kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #140697
[Bug 1496232] Re: CVE-2015-6937
This bug was fixed in the package linux-lts-utopic -
3.16.0-51.69~14.04.1
---------------
linux-lts-utopic (3.16.0-51.69~14.04.1) trusty; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1503717
[ Andy Whitcroft ]
* Revert "SAUCE: aufs3: mmap: Fix races in madvise_remove() and
sys_msync()"
- LP: #1503655
[ Ben Hutchings ]
* SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
- LP: #1503655
- CVE-2015-7312
linux-lts-utopic (3.16.0-51.68~14.04.1) trusty; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1503239
[ Ben Hutchings ]
* SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
- CVE-2015-7312
[ John Johansen ]
* SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
- LP: #1496430
[ Leann Ogasawara ]
* [Config] d-i -- Add sfc to nic-modules udeb
- LP: #1481490
[ Upstream Kernel Changes ]
* mmc: sdhci-pci: set the clear transfer mode register quirk for O2Micro
- LP: #1472843
* mmc: sdhci: Add a quirk for AMD SDHC transfer mode register need to be
cleared for cmd without data
- LP: #1472843
* md: use kzalloc() when bitmap is disabled
- LP: #1500484
* sparc64: Fix userspace FPU register corruptions.
- LP: #1500484
* ARM: OMAP2+: hwmod: Fix _wait_target_ready() for hwmods without sysc
- LP: #1500484
* ASoC: pcm1681: Fix setting de-emphasis sampling rate selection
- LP: #1500484
* iscsi-target: Fix use-after-free during TPG session shutdown
- LP: #1500484
* iscsi-target: Fix iscsit_start_kthreads failure OOPs
- LP: #1500484
* iscsi-target: Fix iser explicit logout TX kthread leak
- LP: #1500484
* ARM: dts: i.MX35: Fix can support.
- LP: #1500484
* ALSA: hda - Apply fixup for another Toshiba Satellite S50D
- LP: #1500484
* vhost: actually track log eventfd file
- LP: #1500484
* arm64/efi: map the entire UEFI vendor string before reading it
- LP: #1500484
* xfs: remote attribute headers contain an invalid LSN
- LP: #1500484
* xfs: remote attributes need to be considered data
- LP: #1500484
* ALSA: hda - Apply a fixup to Dell Vostro 5480
- LP: #1500484
* ALSA: usb-audio: add dB range mapping for some devices
- LP: #1500484
* drm/i915: Replace WARN inside I915_READ64_2x32 with retry loop
- LP: #1500484
* drm/radeon/combios: add some validation of lvds values
- LP: #1500484
* x86/efi: Use all 64 bit of efi_memmap in setup_e820()
- LP: #1500484
* ipr: Fix locking for unit attention handling
- LP: #1500484
* ipr: Fix incorrect trace indexing
- LP: #1500484
* ipr: Fix invalid array indexing for HRRQ
- LP: #1500484
* ALSA: hda - Fix MacBook Pro 5,2 quirk
- LP: #1500484
* x86/xen: Probe target addresses in set_aliased_prot() before the
hypercall
- LP: #1500484
* netfilter: ctnetlink: put back references to master ct and expect
objects
- LP: #1500484
* ipvs: do not use random local source address for tunnels
- LP: #1500484
* ipvs: fix crash if scheduler is changed
- LP: #1500484
* ipvs: fix crash with sync protocol v0 and FTP
- LP: #1500484
* netfilter: nf_conntrack: Support expectations in different zones
- LP: #1500484
* NFS: Don't revalidate the mapping if both size and change attr are up
to date
- LP: #1500484
* ALSA: hda - fix cs4210_spdif_automute()
- LP: #1500484
* net/mlx4_core: Fix wrong index in propagating port change event to VFs
- LP: #1500484
* niu: don't count tx error twice in case of headroom realloc fails
- LP: #1500484
* avr32: handle NULL as a valid clock object
- LP: #1500484
* packet: missing dev_put() in packet_do_bind()
- LP: #1500484
* packet: tpacket_snd(): fix signed/unsigned comparison
- LP: #1500484
* bridge: mdb: fix delmdb state in the notification
- LP: #1500484
* net: sched: fix refcount imbalance in actions
- LP: #1500484
* act_pedit: check binding before calling tcf_hash_release()
- LP: #1500484
* PCI: Restore PCI_MSIX_FLAGS_BIRMASK definition
- LP: #1500484
* USB: qcserial/option: make AT URCs work for Sierra Wireless
MC7305/MC7355
- LP: #1500484
* USB: qcserial: Add support for Dell Wireless 5809e 4G Modem
- LP: #1500484
* nfsd: Drop BUG_ON and ignore SECLABEL on absent filesystem
- LP: #1500484
* crypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer
- LP: #1500484
* USB: sierra: add 1199:68AB device ID
- LP: #1500484
* rbd: fix copyup completion race
- LP: #1500484
* md/bitmap: return an error when bitmap superblock is corrupt.
