← Back to team overview

kernel-packages team mailing list archive

[Bug 1441108] Re: CVE-2015-2925

 

This bug was fixed in the package linux-lts-utopic -
3.16.0-52.71~14.04.1

---------------
linux-lts-utopic (3.16.0-52.71~14.04.1) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1509362

  [ Upstream Kernel Changes ]

  * Revert "net: Fix skb csum races when peeking"
    - LP: #1508510

linux-lts-utopic (3.16.0-52.70~14.04.1) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1508145
  * [Config] updateconfigs after 3.16.7-ckt18 stable update

  [ Tim Gardner ]

  * [Config] Add MMC modules sufficient for net booting
    - LP: #1502772

  [ Upstream Kernel Changes ]

  * USB: whiteheat: fix potential null-deref at probe
    - LP: #1478826
    - CVE-2015-5257
  * dcache: Handle escaped paths in prepend_path
    - LP: #1441108
    - CVE-2015-2925
  * vfs: Test for and handle paths that are unreachable from their mnt_root
    - LP: #1441108
    - CVE-2015-2925
  * hyperv: Add processing of MTU reduced by the host
    - LP: #1494431
  * hv_netvsc: Add support to set MTU reservation from guest side
    - LP: #1494431
  * hv_netvsc: Add close of RNDIS filter into change mtu call
    - LP: #1494431
  * ipv6: addrconf: validate new MTU before applying it
    - LP: #1508133
  * v4l: omap3isp: Fix sub-device power management code
    - LP: #1508133
  * rc-core: fix remove uevent generation
    - LP: #1508133
  * HID: cp2112: fix I2C_SMBUS_BYTE write
    - LP: #1508133
  * HID: cp2112: fix byte order in SMBUS operations
    - LP: #1508133
  * xtensa: fix threadptr reload on return to userspace
    - LP: #1508133
  * ARM: OMAP2+: DRA7: clockdomain: change l4per2_7xx_clkdm to SW_WKUP
    - LP: #1508133
  * mac80211: enable assoc check for mesh interfaces
    - LP: #1508133
  * PCI: Add dev_flags bit to access VPD through function 0
    - LP: #1508133
  * PCI: Add VPD function 0 quirk for Intel Ethernet devices
    - LP: #1508133
  * staging: comedi: usbduxsigma: don't clobber ai_timer in command test
    - LP: #1508133
  * staging: comedi: usbduxsigma: don't clobber ao_timer in command test
    - LP: #1508133
  * clk: exynos4: Fix wrong clock for Exynos4x12 ADC
    - LP: #1508133
  * usb: dwc3: ep0: Fix mem corruption on OUT transfers of more than 512
    bytes
    - LP: #1508133
  * Doc: ABI: testing: configfs-usb-gadget-loopback
    - LP: #1508133
  * Doc: ABI: testing: configfs-usb-gadget-sourcesink
    - LP: #1508133
  * serial: 8250_pci: Add support for Pericom PI7C9X795[1248]
    - LP: #1508133
  * KVM: MMU: fix validation of mmio page fault
    - LP: #1508133
  * auxdisplay: ks0108: fix refcount
    - LP: #1508133
  * devres: fix devres_get()
    - LP: #1508133
  * iio: adis16400: Fix adis16448 gyroscope scale
    - LP: #1508133
  * iio: Add inverse unit conversion macros
    - LP: #1508133
  * iio: adis16480: Fix scale factors
    - LP: #1508133
  * ideapad-laptop: Add Lenovo Yoga 3 14 to no_hw_rfkill dmi list
    - LP: #1508133
  * ASoC: rt5640: fix line out no sound issue
    - LP: #1508133
  * iio: industrialio-buffer: Fix iio_buffer_poll return value
    - LP: #1508133
  * iio: event: Remove negative error code from iio_event_poll
    - LP: #1508133
  * NFSv4: don't set SETATTR for O_RDONLY|O_EXCL
    - LP: #1508133
  * unshare: Unsharing a thread does not require unsharing a vm
    - LP: #1508133
  * fs: Set the size of empty dirs to 0.
    - LP: #1508133
  * x86/mce: Reenable CMCI banks when swiching back to interrupt mode
    - LP: #1508133
  * ASoC: adav80x: Remove .read_flag_mask setting from
    adav80x_regmap_config
    - LP: #1508133
  * regulator: pbias: Fix broken pbias disable functionality
    - LP: #1508133
  * serial: 8250: don't bind to SMSC IrCC IR port
