← Back to team overview

kernel-packages team mailing list archive

[Bug 1463445] Re: CVE-2015-4003

 

This bug was fixed in the package linux-lts-trusty -
3.13.0-57.95~precise1

---------------
linux-lts-trusty (3.13.0-57.95~precise1) precise; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1466938

  [ Brad Figg ]

  * Merged back Ubuntu-3.13.0-55.94 regression fix for security release

linux (3.13.0-56.93) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1465798

  [ Upstream Kernel Changes ]

  * net: eth: xgene: devm_ioremap() returns NULL on error
    - LP: #1458042
  * drivers: net: xgene: fix new firmware backward compatibility with older
    driver
    - LP: #1458042
  * drivers: net: xgene: constify of_device_id array
    - LP: #1458042
  * drivers: net: xgene: Add second SGMII based 1G interface
    - LP: #1458042
  * net: phy: re-design phy_modes to be self-contained
    - LP: #1458042
  * dtb: change binding name to match with newer firmware DT
    - LP: #1458042
  * dtb: xgene: Add second SGMII based 1G interface node
    - LP: #1458042
  * Btrfs: make xattr replace operations atomic
    - LP: #1438501
    - CVE-2014-9710
  * cdc-acm: prevent infinite loop when parsing CDC headers.
    - LP: #1460657
  * (upstream) libata: Blacklist queued TRIM on all Samsung 800-series
    - LP: #1338706, #1449005
  * ahci: avoton port-disable reset-quirk
    - LP: #1458617
  * xfs: avoid false quotacheck after unclean shutdown
    - LP: #1461730
  * (upstream)[SCSI] Add timeout to avoid infinite command retry
    - LP: #1449372
  * (upstream)scsi_lib: remove the description string in
    scsi_io_completion()
    - LP: #1449372
  * udf: Remove repeated loads blocksize
    - LP: #1462173
    - CVE-2015-4167
  * udf: Check length of extended attributes and allocation descriptors
    - LP: #1462173
    - CVE-2015-4167
  * vfs: read file_handle only once in handle_to_path
    - LP: #1416503
    - CVE-2015-1420
  * ozwpan: Use unsigned ints to prevent heap overflow
    - LP: #1463442
    - CVE-2015-4001
  * ozwpan: divide-by-zero leading to panic
    - LP: #1463445
    - CVE-2015-4003
  * ozwpan: Use proper check to prevent heap overflow
    - LP: #1463444
    - CVE-2015-4002
  * ozwpan: unchecked signed subtraction leads to DoS
    - LP: #1463444
    - CVE-2015-4002
  * Input: elantech - add new icbody type
    - LP: #1464490
  * Bluetooth: ath3k: Add support Atheros AR5B195 combo Mini PCIe card
    - LP: #1465796
  * power_supply: twl4030_madc: Check return value of power_supply_register
    - LP: #1465796
  * power_supply: lp8788-charger: Fix leaked power supply on probe fail
    - LP: #1465796
  * ARM: dts: dove: Fix uart[23] reg property
    - LP: #1465796
  * xtensa: xtfpga: fix hardware lockup caused by LCD driver
    - LP: #1465796
  * Drivers: hv: vmbus: Fix a bug in the error path in vmbus_open()
    - LP: #1465796
  * xtensa: provide __NR_sync_file_range2 instead of __NR_sync_file_range
    - LP: #1465796
  * KVM: s390: Zero out current VMDB of STSI before including level3 data.
    - LP: #1465796
  * usb: musb: core: fix TX/RX endpoint order
    - LP: #1465796
  * drm/radeon: fix doublescan modes (v2)
    - LP: #1465796
  * usb: phy: Find the right match in devm_usb_phy_match
    - LP: #1465796
  * tools lib traceevent kbuffer: Remove extra update to data pointer in
    PADDING
    - LP: #1465796
  * ring-buffer: Replace this_cpu_*() with __this_cpu_*()
    - LP: #1465796
  * ASoC: wm8741: Fix rates constraints values
    - LP: #1465796
  * cdc-wdm: fix endianness bug in debug statements
    - LP: #1465796
  * staging: panel: fix lcd type
    - LP: #1465796
  * UBI: account for bitflips in both the VID header and data
    - LP: #1465796
  * UBI: fix out of bounds write
    - LP: #1465796
  * UBI: initialize LEB number variable
    - LP: #1465796
  * UBI: fix check for "too many bytes"
    - LP: #1465796
  * ARM: S3C64XX: Use fixed IRQ bases to avoid conflicts on Cragganmore
    - LP: #1465796
  * ASoC: davinci-evm: drop un-necessary remove function
    - LP: #1465796
  * iscsi-target: Convert iscsi_thread_set usage to kthread.h
    - LP: #1465796
  * Drivers: hv: vmbus: Don't wait after requesting offers
    - LP: #1465796
  * Btrfs: fix log tree corruption when fs mounted with -o discard
    - LP: #1465796
  * btrfs: don't accept bare namespace as a valid xattr
    - LP: #1465796
  * ARM: 8320/1: fix integer overflow in ELF_ET_DYN_BASE
    - LP: #1465796
  * rtlwifi: rtl8192cu: Add new USB ID
    - LP: #1465796
  * MIPS: Hibernate: flush TLB entries earlier
    - LP: #1465796
  * ASoC: cs4271: Increase delay time after reset
    - LP: #1465796
  * stk1160: Make sure current buffer is released
    - LP: #1465796