- LP: #1500484
* md/raid1: extend spinlock to protect raid1_end_read_request against
inconsistencies
- LP: #1500484
* thermal: exynos: Disable the regulator on probe failure
- LP: #1500484
* MIPS: Fix sched_getaffinity with MT FPAFF enabled
- LP: #1500484
* MIPS: Malta: Don't reinitialise RTC
- LP: #1500484
* MIPS: do_mcheck: Fix kernel code dump with EVA
- LP: #1500484
* MIPS: show_stack: Fix stack trace with EVA
- LP: #1500484
* MIPS: Flush RPS on kernel entry with EVA
- LP: #1500484
* xhci: fix off by one error in TRB DMA address boundary check
- LP: #1500484
* drivers/usb: Delete XHCI command timer if necessary
- LP: #1500484
* ALSA: fireworks/firewire-lib: add support for recent firmware quirk
- LP: #1500484
* mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations
- LP: #1500484
* MIPS: Make set_pte() SMP safe.
- LP: #1500484
* ipc: modify message queue accounting to not take kernel data structures
into account
- LP: #1500484
* ocfs2: fix BUG in ocfs2_downconvert_thread_do_work()
- LP: #1500484
* fsnotify: fix oops in fsnotify_clear_marks_by_group_flags()
- LP: #1500484
* drm/radeon: fix hotplug race at startup
- LP: #1500484
* rtnetlink: verify IFLA_VF_INFO attributes before passing them to driver
- LP: #1500484
* net/tipc: initialize security state for new connection socket
- LP: #1500484
* net: pktgen: fix race between pktgen_thread_worker() and kthread_stop()
- LP: #1500484
* net: call rcu_read_lock early in process_backlog
- LP: #1500484
* net: Clone skb before setting peeked flag
- LP: #1500484
* net: Fix skb csum races when peeking
- LP: #1500484
* net: Fix skb_set_peeked use-after-free bug
- LP: #1500484
* ipv6: lock socket in ip6_datagram_connect()
- LP: #1500484
* bonding: correct the MAC address for "follow" fail_over_mac policy
- LP: #1500484
* netlink: don't hold mutex in rcu callback when releasing mmapd ring
- LP: #1500484
* rds: fix an integer overflow test in rds_info_getsockopt()
- LP: #1500484
* udp: fix dst races with multicast early demux
- LP: #1500484
* bna: fix interrupts storm caused by erroneous packets
- LP: #1500484
* net: gso: use feature flag argument in all protocol gso handlers
- LP: #1500484
* Fix firmware loader uevent buffer NULL pointer dereference
- LP: #1500484
* qla2xxx: Mark port lost when we receive an RSCN for it.
- LP: #1500484
* megaraid_sas: use raw_smp_processor_id()
- LP: #1500484
* fs/buffer.c: support buffer cache allocations with gfp modifiers
- LP: #1500484
* bufferhead: Add _gfp version for sb_getblk()
- LP: #1500484
* ext4: avoid deadlocks in the writeback path by using sb_getblk_gfp
- LP: #1500484
* HID: usbhid: add Chicony/Pixart usb optical mouse that needs
QUIRK_ALWAYS_POLL
- LP: #1500484
* ima: add support for new "euid" policy condition
- LP: #1500484
* ima: extend "mask" policy matching support
- LP: #1500484
* mfd: arizona: Fix initialisation of the PM runtime
- LP: #1500484
* xen-blkfront: don't add indirect pages to list when !feature_persistent
- LP: #1500484
* xen-blkback: replace work_pending with work_busy in
purge_persistent_gnt()
- LP: #1500484
* regmap: regcache-rbtree: Clean new present bits on present bitmap
resize
- LP: #1500484
* target/iscsi: Fix double free of a TUR followed by a solicited NOPOUT
- LP: #1500484
* target: REPORT LUNS should return LUN 0 even for dynamic ACLs
- LP: #1500484
* perf: Fix fasync handling on inherited events
- LP: #1500484
* KVM: x86: Use adjustment in guest cycles when handling
MSR_IA32_TSC_ADJUST
- LP: #1500484
* x86/ldt: Make modify_ldt synchronous
- LP: #1500484
* x86/ldt: Correct LDT access in single stepping logic
- LP: #1500484
* rcu: Provide counterpart to rcu_dereference() for non-RCU situations
- LP: #1500484
* rcu: Move lockless_dereference() out of rcupdate.h
- LP: #1500484
* x86/ldt: Correct FPU emulation access to LDT
- LP: #1500484
* localmodconfig: Use Kbuild files too
- LP: #1500484
* dm thin metadata: delete btrees when releasing metadata snapshot
- LP: #1500484
* dm btree: add ref counting ops for the leaves of top level btrees