    - LP: #1508133
  * serial: 8250: bind to ALi Fast Infrared Controller (ALI5123)
    - LP: #1508133
  * staging: comedi: adl_pci7x3x: fix digital output on PCI-7230
    - LP: #1508133
  * blk-mq: fix buffer overflow when reading sysfs file of 'pending'
    - LP: #1508133
  * xtensa: fix kernel register spilling
    - LP: #1508133
  * NFS: nfs_set_pgio_error sometimes misses errors
    - LP: #1508133
  * NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2
    client
    - LP: #1508133
  * usb: host: ehci-sys: delete useless bus_to_hcd conversion
    - LP: #1508133
  * USB: symbolserial: Use usb_get_serial_port_data
    - LP: #1508133
  * USB: ftdi_sio: Added custom PID for CustomWare products
    - LP: #1508133
  * USB: qcserial: add HP lt4111 LTE/EV-DO/HSPA+ Gobi 4G Module
    - LP: #1508133
  * igb: Fix oops caused by missing queue pairing
    - LP: #1508133
  * HID: usbhid: Fix the check for HID_RESET_PENDING in hid_io_error
    - LP: #1508133
  * eCryptfs: Invalidate dcache entries when lower i_nlink is zero
    - LP: #1508133
  * libxfs: readahead of dir3 data blocks should use the read verifier
    - LP: #1508133
  * xfs: Fix xfs_attr_leafblock definition
    - LP: #1508133
  * arm64: kconfig: Move LIST_POISON to a safe value
    - LP: #1508133
  * Btrfs: check if previous transaction aborted to avoid fs corruption
    - LP: #1508133
  * ARM: orion5x: fix legacy orion5x IRQ numbers
    - LP: #1508133
  * DRM - radeon: Don't link train DisplayPort on HPD until we get the dpcd
    - LP: #1508133
  * xfs: Fix file type directory corruption for btree directories
    - LP: #1508133
  * sched: Fix cpu_active_mask/cpu_online_mask race
    - LP: #1508133
  * rtlwifi: rtl8192cu: Add new device ID
    - LP: #1508133
  * of/address: Don't loop forever in of_find_matching_node_by_address().
    - LP: #1508133
  * drivercore: Fix unregistration path of platform devices
    - LP: #1508133
  * arm64: flush FP/SIMD state correctly after execve()
    - LP: #1508133
  * xfs: return errors from partial I/O failures to files
    - LP: #1508133
  * ALSA: usb-audio: correct the value cache check.
    - LP: #1508133
  * IB/qib: Change lkey table allocation to support more MRs
    - LP: #1508133
  * drm/radeon/atom: Send out the full AUX address
    - LP: #1508133
  * tg3: Fix temperature reporting
    - LP: #1508133
  * drm/i915: Always mark the object as dirty when used by the GPU
    - LP: #1508133
  * Add radeon suspend/resume quirk for HP Compaq dc5750.
    - LP: #1508133
  * IB/uverbs: reject invalid or unknown opcodes
    - LP: #1508133
  * hpfs: update ctime and mtime on directory modification
    - LP: #1508133
  * Input: evdev - do not report errors form flush()
    - LP: #1508133
  * crypto: ghash-clmulni: specify context size for ghash async algorithm
    - LP: #1508133
  * mm: check if section present during memory block registering
    - LP: #1508133
  * fs: create and use seq_show_option for escaping
    - LP: #1508133
  * ALSA: hda - Enable headphone jack detect on old Fujitsu laptops
    - LP: #1508133
  * ALSA: hda - Use ALC880_FIXUP_FUJITSU for FSC Amilo M1437
    - LP: #1508133
  * rtc: s5m: fix to update ctrl register
    - LP: #1508133
  * scsi: fix scsi_error_handler vs. scsi_host_dev_release race
    - LP: #1508133
  * parisc: Use double word condition in 64bit CAS operation
    - LP: #1508133
  * vmscan: fix increasing nr_isolated incurred by putback unevictable
    pages
    - LP: #1508133
  * drm/i915: Limit the number of loops for reading a split 64bit register
    - LP: #1508133
  * hfs,hfsplus: cache pages correctly between bnode_create and bnode_free
    - LP: #1508133
  * hfs: fix B-tree corruption after insertion at position 0
    - LP: #1508133