  * mnt: Improve the umount_tree flags
    - LP: #1465796
  * ext4: make fsync to sync parent dir in no-journal for real this time
    - LP: #1465796
  * Input: elantech - fix absolute mode setting on some ASUS laptops
    - LP: #1465796
  * usb: define a generic USB_RESUME_TIMEOUT macro
    - LP: #1465796
  * usb: host: xhci: use new USB_RESUME_TIMEOUT
    - LP: #1465796
  * usb: host: ehci: use new USB_RESUME_TIMEOUT
    - LP: #1465796
  * usb: host: uhci: use new USB_RESUME_TIMEOUT
    - LP: #1465796
  * usb: musb: use new USB_RESUME_TIMEOUT
    - LP: #1465796
  * usb: host: isp116x: use new USB_RESUME_TIMEOUT
    - LP: #1465796
  * usb: host: fotg210: use new USB_RESUME_TIMEOUT
    - LP: #1465796
  * usb: host: fusbh200: use new USB_RESUME_TIMEOUT
    - LP: #1465796
  * usb: host: oxu210hp: use new USB_RESUME_TIMEOUT
    - LP: #1465796
  * usb: host: r8a66597: use new USB_RESUME_TIMEOUT
    - LP: #1465796
  * usb: host: sl811: use new USB_RESUME_TIMEOUT
    - LP: #1465796
  * usb: dwc2: hcd: use new USB_RESUME_TIMEOUT
    - LP: #1465796
  * usb: isp1760: hcd: use new USB_RESUME_TIMEOUT
    - LP: #1465796
  * usb: core: hub: use new USB_RESUME_TIMEOUT
    - LP: #1465796
  * iser-target: Fix possible deadlock in RDMA_CM connection error
    - LP: #1465796
  * gpio: mvebu: Fix mask/unmask managment per irq chip type
    - LP: #1465796
  * scsi: storvsc: Fix a bug in copy_from_bounce_buffer()
    - LP: #1465796
  * ALSA: emu10k1: don't deadlock in proc-functions
    - LP: #1465796
  * xtensa: ISS: fix locking in TAP network adapter
    - LP: #1465796
  * s390/hibernate: fix save and restore of kernel text section
    - LP: #1465796
  * Btrfs: fix inode eviction infinite loop after extent_same ioctl
    - LP: #1465796
  * Btrfs: fix inode eviction infinite loop after cloning into it
    - LP: #1465796
  * ACPICA: Utilities: split IO address types from data type models.
    - LP: #1465796
  * drm/i915: Dont enable CS_PARSER_ERROR interrupts at all
    - LP: #1465796
  * target: Fix COMPARE_AND_WRITE with SG_TO_MEM_NOALLOC handling
    - LP: #1465796
  * mm/hugetlb: use pmd_page() in follow_huge_pmd()
    - LP: #1465796
  * fs/binfmt_elf.c: fix bug in loading of PIE binaries
    - LP: #1465796
  * IB/core: disallow registering 0-sized memory region
    - LP: #1465796
  * IB/core: don't disallow registering region starting at 0x0
    - LP: #1465796
  * ptrace: fix race between ptrace_resume() and wait_task_stopped()
    - LP: #1465796
  * mvsas: fix panic on expander attached SATA devices
    - LP: #1465796
  * drm/i915: cope with large i2c transfers
    - LP: #1465796
  * RCU pathwalk breakage when running into a symlink overmounting
    something
    - LP: #1465796
  * compal-laptop: Check return value of power_supply_register
    - LP: #1465796
  * sched/idle/x86: Restore mwait_idle() to fix boot hangs, to improve
    power savings and to improve performance
    - LP: #1465796
  * nfs: don't call blocking operations while !TASK_RUNNING
    - LP: #1465796
  * nfs: fix high load average due to callback thread sleeping
    - LP: #1465796
  * e1000: add dummy allocator to fix race condition between mtu change and
    netpoll
    - LP: #1465796
  * wl18xx: show rx_frames_per_rates as an array as it really is
    - LP: #1465796
  * lib: memzero_explicit: use barrier instead of OPTIMIZER_HIDE_VAR
    - LP: #1465796
  * driver core: bus: Goto appropriate labels on failure in bus_add_device
    - LP: #1465796
  * C6x: time: Ensure consistency in __init
    - LP: #1465796
  * crypto: omap-aes - Fix support for unequal lengths
    - LP: #1465796
  * jhash: Update jhash_[321]words functions to use correct initval
    - LP: #1465796
  * KVM: use slowpath for cross page cached accesses
    - LP: #1465796
  * powerpc: Fix missing L2 cache size in /sys/devices/system/cpu
    - LP: #1465796
  * NFS: fix BUG() crash in notify_change() with patch to chown_common()
    - LP: #1465796
  * i2c: core: Export bus recovery functions
    - LP: #1465796
  * IB/mlx4: Fix WQE LSO segment calculation
    - LP: #1465796
  * mlx5: wrong page mask if CONFIG_ARCH_DMA_ADDR_T_64BIT enabled for 32Bit
    architectures
    - LP: #1465796
  * skbuff: Do not scrub skb mark within the same name space
    - LP: #1465796
  * firmware/ihex2fw.c: restore missing default in switch statement
    - LP: #1465796
  * memstick: mspro_block: add missing curly braces
    - LP: #1465796
  * tools/power turbostat: Use $(CURDIR) instead of $(PWD) and add support
    for O= option in Makefile
    - LP: #1465796
  * ext4: fix data corruption caused by unwritten and delayed extents
    - LP: #1465796
  * powerpc: Add vr save/restore functions
    - LP: #1465796
  * Linux 3.13.11-ckt21
    - LP: #1465796

