← Back to team overview

kernel-packages team mailing list archive

[Bug 1441108] Re: CVE-2015-2925

 

This bug was fixed in the package linux - 3.2.0-93.133

---------------
linux (3.2.0-93.133) precise; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1509350

  [ Upstream Kernel Changes ]

  * Revert "net: Fix skb csum races when peeking"
    - LP: #1508510

linux (3.2.0-93.132) precise; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1508939

  [ Upstream Kernel Changes ]

  * Revert "sctp: Fix race between OOTB responce and route removal"
    - LP: #1507665
  * USB: whiteheat: fix potential null-deref at probe
    - LP: #1478826
    - CVE-2015-5257
  * dcache: Handle escaped paths in prepend_path
    - LP: #1441108
    - CVE-2015-2925
  * vfs: Test for and handle paths that are unreachable from their mnt_root
    - LP: #1441108
    - CVE-2015-2925
  * ipv6: Fix build failure when CONFIG_INET disabled
    - LP: #1507665
  * pktgen: Require CONFIG_INET due to use of IPv4 checksum function
    - LP: #1507665
  * xen/gntdev: convert priv->lock to a mutex
    - LP: #1507665
  * xen/gntdevt: Fix race condition in gntdev_release()
    - LP: #1507665
  * crypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer
    - LP: #1507665
  * USB: sierra: add 1199:68AB device ID
    - LP: #1507665
  * target/iscsi: Fix double free of a TUR followed by a solicited NOPOUT
    - LP: #1507665
  * md/raid1: extend spinlock to protect raid1_end_read_request against
    inconsistencies
    - LP: #1507665
  * target: REPORT LUNS should return LUN 0 even for dynamic ACLs
    - LP: #1507665
  * MIPS: Fix sched_getaffinity with MT FPAFF enabled
    - LP: #1507665
  * xhci: fix off by one error in TRB DMA address boundary check
    - LP: #1507665
  * rds: fix an integer overflow test in rds_info_getsockopt()
    - LP: #1507665
  * perf: Fix fasync handling on inherited events
    - LP: #1507665
  * MIPS: Make set_pte() SMP safe.
    - LP: #1507665
  * ocfs2: fix BUG in ocfs2_downconvert_thread_do_work()
    - LP: #1507665
  * net: Clone skb before setting peeked flag
    - LP: #1507665
  * net: Fix skb_set_peeked use-after-free bug
    - LP: #1507665
  * x86/ldt: Make modify_ldt synchronous
    - LP: #1507665
  * x86/ldt: Correct LDT access in single stepping logic
    - LP: #1507665
  * x86/ldt: Correct FPU emulation access to LDT
    - LP: #1507665
  * localmodconfig: Use Kbuild files too
    - LP: #1507665
  * dm btree: add ref counting ops for the leaves of top level btrees
    - LP: #1507665
  * libiscsi: Fix host busy blocking during connection teardown
    - LP: #1507665
  * libfc: Fix fc_fcp_cleanup_each_cmd()
    - LP: #1507665
  * ipc,sem: fix use after free on IPC_RMID after a task using same
    semaphore set exits
    - LP: #1507665
  * x86/ldt: Further fix FPU emulation
    - LP: #1507665
  * net: Fix RCU splat in af_key
    - LP: #1507665
  * sctp: donot reset the overall_error_count in SHUTDOWN_RECEIVE state
    - LP: #1507665
  * sparc64: Fix userspace FPU register corruptions.
    - LP: #1507665
  * rc-core: fix remove uevent generation
    - LP: #1507665
  * PCI: Fix TI816X class code quirk
    - LP: #1507665
  * mac80211: enable assoc check for mesh interfaces
    - LP: #1507665
  * PCI: Add dev_flags bit to access VPD through function 0
    - LP: #1507665
  * PCI: Add VPD function 0 quirk for Intel Ethernet devices
    - LP: #1507665
  * usb: gadget: m66592-udc: forever loop in set_feature()
    - LP: #1507665
  * KVM: MMU: fix validation of mmio page fault
    - LP: #1507665
  * auxdisplay: ks0108: fix refcount
    - LP: #1507665
  * devres: fix devres_get()
    - LP: #1507665
  * windfarm: decrement client count when unregistering
    - LP: #1507665
  * NFSv4: don't set SETATTR for O_RDONLY|O_EXCL
    - LP: #1507665
  * drivers: usb: fsl: Workaround for USB erratum-A005275
    - LP: #1507665
  * serial: 8250: bind to ALi Fast Infrared Controller (ALI5123)
    - LP: #1507665
  * usb: host: ehci-sys: delete useless bus_to_hcd conversion
    - LP: #1507665
  * USB: ftdi_sio: Added custom PID for CustomWare products
    - LP: #1507665
  * eCryptfs: Invalidate dcache entries when lower i_nlink is zero
    - LP: #1507665
  * xfs: Fix xfs_attr_leafblock definition
    - LP: #1507665