  * drm/qxl: validate monitors config modes
    - LP: #1508133
  * PCI: Fix TI816X class code quirk
    - LP: #1508133
  * Input: ambakmi - fix system PM by converting to modern callbacks
    - LP: #1508133
  * svcrdma: Fix send_reply() scatter/gather set-up
    - LP: #1508133
  * x86/mm: Initialize pmd_idx in page_table_range_init_count()
    - LP: #1508133
  * net: bcmgenet: Use correct dev_id for free_irq
    - LP: #1508133
  * powerpc/rtas: Introduce rtas_get_sensor_fast() for IRQ handlers
    - LP: #1508133
  * clk: versatile: off by one in clk_sp810_timerclken_of_get()
    - LP: #1508133
  * usb: gadget: m66592-udc: forever loop in set_feature()
    - LP: #1508133
  * windfarm: decrement client count when unregistering
    - LP: #1508133
  * perf hists: Update the column width for the "srcline" sort key
    - LP: #1508133
  * batman-adv: Make DAT capability changes atomic
    - LP: #1508133
  * batman-adv: Make NC capability changes atomic
    - LP: #1508133
  * batman-adv: Make TT capability changes atomic
    - LP: #1508133
  * batman-adv: fix multicast counter when purging originators
    - LP: #1508133
  * batman-adv: fix counter for multicast supporting nodes
    - LP: #1508133
  * batman-adv: Make MCAST capability changes atomic
    - LP: #1508133
  * batman-adv: Fix potential synchronization issues in mcast tvlv handler
    - LP: #1508133
  * batman-adv: Fix potentially broken skb network header access
    - LP: #1508133
  * net: fix endian check warning in etherdevice.h
    - LP: #1508133
  * powerpc/mm: Fix pte_pagesize_index() crash on 4K w/64K hash
    - LP: #1508133
  * mtd: pxa3xx_nand: add a default chunk size
    - LP: #1508133
  * ath10k: fix dma_mapping_error() handling
    - LP: #1508133
  * mmc: sdhci: also get preset value and driver type for MMC_DDR52
    - LP: #1508133
  * perf stat: Get correct cpu id for print_aggr
    - LP: #1508133
  * ASoC: spear_pcm: Use devm_snd_dmaengine_pcm_register to fix resource
    leak
    - LP: #1508133
  * IB/mlx4: Fix potential deadlock when sending mad to wire
    - LP: #1508133
  * IB/mlx4: Forbid using sysfs to change RoCE pkeys
    - LP: #1508133
  * IB/mlx4: Use correct SL on AH query under RoCE
    - LP: #1508133
  * IB/uverbs: Fix race between ib_uverbs_open and remove_one
    - LP: #1508133
  * mmc: core: fix race condition in mmc_wait_data_done
    - LP: #1508133
  * ipv6: fix exthdrs offload registration in out_rt path
    - LP: #1508133
  * task_work: remove fifo ordering guarantee
    - LP: #1508133
  * fixed_phy: pass 'irq' to fixed_phy_add()
    - LP: #1508133
  * netlink, mmap: fix edge-case leakages in nf queue zero-copy
    - LP: #1508133
  * scsi_dh: fix randconfig build error
    - LP: #1508133
  * md: flush ->event_work before stopping array.
    - LP: #1508133
  * md/raid10: always set reshape_safe when initializing reshape_position.
    - LP: #1508133
  * perf/x86: Fix copy_from_user_nmi() return if range is not ok
    - LP: #1508133
  * ext4: fix loss of delalloc extent info in ext4_zero_range()
    - LP: #1508133
  * powerpc/MSI: Fix race condition in tearing down MSI interrupts
    - LP: #1508133
  * UBI: block: Add missing cache flushes
    - LP: #1508133
  * usbnet: Get EVENT_NO_RUNTIME_PM bit before it is cleared
    - LP: #1508133
  * net/ipv6: Correct PIM6 mrt_lock handling
    - LP: #1508133
  * netlink, mmap: transform mmap skb into full skb on taps
    - LP: #1508133
  * sctp: fix race on protocol/netns initialization
    - LP: #1508133
  * openvswitch: Zero flows on allocation.
    - LP: #1508133
  * fib_rules: fix fib rule dumps across multiple skbs
    - LP: #1508133
  * parisc: Filter out spurious interrupts in PA-RISC irq handler
    - LP: #1508133
  * Linux 3.16.7-ckt18
    - LP: #1508133

