← Back to team overview

kernel-packages team mailing list archive

[Bug 1496232] Re: CVE-2015-6937

 

This bug was fixed in the package linux-lts-utopic -
3.16.0-51.69~14.04.1

---------------
linux-lts-utopic (3.16.0-51.69~14.04.1) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1503717

  [ Andy Whitcroft ]

  * Revert "SAUCE: aufs3: mmap: Fix races in madvise_remove() and
    sys_msync()"
    - LP: #1503655

  [ Ben Hutchings ]

  * SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
    - LP: #1503655
    - CVE-2015-7312

linux-lts-utopic (3.16.0-51.68~14.04.1) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1503239

  [ Ben Hutchings ]

  * SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
    - CVE-2015-7312

  [ John Johansen ]

  * SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
    - LP: #1496430

  [ Leann Ogasawara ]

  * [Config] d-i -- Add sfc to nic-modules udeb
    - LP: #1481490

  [ Upstream Kernel Changes ]

  * mmc: sdhci-pci: set the clear transfer mode register quirk for O2Micro
    - LP: #1472843
  * mmc: sdhci: Add a quirk for AMD SDHC transfer mode register need to be
    cleared for cmd without data
    - LP: #1472843
  * md: use kzalloc() when bitmap is disabled
    - LP: #1500484
  * sparc64: Fix userspace FPU register corruptions.
    - LP: #1500484
  * ARM: OMAP2+: hwmod: Fix _wait_target_ready() for hwmods without sysc
    - LP: #1500484
  * ASoC: pcm1681: Fix setting de-emphasis sampling rate selection
    - LP: #1500484
  * iscsi-target: Fix use-after-free during TPG session shutdown
    - LP: #1500484
  * iscsi-target: Fix iscsit_start_kthreads failure OOPs
    - LP: #1500484
  * iscsi-target: Fix iser explicit logout TX kthread leak
    - LP: #1500484
  * ARM: dts: i.MX35: Fix can support.
    - LP: #1500484
  * ALSA: hda - Apply fixup for another Toshiba Satellite S50D
    - LP: #1500484
  * vhost: actually track log eventfd file
    - LP: #1500484
  * arm64/efi: map the entire UEFI vendor string before reading it
    - LP: #1500484
  * xfs: remote attribute headers contain an invalid LSN
    - LP: #1500484
  * xfs: remote attributes need to be considered data
    - LP: #1500484
  * ALSA: hda - Apply a fixup to Dell Vostro 5480
    - LP: #1500484
  * ALSA: usb-audio: add dB range mapping for some devices
    - LP: #1500484
  * drm/i915: Replace WARN inside I915_READ64_2x32 with retry loop
    - LP: #1500484
  * drm/radeon/combios: add some validation of lvds values
    - LP: #1500484
  * x86/efi: Use all 64 bit of efi_memmap in setup_e820()
    - LP: #1500484
  * ipr: Fix locking for unit attention handling
    - LP: #1500484
  * ipr: Fix incorrect trace indexing
    - LP: #1500484
  * ipr: Fix invalid array indexing for HRRQ
    - LP: #1500484
  * ALSA: hda - Fix MacBook Pro 5,2 quirk
    - LP: #1500484
  * x86/xen: Probe target addresses in set_aliased_prot() before the
    hypercall
    - LP: #1500484
  * netfilter: ctnetlink: put back references to master ct and expect
    objects
    - LP: #1500484
  * ipvs: do not use random local source address for tunnels
    - LP: #1500484
  * ipvs: fix crash if scheduler is changed
    - LP: #1500484
  * ipvs: fix crash with sync protocol v0 and FTP
    - LP: #1500484
  * netfilter: nf_conntrack: Support expectations in different zones
    - LP: #1500484
  * NFS: Don't revalidate the mapping if both size and change attr are up
    to date
    - LP: #1500484
  * ALSA: hda - fix cs4210_spdif_automute()
    - LP: #1500484
  * net/mlx4_core: Fix wrong index in propagating port change event to VFs
    - LP: #1500484
  * niu: don't count tx error twice in case of headroom realloc fails
    - LP: #1500484
  * avr32: handle NULL as a valid clock object
    - LP: #1500484
  * packet: missing dev_put() in packet_do_bind()
    - LP: #1500484