  * DRM - radeon: Don't link train DisplayPort on HPD until we get the dpcd
    - LP: #1507665
  * rtlwifi: rtl8192cu: Add new device ID
    - LP: #1507665
  * rtlwifi: rtl8192cu: Add new device ID
    - LP: #1507665
  * of/address: Don't loop forever in of_find_matching_node_by_address().
    - LP: #1507665
  * drivercore: Fix unregistration path of platform devices
    - LP: #1507665
  * xfs: return errors from partial I/O failures to files
    - LP: #1507665
  * IB/qib: Change lkey table allocation to support more MRs
    - LP: #1507665
  * SUNRPC: xs_reset_transport must mark the connection as disconnected
    - LP: #1507665
  * IB/mlx4: Use correct SL on AH query under RoCE
    - LP: #1507665
  * IB/uverbs: Fix race between ib_uverbs_open and remove_one
    - LP: #1507665
  * spi: spi-pxa2xx: Check status register to determine if SSSR_TINT is
    disabled
    - LP: #1507665
  * drm/i915: Always mark the object as dirty when used by the GPU
    - LP: #1507665
  * Add radeon suspend/resume quirk for HP Compaq dc5750.
    - LP: #1507665
  * IB/uverbs: reject invalid or unknown opcodes
    - LP: #1507665
  * Input: evdev - do not report errors form flush()
    - LP: #1507665
  * crypto: ghash-clmulni: specify context size for ghash async algorithm
    - LP: #1507665
  * fs: create and use seq_show_option for escaping
    - LP: #1507665
  * ARM: 8429/1: disable GCC SRA optimization
    - LP: #1507665
  * pagemap: hide physical addresses from non-privileged users
    - LP: #1507665
  * powerpc/MSI: Fix race condition in tearing down MSI interrupts
    - LP: #1507665
  * hfs,hfsplus: cache pages correctly between bnode_create and bnode_free
    - LP: #1507665
  * hfs: fix B-tree corruption after insertion at position 0
    - LP: #1507665
  * perf header: Fixup reading of HEADER_NRCPUS feature
    - LP: #1507665
  * USB: option: add ZTE PIDs
    - LP: #1507665
  * Btrfs: fix read corruption of compressed and shared extents
    - LP: #1507665
  * btrfs: skip waiting on ordered range for special files
    - LP: #1507665
  * ARM: 7880/1: Clear the IT state independent of the Thumb-2 mode
    - LP: #1507665
  * ARM: fix Thumb2 signal handling when ARMv6 is enabled
    - LP: #1507665
  * x86/platform: Fix Geode LX timekeeping in the generic x86 build
    - LP: #1507665
  * ASoC: fix broken pxa SoC support
    - LP: #1507665
  * s390/compat: correct uc_sigmask of the compat signal frame
    - LP: #1507665
  * KVM: x86: trap AMD MSRs for the TSeg base and mask
    - LP: #1507665
  * usb: Use the USB_SS_MULT() macro to get the burst multiplier.
    - LP: #1507665
  * xhci: give command abortion one more chance before killing xhci
    - LP: #1507665
  * usb: xhci: Clear XHCI_STATE_DYING on start
    - LP: #1507665
  * xhci: change xhci 1.0 only restrictions to support xhci 1.1
    - LP: #1507665
  * cifs: use server timestamp for ntlmv2 authentication
    - LP: #1507665
  * x86/paravirt: Replace the paravirt nop with a bona fide empty function
    - LP: #1507665
  * ocfs2/dlm: fix deadlock when dispatch assert master
    - LP: #1507665
  * ipv6: addrconf: validate new MTU before applying it
    - LP: #1507665
  * ipc/sem.c: fully initialize sem_array before making it visible
    - LP: #1507665
  * Initialize msg/shm IPC objects before doing ipc_addid()
    - LP: #1507665
  * net/tipc: initialize security state for new connection socket
    - LP: #1507665
  * net: pktgen: fix race between pktgen_thread_worker() and kthread_stop()
    - LP: #1507665
  * net: Fix skb csum races when peeking
    - LP: #1507665
  * ipv6: lock socket in ip6_datagram_connect()
    - LP: #1507665
  * bonding: correct the MAC address for "follow" fail_over_mac policy
    - LP: #1507665
  * net/ipv6: Correct PIM6 mrt_lock handling
    - LP: #1507665
  * fib_rules: fix fib rule dumps across multiple skbs
    - LP: #1507665
  * perf tools: Fix build with perl 5.18
    - LP: #1507665
  * ipv6: prevent fib6_run_gc() contention
    - LP: #1507665
  * ipv6: update ip6_rt_last_gc every time GC is run
    - LP: #1507665
  * parisc: Filter out spurious interrupts in PA-RISC irq handler
    - LP: #1507665
  * jbd2: avoid infinite loop when destroying aborted journal
    - LP: #1507665
  * Linux 3.2.72
    - LP: #1507665