 -- Luis Henriques <luis.henriques@xxxxxxxxxxxxx>  Fri, 23 Oct 2015
12:21:56 +0100

** Changed in: linux-lts-utopic (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1441108

Title:
  CVE-2015-2925

Status in linux package in Ubuntu:
  Invalid
Status in linux-armadaxp package in Ubuntu:
  Invalid
Status in linux-ec2 package in Ubuntu:
  Invalid
Status in linux-flo package in Ubuntu:
  New
Status in linux-fsl-imx51 package in Ubuntu:
  Invalid
Status in linux-goldfish package in Ubuntu:
  New
Status in linux-lts-backport-maverick package in Ubuntu:
  New
Status in linux-lts-backport-natty package in Ubuntu:
  New
Status in linux-lts-quantal package in Ubuntu:
  Invalid
Status in linux-lts-raring package in Ubuntu:
  Invalid
Status in linux-lts-saucy package in Ubuntu:
  Invalid
Status in linux-lts-trusty package in Ubuntu:
  Invalid
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux-lts-vivid package in Ubuntu:
  Invalid
Status in linux-mako package in Ubuntu:
  New
Status in linux-manta package in Ubuntu:
  New
Status in linux-mvl-dove package in Ubuntu:
  Invalid
Status in linux-ti-omap4 package in Ubuntu:
  Invalid
Status in linux-lts-backport-maverick source package in Lucid:
  Won't Fix
Status in linux-lts-backport-natty source package in Lucid:
  Won't Fix
Status in linux source package in Precise:
  Fix Released
Status in linux-armadaxp source package in Precise:
  Fix Released
Status in linux-ec2 source package in Precise:
  Invalid
Status in linux-flo source package in Precise:
  Invalid
Status in linux-fsl-imx51 source package in Precise:
  Invalid
Status in linux-goldfish source package in Precise:
  Invalid
Status in linux-lts-backport-maverick source package in Precise:
  New
Status in linux-lts-backport-natty source package in Precise:
  New
Status in linux-lts-quantal source package in Precise:
  Invalid
Status in linux-lts-raring source package in Precise:
  Invalid
Status in linux-lts-saucy source package in Precise:
  Invalid
Status in linux-lts-trusty source package in Precise:
  Fix Released
Status in linux-lts-utopic source package in Precise:
  Invalid
Status in linux-lts-vivid source package in Precise:
  Invalid
Status in linux-mako source package in Precise:
  Invalid
Status in linux-manta source package in Precise:
  Invalid
Status in linux-mvl-dove source package in Precise:
  Invalid
Status in linux-ti-omap4 source package in Precise:
  Fix Released
Status in linux source package in Trusty:
  Fix Released
Status in linux-armadaxp source package in Trusty:
  Invalid
Status in linux-ec2 source package in Trusty:
  Invalid
Status in linux-flo source package in Trusty:
  Invalid
Status in linux-fsl-imx51 source package in Trusty:
  Invalid
Status in linux-goldfish source package in Trusty:
  Invalid
Status in linux-lts-backport-maverick source package in Trusty:
  New
Status in linux-lts-backport-natty source package in Trusty:
  New
Status in linux-lts-quantal source package in Trusty:
  Invalid
Status in linux-lts-raring source package in Trusty:
  Invalid
Status in linux-lts-saucy source package in Trusty:
  Invalid
Status in linux-lts-trusty source package in Trusty:
  Invalid
Status in linux-lts-utopic source package in Trusty:
  Fix Released
Status in linux-lts-vivid source package in Trusty:
  Fix Released
Status in linux-mako source package in Trusty:
  Invalid
Status in linux-manta source package in Trusty:
  Invalid
Status in linux-mvl-dove source package in Trusty:
  Invalid
Status in linux-ti-omap4 source package in Trusty:
  Invalid
