusty:
Fix Released
Status in linux-mako source package in Trusty:
Invalid
Status in linux-manta source package in Trusty:
Invalid
Status in linux-mvl-dove source package in Trusty:
Invalid
Status in linux-ti-omap4 source package in Trusty:
Invalid
Status in linux source package in Utopic:
Fix Released
Status in linux-armadaxp source package in Utopic:
Invalid
Status in linux-ec2 source package in Utopic:
Invalid
Status in linux-flo source package in Utopic:
Invalid
Status in linux-fsl-imx51 source package in Utopic:
Invalid
Status in linux-goldfish source package in Utopic:
Invalid
Status in linux-lts-backport-maverick source package in Utopic:
New
Status in linux-lts-backport-natty source package in Utopic:
New
Status in linux-lts-quantal source package in Utopic:
Invalid
Status in linux-lts-raring source package in Utopic:
Invalid
Status in linux-lts-saucy source package in Utopic:
Invalid
Status in linux-lts-trusty source package in Utopic:
Invalid
Status in linux-lts-utopic source package in Utopic:
Invalid
Status in linux-mako source package in Utopic:
Invalid
Status in linux-manta source package in Utopic:
Invalid
Status in linux-mvl-dove source package in Utopic:
Invalid
Status in linux-ti-omap4 source package in Utopic:
Invalid
Status in linux source package in Vivid:
Fix Released
Status in linux-armadaxp source package in Vivid:
Invalid
Status in linux-ec2 source package in Vivid:
Invalid
Status in linux-flo source package in Vivid:
Invalid
Status in linux-fsl-imx51 source package in Vivid:
Invalid
Status in linux-goldfish source package in Vivid:
Invalid
Status in linux-lts-backport-maverick source package in Vivid:
New
Status in linux-lts-backport-natty source package in Vivid:
New
Status in linux-lts-quantal source package in Vivid:
Invalid
Status in linux-lts-raring source package in Vivid:
Invalid
Status in linux-lts-saucy source package in Vivid:
Invalid
Status in linux-lts-trusty source package in Vivid:
Invalid
Status in linux-lts-utopic source package in Vivid:
Invalid
Status in linux-mako source package in Vivid:
Invalid
Status in linux-manta source package in Vivid:
Invalid
Status in linux-mvl-dove source package in Vivid:
Invalid
Status in linux-ti-omap4 source package in Vivid:
Invalid
Bug description:
[execution in the early microcode loader x86/intel] Guard against
stack overflow in the loader mc_saved_tmp is a static array allocated
on the stack, we need to make sure mc_saved_count stays within its
bounds, otherwise we're overflowing the stack in _save_mc(). A
specially crafted microcode header could lead to a kernel crash or
potentially kernel execution.
Break-Fix: ec400ddeff200b068ddc6c70f7321f49ecf32ed5
f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1438504/+subscriptions
References