 -- Luis Henriques <luis.henriques@xxxxxxxxxxxxx>  Mon, 22 Jun 2015
10:03:47 +0100

** Changed in: linux-lts-trusty (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1463445

Title:
  CVE-2015-4003

Status in linux package in Ubuntu:
  Fix Released
Status in linux-armadaxp package in Ubuntu:
  Invalid
Status in linux-ec2 package in Ubuntu:
  Invalid
Status in linux-flo package in Ubuntu:
  New
Status in linux-fsl-imx51 package in Ubuntu:
  Invalid
Status in linux-goldfish package in Ubuntu:
  New
Status in linux-lts-backport-maverick package in Ubuntu:
  New
Status in linux-lts-backport-natty package in Ubuntu:
  New
Status in linux-lts-quantal package in Ubuntu:
  Invalid
Status in linux-lts-raring package in Ubuntu:
  Invalid
Status in linux-lts-saucy package in Ubuntu:
  Invalid
Status in linux-lts-trusty package in Ubuntu:
  Invalid
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux-lts-vivid package in Ubuntu:
  Invalid
Status in linux-mako package in Ubuntu:
  New
Status in linux-manta package in Ubuntu:
  New
Status in linux-mvl-dove package in Ubuntu:
  Invalid
Status in linux-ti-omap4 package in Ubuntu:
  Invalid
Status in linux source package in Precise:
  Invalid
Status in linux-armadaxp source package in Precise:
  Invalid
Status in linux-ec2 source package in Precise:
  Invalid
Status in linux-flo source package in Precise:
  Invalid
Status in linux-fsl-imx51 source package in Precise:
  Invalid
Status in linux-goldfish source package in Precise:
  Invalid
Status in linux-lts-backport-maverick source package in Precise:
  New
Status in linux-lts-backport-natty source package in Precise:
  New
Status in linux-lts-quantal source package in Precise:
  New
Status in linux-lts-raring source package in Precise:
  Invalid
Status in linux-lts-saucy source package in Precise:
  New
Status in linux-lts-trusty source package in Precise:
  Fix Released
Status in linux-lts-utopic source package in Precise:
  Invalid
Status in linux-lts-vivid source package in Precise:
  Invalid
Status in linux-mako source package in Precise:
  Invalid
Status in linux-manta source package in Precise:
  Invalid
Status in linux-mvl-dove source package in Precise:
  Invalid
Status in linux-ti-omap4 source package in Precise:
  Invalid
Status in linux source package in Trusty:
  Fix Released
Status in linux-armadaxp source package in Trusty:
  Invalid
Status in linux-ec2 source package in Trusty:
  Invalid
Status in linux-flo source package in Trusty:
  Invalid
Status in linux-fsl-imx51 source package in Trusty:
  Invalid
Status in linux-goldfish source package in Trusty:
  Invalid
Status in linux-lts-backport-maverick source package in Trusty:
  New
Status in linux-lts-backport-natty source package in Trusty:
  New
Status in linux-lts-quantal source package in Trusty:
  Invalid
Status in linux-lts-raring source package in Trusty:
  Invalid
Status in linux-lts-saucy source package in Trusty:
  Invalid
Status in linux-lts-trusty source package in Trusty:
  Invalid
Status in linux-lts-utopic source package in Trusty:
  Fix Released
Status in linux-lts-vivid source package in Trusty:
  Fix Released
Status in linux-mako source package in Trusty:
  Invalid
Status in linux-manta source package in Trusty:
  Invalid
Status in linux-mvl-dove source package in Trusty:
  Invalid
Status in linux-ti-omap4 source package in Trusty:
  Invalid
Status in linux source package in Utopic:
  Fix Released
Status in linux-armadaxp source package in Utopic:
  Invalid