  * packet: tpacket_snd(): fix signed/unsigned comparison
    - LP: #1500484
  * bridge: mdb: fix delmdb state in the notification
    - LP: #1500484
  * net: sched: fix refcount imbalance in actions
    - LP: #1500484
  * act_pedit: check binding before calling tcf_hash_release()
    - LP: #1500484
  * PCI: Restore PCI_MSIX_FLAGS_BIRMASK definition
    - LP: #1500484
  * USB: qcserial/option: make AT URCs work for Sierra Wireless
    MC7305/MC7355
    - LP: #1500484
  * USB: qcserial: Add support for Dell Wireless 5809e 4G Modem
    - LP: #1500484
  * nfsd: Drop BUG_ON and ignore SECLABEL on absent filesystem
    - LP: #1500484
  * crypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer
    - LP: #1500484
  * USB: sierra: add 1199:68AB device ID
    - LP: #1500484
  * rbd: fix copyup completion race
    - LP: #1500484
  * md/bitmap: return an error when bitmap superblock is corrupt.
    - LP: #1500484
  * md/raid1: extend spinlock to protect raid1_end_read_request against
    inconsistencies
    - LP: #1500484
  * thermal: exynos: Disable the regulator on probe failure
    - LP: #1500484
  * MIPS: Fix sched_getaffinity with MT FPAFF enabled
    - LP: #1500484
  * MIPS: Malta: Don't reinitialise RTC
    - LP: #1500484
  * MIPS: do_mcheck: Fix kernel code dump with EVA
    - LP: #1500484
  * MIPS: show_stack: Fix stack trace with EVA
    - LP: #1500484
  * MIPS: Flush RPS on kernel entry with EVA
    - LP: #1500484
  * xhci: fix off by one error in TRB DMA address boundary check
    - LP: #1500484
  * drivers/usb: Delete XHCI command timer if necessary
    - LP: #1500484
  * ALSA: fireworks/firewire-lib: add support for recent firmware quirk
    - LP: #1500484
  * mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations
    - LP: #1500484
  * MIPS: Make set_pte() SMP safe.
    - LP: #1500484
  * ipc: modify message queue accounting to not take kernel data structures
    into account
    - LP: #1500484
  * ocfs2: fix BUG in ocfs2_downconvert_thread_do_work()
    - LP: #1500484
  * fsnotify: fix oops in fsnotify_clear_marks_by_group_flags()
    - LP: #1500484
  * drm/radeon: fix hotplug race at startup
    - LP: #1500484
  * rtnetlink: verify IFLA_VF_INFO attributes before passing them to driver
    - LP: #1500484
  * net/tipc: initialize security state for new connection socket
    - LP: #1500484
  * net: pktgen: fix race between pktgen_thread_worker() and kthread_stop()
    - LP: #1500484
  * net: call rcu_read_lock early in process_backlog
    - LP: #1500484
  * net: Clone skb before setting peeked flag
    - LP: #1500484
  * net: Fix skb csum races when peeking
    - LP: #1500484
  * net: Fix skb_set_peeked use-after-free bug
    - LP: #1500484
  * ipv6: lock socket in ip6_datagram_connect()
    - LP: #1500484
  * bonding: correct the MAC address for "follow" fail_over_mac policy
    - LP: #1500484
  * netlink: don't hold mutex in rcu callback when releasing mmapd ring
    - LP: #1500484
  * rds: fix an integer overflow test in rds_info_getsockopt()
    - LP: #1500484
  * udp: fix dst races with multicast early demux
    - LP: #1500484
  * bna: fix interrupts storm caused by erroneous packets
    - LP: #1500484
  * net: gso: use feature flag argument in all protocol gso handlers
    - LP: #1500484
  * Fix firmware loader uevent buffer NULL pointer dereference
    - LP: #1500484
  * qla2xxx: Mark port lost when we receive an RSCN for it.
    - LP: #1500484
  * megaraid_sas: use raw_smp_processor_id()
    - LP: #1500484
  * fs/buffer.c: support buffer cache allocations with gfp modifiers
    - LP: #1500484
  * bufferhead: Add _gfp version for sb_getblk()
    - LP: #1500484
  * ext4: avoid deadlocks in the writeback path by using sb_getblk_gfp
    - LP: #1500484
  * HID: usbhid: add Chicony/Pixart usb optical mouse that needs