Status in linux-lts-backport-maverick source package in Utopic:
  New
Status in linux-lts-backport-natty source package in Utopic:
  New
Status in linux source package in Vivid:
  Fix Released
Status in linux-armadaxp source package in Vivid:
  Invalid
Status in linux-ec2 source package in Vivid:
  Invalid
Status in linux-flo source package in Vivid:
  New
Status in linux-fsl-imx51 source package in Vivid:
  Invalid
Status in linux-goldfish source package in Vivid:
  New
Status in linux-lts-backport-maverick source package in Vivid:
  New
Status in linux-lts-backport-natty source package in Vivid:
  New
Status in linux-lts-quantal source package in Vivid:
  Invalid
Status in linux-lts-raring source package in Vivid:
  Invalid
Status in linux-lts-saucy source package in Vivid:
  Invalid
Status in linux-lts-trusty source package in Vivid:
  Invalid
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux-lts-vivid source package in Vivid:
  Invalid
Status in linux-mako source package in Vivid:
  New
Status in linux-manta source package in Vivid:
  New
Status in linux-mvl-dove source package in Vivid:
  Invalid
Status in linux-ti-omap4 source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Invalid
Status in linux-armadaxp source package in Wily:
  Invalid
Status in linux-ec2 source package in Wily:
  Invalid
Status in linux-flo source package in Wily:
  New
Status in linux-fsl-imx51 source package in Wily:
  Invalid
Status in linux-goldfish source package in Wily:
  New
Status in linux-lts-backport-maverick source package in Wily:
  New
Status in linux-lts-backport-natty source package in Wily:
  New
Status in linux-lts-quantal source package in Wily:
  Invalid
Status in linux-lts-raring source package in Wily:
  Invalid
Status in linux-lts-saucy source package in Wily:
  Invalid
Status in linux-lts-trusty source package in Wily:
  Invalid
Status in linux-lts-utopic source package in Wily:
  Invalid
Status in linux-lts-vivid source package in Wily:
  Invalid
Status in linux-mako source package in Wily:
  New
Status in linux-manta source package in Wily:
  New
Status in linux-mvl-dove source package in Wily:
  Invalid
Status in linux-ti-omap4 source package in Wily:
  Invalid
Status in linux source package in Xenial:
  Invalid
Status in linux-armadaxp source package in Xenial:
  Invalid
Status in linux-ec2 source package in Xenial:
  Invalid
Status in linux-flo source package in Xenial:
  New
Status in linux-fsl-imx51 source package in Xenial:
  Invalid
Status in linux-goldfish source package in Xenial:
  New
Status in linux-lts-backport-maverick source package in Xenial:
  New
Status in linux-lts-backport-natty source package in Xenial:
  New
Status in linux-lts-quantal source package in Xenial:
  Invalid
Status in linux-lts-raring source package in Xenial:
  Invalid
Status in linux-lts-saucy source package in Xenial:
  Invalid
Status in linux-lts-trusty source package in Xenial:
  Invalid
Status in linux-lts-utopic source package in Xenial:
  Invalid
Status in linux-lts-vivid source package in Xenial:
  Invalid
Status in linux-mako source package in Xenial:
  New
Status in linux-manta source package in Xenial:
  New
Status in linux-mvl-dove source package in Xenial:
  Invalid
Status in linux-ti-omap4 source package in Xenial:
  Invalid

Bug description:
  [It is possible to escape from bind mounts]

  Break-Fix: - cde93be45a8a90d8c264c776fab63487b5038a65
  Break-Fix: - 397d425dc26da728396e66d392d5dcb8dac30c37

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1441108/+subscriptions


References