Status in linux-ec2 source package in Utopic:
  Invalid
Status in linux-flo source package in Utopic:
  New
Status in linux-fsl-imx51 source package in Utopic:
  Invalid
Status in linux-goldfish source package in Utopic:
  New
Status in linux-lts-backport-maverick source package in Utopic:
  New
Status in linux-lts-backport-natty source package in Utopic:
  New
Status in linux-lts-quantal source package in Utopic:
  Invalid
Status in linux-lts-raring source package in Utopic:
  Invalid
Status in linux-lts-saucy source package in Utopic:
  Invalid
Status in linux-lts-trusty source package in Utopic:
  Invalid
Status in linux-lts-utopic source package in Utopic:
  Invalid
Status in linux-lts-vivid source package in Utopic:
  Invalid
Status in linux-mako source package in Utopic:
  New
Status in linux-manta source package in Utopic:
  New
Status in linux-mvl-dove source package in Utopic:
  Invalid
Status in linux-ti-omap4 source package in Utopic:
  Invalid
Status in linux source package in Vivid:
  Fix Released
Status in linux-armadaxp source package in Vivid:
  Invalid
Status in linux-ec2 source package in Vivid:
  Invalid
Status in linux-flo source package in Vivid:
  New
Status in linux-fsl-imx51 source package in Vivid:
  Invalid
Status in linux-goldfish source package in Vivid:
  New
Status in linux-lts-backport-maverick source package in Vivid:
  New
Status in linux-lts-backport-natty source package in Vivid:
  New
Status in linux-lts-quantal source package in Vivid:
  Invalid
Status in linux-lts-raring source package in Vivid:
  Invalid
Status in linux-lts-saucy source package in Vivid:
  Invalid
Status in linux-lts-trusty source package in Vivid:
  Invalid
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux-lts-vivid source package in Vivid:
  Invalid
Status in linux-mako source package in Vivid:
  New
Status in linux-manta source package in Vivid:
  New
Status in linux-mvl-dove source package in Vivid:
  Invalid
Status in linux-ti-omap4 source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Fix Released
Status in linux-armadaxp source package in Wily:
  Invalid
Status in linux-ec2 source package in Wily:
  Invalid
Status in linux-flo source package in Wily:
  New
Status in linux-fsl-imx51 source package in Wily:
  Invalid
Status in linux-goldfish source package in Wily:
  New
Status in linux-lts-backport-maverick source package in Wily:
  New
Status in linux-lts-backport-natty source package in Wily:
  New
Status in linux-lts-quantal source package in Wily:
  Invalid
Status in linux-lts-raring source package in Wily:
  Invalid
Status in linux-lts-saucy source package in Wily:
  Invalid
Status in linux-lts-trusty source package in Wily:
  Invalid
Status in linux-lts-utopic source package in Wily:
  Invalid
Status in linux-lts-vivid source package in Wily:
  Invalid
Status in linux-mako source package in Wily:
  New
Status in linux-manta source package in Wily:
  New
Status in linux-mvl-dove source package in Wily:
  Invalid
Status in linux-ti-omap4 source package in Wily:
  Invalid

Bug description:
  The oz_usb_handle_ep_data function in
  drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux
  kernel through 4.0.5 allows remote attackers to cause a denial of
  service (divide-by-zero error and system crash) via a crafted packet.

  Break-Fix: ae926051d7eb8f80dba9513db70d2e2fc8385d3a
  04bf464a5dfd9ade0dda918e44366c2c61fce80b

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1463445/+subscriptions


References