    QUIRK_ALWAYS_POLL
    - LP: #1500484
  * ima: add support for new "euid" policy condition
    - LP: #1500484
  * ima: extend "mask" policy matching support
    - LP: #1500484
  * mfd: arizona: Fix initialisation of the PM runtime
    - LP: #1500484
  * xen-blkfront: don't add indirect pages to list when !feature_persistent
    - LP: #1500484
  * xen-blkback: replace work_pending with work_busy in
    purge_persistent_gnt()
    - LP: #1500484
  * regmap: regcache-rbtree: Clean new present bits on present bitmap
    resize
    - LP: #1500484
  * target/iscsi: Fix double free of a TUR followed by a solicited NOPOUT
    - LP: #1500484
  * target: REPORT LUNS should return LUN 0 even for dynamic ACLs
    - LP: #1500484
  * perf: Fix fasync handling on inherited events
    - LP: #1500484
  * KVM: x86: Use adjustment in guest cycles when handling
    MSR_IA32_TSC_ADJUST
    - LP: #1500484
  * x86/ldt: Make modify_ldt synchronous
    - LP: #1500484
  * x86/ldt: Correct LDT access in single stepping logic
    - LP: #1500484
  * rcu: Provide counterpart to rcu_dereference() for non-RCU situations
    - LP: #1500484
  * rcu: Move lockless_dereference() out of rcupdate.h
    - LP: #1500484
  * x86/ldt: Correct FPU emulation access to LDT
    - LP: #1500484
  * localmodconfig: Use Kbuild files too
    - LP: #1500484
  * dm thin metadata: delete btrees when releasing metadata snapshot
    - LP: #1500484
  * dm btree: add ref counting ops for the leaves of top level btrees
    - LP: #1500484
  * drm/radeon: add new OLAND pci id
    - LP: #1500484
  * libiscsi: Fix host busy blocking during connection teardown
    - LP: #1500484
  * libfc: Fix fc_exch_recv_req() error path
    - LP: #1500484
  * libfc: Fix fc_fcp_cleanup_each_cmd()
    - LP: #1500484
  * EDAC, ppc4xx: Access mci->csrows array elements properly
    - LP: #1500484
  * crypto: caam - fix memory corruption in ahash_final_ctx
    - LP: #1500484
  * drm/vmwgfx: Fix execbuf locking issues
    - LP: #1500484
  * mm/hwpoison: fix page refcount of unknown non LRU page
    - LP: #1500484
  * ipc,sem: fix use after free on IPC_RMID after a task using same
    semaphore set exits
    - LP: #1500484
  * ipc/sem.c: change memory barrier in sem_lock() to smp_rmb()
    - LP: #1500484
  * ipc/sem.c: update/correct memory barriers
    - LP: #1500484
  * MIPS: Fix seccomp syscall argument for MIPS64
    - LP: #1500484
  * x86/ldt: Further fix FPU emulation
    - LP: #1500484
  * SCSI: Fix NULL pointer dereference in runtime PM
    - LP: #1500484
  * ALSA: usb-audio: Fix runtime PM unbalance
    - LP: #1500484
  * Add factory recertified Crucial M500s to blacklist
    - LP: #1500484
  * arm64: KVM: Fix host crash when injecting a fault into a 32bit guest
    - LP: #1500484
  * batman-adv: fix kernel crash due to missing NULL checks
    - LP: #1500484
  * batman-adv: protect tt_local_entry from concurrent delete events
    - LP: #1500484
  * perf: Fix PERF_EVENT_IOC_PERIOD migration race
    - LP: #1500484
  * net: Fix RCU splat in af_key
    - LP: #1500484
  * ip6_gre: release cached dst on tunnel removal
    - LP: #1500484
  * s390/sclp: fix compile error
    - LP: #1500484
  * xen/gntdev: convert priv->lock to a mutex
    - LP: #1500484
  * xen/gntdevt: Fix race condition in gntdev_release()
    - LP: #1500484
  * signalfd: fix information leak in signalfd_copyinfo
    - LP: #1500484
  * signal: fix information leak in copy_siginfo_to_user
    - LP: #1500484
  * signal: fix information leak in copy_siginfo_from_user32
    - LP: #1500484
  * Linux 3.16.7-ckt17
    - LP: #1500484
  * RDS: verify the underlying transport exists before creating a
    connection
    - LP: #1496232
    - CVE-2015-6937
  * virtio-net: drop NETIF_F_FRAGLIST
    - LP: #1484793
    - CVE-2015-5156