 -- Luis Henriques <luis.henriques@xxxxxxxxxxxxx>  Fri, 23 Oct 2015
12:17:43 +0100

** Changed in: linux (Ubuntu Precise)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-5257

** Changed in: linux-armadaxp (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1441108

Title:
  CVE-2015-2925

Status in linux package in Ubuntu:
  Invalid
Status in linux-armadaxp package in Ubuntu:
  Invalid
Status in linux-ec2 package in Ubuntu:
  Invalid
Status in linux-flo package in Ubuntu:
  New
Status in linux-fsl-imx51 package in Ubuntu:
  Invalid
Status in linux-goldfish package in Ubuntu:
  New
Status in linux-lts-backport-maverick package in Ubuntu:
  New
Status in linux-lts-backport-natty package in Ubuntu:
  New
Status in linux-lts-quantal package in Ubuntu:
  Invalid
Status in linux-lts-raring package in Ubuntu:
  Invalid
Status in linux-lts-saucy package in Ubuntu:
  Invalid
Status in linux-lts-trusty package in Ubuntu:
  Invalid
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux-lts-vivid package in Ubuntu:
  Invalid
Status in linux-mako package in Ubuntu:
  New
Status in linux-manta package in Ubuntu:
  New
Status in linux-mvl-dove package in Ubuntu:
  Invalid
Status in linux-ti-omap4 package in Ubuntu:
  Invalid
Status in linux-lts-backport-maverick source package in Lucid:
  Won't Fix
Status in linux-lts-backport-natty source package in Lucid:
  Won't Fix
Status in linux source package in Precise:
  Fix Released
Status in linux-armadaxp source package in Precise:
  Fix Released
Status in linux-ec2 source package in Precise:
  Invalid
Status in linux-flo source package in Precise:
  Invalid
Status in linux-fsl-imx51 source package in Precise:
  Invalid
Status in linux-goldfish source package in Precise:
  Invalid
Status in linux-lts-backport-maverick source package in Precise:
  New
Status in linux-lts-backport-natty source package in Precise:
  New
Status in linux-lts-quantal source package in Precise:
  Invalid
Status in linux-lts-raring source package in Precise:
  Invalid
Status in linux-lts-saucy source package in Precise:
  Invalid
Status in linux-lts-trusty source package in Precise:
  Fix Released
Status in linux-lts-utopic source package in Precise:
  Invalid
Status in linux-lts-vivid source package in Precise:
  Invalid
Status in linux-mako source package in Precise:
  Invalid
Status in linux-manta source package in Precise:
  Invalid
Status in linux-mvl-dove source package in Precise:
  Invalid
Status in linux-ti-omap4 source package in Precise:
  Fix Released
Status in linux source package in Trusty:
  Fix Released
Status in linux-armadaxp source package in Trusty:
  Invalid
Status in linux-ec2 source package in Trusty:
  Invalid
Status in linux-flo source package in Trusty:
  Invalid
Status in linux-fsl-imx51 source package in Trusty:
  Invalid
Status in linux-goldfish source package in Trusty:
  Invalid
Status in linux-lts-backport-maverick source package in Trusty:
  New
Status in linux-lts-backport-natty source package in Trusty:
  New
Status in linux-lts-quantal source package in Trusty:
  Invalid
Status in linux-lts-raring source package in Trusty:
  Invalid
Status in linux-lts-saucy source package in Trusty:
  Invalid
Status in linux-lts-trusty source package in Trusty:
  Invalid
Status in linux-lts-utopic source package in Trusty:
  Fix Released
Status in linux-lts-vivid source package in Trusty:
  Fix Released
Status in linux-mako source package in Trusty:
  Invalid
Status in linux-manta source package in Trusty:
  Invalid
Status in linux-mvl-dove source package in Trusty:
  Invalid