- LP: #1500484
* drm/radeon: add new OLAND pci id
- LP: #1500484
* libiscsi: Fix host busy blocking during connection teardown
- LP: #1500484
* libfc: Fix fc_exch_recv_req() error path
- LP: #1500484
* libfc: Fix fc_fcp_cleanup_each_cmd()
- LP: #1500484
* EDAC, ppc4xx: Access mci->csrows array elements properly
- LP: #1500484
* crypto: caam - fix memory corruption in ahash_final_ctx
- LP: #1500484
* drm/vmwgfx: Fix execbuf locking issues
- LP: #1500484
* mm/hwpoison: fix page refcount of unknown non LRU page
- LP: #1500484
* ipc,sem: fix use after free on IPC_RMID after a task using same
semaphore set exits
- LP: #1500484
* ipc/sem.c: change memory barrier in sem_lock() to smp_rmb()
- LP: #1500484
* ipc/sem.c: update/correct memory barriers
- LP: #1500484
* MIPS: Fix seccomp syscall argument for MIPS64
- LP: #1500484
* x86/ldt: Further fix FPU emulation
- LP: #1500484
* SCSI: Fix NULL pointer dereference in runtime PM
- LP: #1500484
* ALSA: usb-audio: Fix runtime PM unbalance
- LP: #1500484
* Add factory recertified Crucial M500s to blacklist
- LP: #1500484
* arm64: KVM: Fix host crash when injecting a fault into a 32bit guest
- LP: #1500484
* batman-adv: fix kernel crash due to missing NULL checks
- LP: #1500484
* batman-adv: protect tt_local_entry from concurrent delete events
- LP: #1500484
* perf: Fix PERF_EVENT_IOC_PERIOD migration race
- LP: #1500484
* net: Fix RCU splat in af_key
- LP: #1500484
* ip6_gre: release cached dst on tunnel removal
- LP: #1500484
* s390/sclp: fix compile error
- LP: #1500484
* xen/gntdev: convert priv->lock to a mutex
- LP: #1500484
* xen/gntdevt: Fix race condition in gntdev_release()
- LP: #1500484
* signalfd: fix information leak in signalfd_copyinfo
- LP: #1500484
* signal: fix information leak in copy_siginfo_to_user
- LP: #1500484
* signal: fix information leak in copy_siginfo_from_user32
- LP: #1500484
* Linux 3.16.7-ckt17
- LP: #1500484
* RDS: verify the underlying transport exists before creating a
connection
- LP: #1496232
- CVE-2015-6937
* virtio-net: drop NETIF_F_FRAGLIST
- LP: #1484793
- CVE-2015-5156
-- Luis Henriques <luis.henriques@xxxxxxxxxxxxx> Wed, 07 Oct 2015
14:43:44 +0100
** Changed in: linux-lts-utopic (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-5156
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7312
** Changed in: linux (Ubuntu Precise)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1496232
Title:
CVE-2015-6937
Status in linux package in Ubuntu:
Fix Committed
Status in linux-armadaxp package in Ubuntu:
Invalid
Status in linux-ec2 package in Ubuntu:
Invalid
Status in linux-flo package in Ubuntu:
New
Status in linux-fsl-imx51 package in Ubuntu:
Invalid
Status in linux-goldfish package in Ubuntu:
New
Status in linux-lts-backport-maverick package in Ubuntu:
New
Status in linux-lts-backport-natty package in Ubuntu:
New
Status in linux-lts-quantal package in Ubuntu:
Invalid
Status in linux-lts-raring package in Ubuntu:
Invalid
Status in linux-lts-saucy package in Ubuntu:
Invalid
Status in linux-lts-trusty package in Ubuntu:
Invalid
Status in linux-lts-utopic package in Ubuntu:
Invalid
Status in linux-lts-vivid package in Ubuntu:
Invalid
Status in linux-mako package in Ubuntu:
New
Status in linux-manta package in Ubuntu:
New
Status in linux-mvl-dove package in Ubuntu:
Invalid
Status in linux-ti-omap4 package in Ubuntu:
Invalid
Status in linux source package in Precise:
Fix Released
Status in linux-armadaxp source package in Precise:
Fix Released
Status in linux-ec2 source package in Precise:
Invalid
Status in linux-flo source package in Precise:
Invalid
Status in linux-fsl-imx51 source package in Precise:
Invalid
Status in linux-goldfish source package in Precise:
Invalid
Status in linux-lts-backport-maverick source package in Precise:
New
Status in linux-lts-backport-natty source package in Precise:
New
Status in linux-lts-quantal source package in Precise:
Invalid
Status in linux-lts-raring source package in Precise:
Invalid
Status in linux-lts-saucy source package in Precise:
Invalid
Status in linux-lts-trusty source package in Precise:
Fix Committed
Status in linux-lts-utopic source package in Precise:
Invalid
Status in linux-lts-vivid source package in Precise:
Invalid
Status in linux-mako source package in Precise:
Invalid
Status in linux-manta source package in Precise:
Invalid
Status in linux-mvl-dove source package in Precise:
Invalid
Status in linux-ti-omap4 source package in Precise:
Fix Released
Status in linux source package in Trusty:
Fix Committed
Status in linux-armadaxp source package in Trusty:
Invalid
Status in linux-ec2 source package in Trusty:
Invalid
Status in linux-flo source package in Trusty:
Invalid
Status in linux-fsl-imx51 source package in Trusty:
Invalid
Status in linux-goldfish source package in Trusty:
Invalid
Status in linux-lts-backport-maverick source package in Trusty:
New
Status in linux-lts-backport-natty source package in Trusty:
New
Status in linux-lts-quantal source package in Trusty:
Invalid
Status in linux-lts-raring source package in Trusty:
Invalid
Status in linux-lts-saucy source package in Trusty:
Invalid
Status in linux-lts-trusty source package in Trusty:
Invalid
Status in linux-lts-utopic source package in Trusty:
Fix Released
Status in linux-lts-vivid source package in Trusty:
Fix Committed
Status in linux-mako source package in Trusty:
Invalid
Status in linux-manta source package in Trusty:
Invalid
Status in linux-mvl-dove source package in Trusty:
Invalid
Status in linux-ti-omap4 source package in Trusty:
Invalid
Status in linux source package in Vivid:
Fix Committed
Status in linux-armadaxp source package in Vivid:
Invalid
Status in linux-ec2 source package in Vivid:
Invalid
Status in linux-flo source package in Vivid:
New
Status in linux-fsl-imx51 source package in Vivid:
Invalid
Status in linux-goldfish source package in Vivid:
New
Status in linux-lts-backport-maverick source package in Vivid:
New
Status in linux-lts-backport-natty source package in Vivid:
New
Status in linux-lts-quantal source package in Vivid:
Invalid
Status in linux-lts-raring source package in Vivid:
Invalid
Status in linux-lts-saucy source package in Vivid:
Invalid
Status in linux-lts-trusty source package in Vivid:
Invalid
Status in linux-lts-utopic source package in Vivid:
Invalid
Status in linux-lts-vivid source package in Vivid:
Invalid
Status in linux-mako source package in Vivid:
New
Status in linux-manta source package in Vivid:
New
Status in linux-mvl-dove source package in Vivid:
Invalid
Status in linux-ti-omap4 source package in Vivid:
Invalid
Status in linux source package in Wily:
Fix Committed
Status in linux-armadaxp source package in Wily:
Invalid
Status in linux-ec2 source package in Wily:
Invalid
Status in linux-flo source package in Wily:
New
Status in linux-fsl-imx51 source package in Wily:
Invalid
Status in linux-goldfish source package in Wily:
New
Status in linux-lts-backport-maverick source package in Wily:
New
Status in linux-lts-backport-natty source package in Wily:
New
Status in linux-lts-quantal source package in Wily:
Invalid
Status in linux-lts-raring source package in Wily:
Invalid
Status in linux-lts-saucy source package in Wily:
Invalid
Status in linux-lts-trusty source package in Wily:
Invalid
Status in linux-lts-utopic source package in Wily:
Invalid
Status in linux-lts-vivid source package in Wily:
Invalid
Status in linux-mako source package in Wily:
New
Status in linux-manta source package in Wily:
New
Status in linux-mvl-dove source package in Wily:
Invalid
Status in linux-ti-omap4 source package in Wily:
Invalid
Bug description:
It was discovered that the Reliable Datagram Sockets (RDS)
implementation in the Linux kernel did not verify sockets were
properly bound before attempting to send a message, which could cause
a NULL pointer dereference. An attacker could use this to cause a
denial of service (system crash).
Break-Fix: - 74e98eb085889b0d2d4908f59f6e00026063014f
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1496232/+subscriptions
References