 -- Luis Henriques <luis.henriques@xxxxxxxxxxxxx>  Wed, 07 Oct 2015
14:43:44 +0100

** Changed in: linux-lts-utopic (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-5156

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7312

** Changed in: linux (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1496232

Title:
  CVE-2015-6937

Status in linux package in Ubuntu:
  Fix Committed
Status in linux-armadaxp package in Ubuntu:
  Invalid
Status in linux-ec2 package in Ubuntu:
  Invalid
Status in linux-flo package in Ubuntu:
  New
Status in linux-fsl-imx51 package in Ubuntu:
  Invalid
Status in linux-goldfish package in Ubuntu:
  New
Status in linux-lts-backport-maverick package in Ubuntu:
  New
Status in linux-lts-backport-natty package in Ubuntu:
  New
Status in linux-lts-quantal package in Ubuntu:
  Invalid
Status in linux-lts-raring package in Ubuntu:
  Invalid
Status in linux-lts-saucy package in Ubuntu:
  Invalid
Status in linux-lts-trusty package in Ubuntu:
  Invalid
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux-lts-vivid package in Ubuntu:
  Invalid
Status in linux-mako package in Ubuntu:
  New
Status in linux-manta package in Ubuntu:
  New
Status in linux-mvl-dove package in Ubuntu:
  Invalid
Status in linux-ti-omap4 package in Ubuntu:
  Invalid
Status in linux source package in Precise:
  Fix Released
Status in linux-armadaxp source package in Precise:
  Fix Released
Status in linux-ec2 source package in Precise:
  Invalid
Status in linux-flo source package in Precise:
  Invalid
Status in linux-fsl-imx51 source package in Precise:
  Invalid
Status in linux-goldfish source package in Precise:
  Invalid
Status in linux-lts-backport-maverick source package in Precise:
  New
Status in linux-lts-backport-natty source package in Precise:
  New
Status in linux-lts-quantal source package in Precise:
  Invalid
Status in linux-lts-raring source package in Precise:
  Invalid
Status in linux-lts-saucy source package in Precise:
  Invalid
Status in linux-lts-trusty source package in Precise:
  Fix Committed
Status in linux-lts-utopic source package in Precise:
  Invalid
Status in linux-lts-vivid source package in Precise:
  Invalid
Status in linux-mako source package in Precise:
  Invalid
Status in linux-manta source package in Precise:
  Invalid
Status in linux-mvl-dove source package in Precise:
  Invalid
Status in linux-ti-omap4 source package in Precise:
  Fix Released
Status in linux source package in Trusty:
  Fix Committed
Status in linux-armadaxp source package in Trusty:
  Invalid
Status in linux-ec2 source package in Trusty:
  Invalid
Status in linux-flo source package in Trusty:
  Invalid
Status in linux-fsl-imx51 source package in Trusty:
  Invalid
Status in linux-goldfish source package in Trusty:
  Invalid
Status in linux-lts-backport-maverick source package in Trusty:
  New
Status in linux-lts-backport-natty source package in Trusty:
  New
Status in linux-lts-quantal source package in Trusty:
  Invalid
Status in linux-lts-raring source package in Trusty:
  Invalid
Status in linux-lts-saucy source package in Trusty:
  Invalid
Status in linux-lts-trusty source package in Trusty:
  Invalid
Status in linux-lts-utopic source package in Trusty:
  Fix Released
Status in linux-lts-vivid source package in Trusty:
  Fix Committed
Status in linux-mako source package in Trusty:
  Invalid
Status in linux-manta source package in Trusty:
  Invalid
Status in linux-mvl-dove source package in Trusty:
  Invalid
Status in linux-ti-omap4 source package in Trusty:
  Invalid
Status in linux source package in Vivid:
  Fix Committed
Status in linux-armadaxp source package in Vivid:
  Invalid
Status in linux-ec2 source package in Vivid:
  Invalid
Status in linux-flo source package in Vivid:
  New
Status in linux-fsl-imx51 source package in Vivid:
  Invalid
Status in linux-goldfish source package in Vivid:
  New
Status in linux-lts-backport-maverick source package in Vivid:
  New
Status in linux-lts-backport-natty source package in Vivid:
  New
Status in linux-lts-quantal source package in Vivid:
  Invalid
Status in linux-lts-raring source package in Vivid:
  Invalid
Status in linux-lts-saucy source package in Vivid:
  Invalid
Status in linux-lts-trusty source package in Vivid:
  Invalid
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux-lts-vivid source package in Vivid:
  Invalid
Status in linux-mako source package in Vivid:
  New
Status in linux-manta source package in Vivid:
  New
Status in linux-mvl-dove source package in Vivid:
  Invalid
Status in linux-ti-omap4 source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Fix Committed
Status in linux-armadaxp source package in Wily:
  Invalid
Status in linux-ec2 source package in Wily:
  Invalid
Status in linux-flo source package in Wily:
  New
Status in linux-fsl-imx51 source package in Wily:
  Invalid
Status in linux-goldfish source package in Wily:
  New
Status in linux-lts-backport-maverick source package in Wily:
  New
Status in linux-lts-backport-natty source package in Wily:
  New
Status in linux-lts-quantal source package in Wily:
  Invalid
Status in linux-lts-raring source package in Wily:
  Invalid
Status in linux-lts-saucy source package in Wily:
  Invalid
Status in linux-lts-trusty source package in Wily:
  Invalid
Status in linux-lts-utopic source package in Wily:
  Invalid
Status in linux-lts-vivid source package in Wily:
  Invalid
Status in linux-mako source package in Wily:
  New
Status in linux-manta source package in Wily:
  New
Status in linux-mvl-dove source package in Wily:
  Invalid
Status in linux-ti-omap4 source package in Wily:
  Invalid

Bug description:
  It was discovered that the Reliable Datagram Sockets (RDS)
  implementation in the Linux kernel did not verify sockets were
  properly bound before attempting to send a message, which could cause
  a NULL pointer dereference. An attacker could use this to cause a
  denial of service (system crash).

  Break-Fix: - 74e98eb085889b0d2d4908f59f6e00026063014f

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1496232/+subscriptions


References