Status in linux-ti-omap4 source package in Trusty:
  Invalid
Status in linux-lts-backport-maverick source package in Utopic:
  New
Status in linux-lts-backport-natty source package in Utopic:
  New
Status in linux source package in Vivid:
  Fix Released
Status in linux-armadaxp source package in Vivid:
  Invalid
Status in linux-ec2 source package in Vivid:
  Invalid
Status in linux-flo source package in Vivid:
  New
Status in linux-fsl-imx51 source package in Vivid:
  Invalid
Status in linux-goldfish source package in Vivid:
  New
Status in linux-lts-backport-maverick source package in Vivid:
  New
Status in linux-lts-backport-natty source package in Vivid:
  New
Status in linux-lts-quantal source package in Vivid:
  Invalid
Status in linux-lts-raring source package in Vivid:
  Invalid
Status in linux-lts-saucy source package in Vivid:
  Invalid
Status in linux-lts-trusty source package in Vivid:
  Invalid
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux-lts-vivid source package in Vivid:
  Invalid
Status in linux-mako source package in Vivid:
  New
Status in linux-manta source package in Vivid:
  New
Status in linux-mvl-dove source package in Vivid:
  Invalid
Status in linux-ti-omap4 source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Invalid
Status in linux-armadaxp source package in Wily:
  Invalid
Status in linux-ec2 source package in Wily:
  Invalid
Status in linux-flo source package in Wily:
  New
Status in linux-fsl-imx51 source package in Wily:
  Invalid
Status in linux-goldfish source package in Wily:
  New
Status in linux-lts-backport-maverick source package in Wily:
  New
Status in linux-lts-backport-natty source package in Wily:
  New
Status in linux-lts-quantal source package in Wily:
  Invalid
Status in linux-lts-raring source package in Wily:
  Invalid
Status in linux-lts-saucy source package in Wily:
  Invalid
Status in linux-lts-trusty source package in Wily:
  Invalid
Status in linux-lts-utopic source package in Wily:
  Invalid
Status in linux-lts-vivid source package in Wily:
  Invalid
Status in linux-mako source package in Wily:
  New
Status in linux-manta source package in Wily:
  New
Status in linux-mvl-dove source package in Wily:
  Invalid
Status in linux-ti-omap4 source package in Wily:
  Invalid
Status in linux source package in Xenial:
  Invalid
Status in linux-armadaxp source package in Xenial:
  Invalid
Status in linux-ec2 source package in Xenial:
  Invalid
Status in linux-flo source package in Xenial:
  New
Status in linux-fsl-imx51 source package in Xenial:
  Invalid
Status in linux-goldfish source package in Xenial:
  New
Status in linux-lts-backport-maverick source package in Xenial:
  New
Status in linux-lts-backport-natty source package in Xenial:
  New
Status in linux-lts-quantal source package in Xenial:
  Invalid
Status in linux-lts-raring source package in Xenial:
  Invalid
Status in linux-lts-saucy source package in Xenial:
  Invalid
Status in linux-lts-trusty source package in Xenial:
  Invalid
Status in linux-lts-utopic source package in Xenial:
  Invalid
Status in linux-lts-vivid source package in Xenial:
  Invalid
Status in linux-mako source package in Xenial:
  New
Status in linux-manta source package in Xenial:
  New
Status in linux-mvl-dove source package in Xenial:
  Invalid
Status in linux-ti-omap4 source package in Xenial:
  Invalid

Bug description:
  [It is possible to escape from bind mounts]

  Break-Fix: - cde93be45a8a90d8c264c776fab63487b5038a65
  Break-Fix: - 397d425dc26da728396e66d392d5dcb8dac30c37

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1441108/+subscriptions


References