kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #162194
[Bug 1538756] Re: Trusty update to v3.13.11-ckt33 stable release
This bug was fixed in the package linux - 3.13.0-79.123
---------------
linux (3.13.0-79.123) trusty; urgency=low
[ Seth Forshee ]
* SAUCE: cred: Add clone_cred() interface
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Use mounter's credentials instead of full kernel
credentials
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.*
xattrs
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Be more careful about copying up sxid files
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Propogate nosuid from lower and upper mounts
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
linux (3.13.0-78.122) trusty; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #1540559
[ Eric Dumazet ]
* SAUCE: (no-up) udp: properly support MSG_PEEK with truncated buffers
- LP: #1527902
[ J. R. Okajima ]
* SAUCE: ubuntu: aufs: tiny, extract a new func xino_fwrite_wkq()
- LP: #1533043
* SAUCE: ubuntu: aufs: for 4.3, XINO handles EINTR from the dying process
- LP: #1533043
[ Upstream Kernel Changes ]
* Revert "[stable-only] net: add length argument to
skb_copy_and_csum_datagram_iovec"
- LP: #1538756
* unregister_netdevice : move RTM_DELLINK to until after ndo_uninit
- LP: #1525324
* rtnetlink: delay RTM_DELLINK notification until after ndo_uninit()
- LP: #1525324
* Drivers: hv: Eliminate the channel spinlock in the callback path
- LP: #1519897
* Drivers: hv: vmbus: Implement per-CPU mapping of relid to channel
- LP: #1519897
* Drivers: hv: vmbus: Suport an API to send pagebuffers with additional
control
- LP: #1519897
* Drivers: hv: vmbus: Suport an API to send packet with additional
control
- LP: #1519897
* Drivers: hv: vmbus: Export the vmbus_sendpacket_pagebuffer_ctl()
- LP: #1519897
* Drivers: hv: vmbus: Fix a siganlling host signalling issue
- LP: #1519897
* Drivers: hv: vmbus: Fix a Host signaling bug
- LP: #1519897
* ARC: Fix silly typo in MAINTAINERS file
- LP: #1538756
* ip6mr: call del_timer_sync() in ip6mr_free_table()
- LP: #1538756
* gre6: allow to update all parameters via rtnl
- LP: #1538756
* atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation
- LP: #1538756
* sctp: use the same clock as if sock source timestamps were on
- LP: #1538756
* sctp: update the netstamp_needed counter when copying sockets
- LP: #1538756
* ipv6: sctp: clone options to avoid use after free
- LP: #1538756
* net: add validation for the socket syscall protocol argument
- LP: #1538756
* sh_eth: fix kernel oops in skb_put()
- LP: #1538756
* pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
- LP: #1538756
* bluetooth: Validate socket address length in sco_sock_bind().
- LP: #1538756
* af_unix: Revert 'lock_interruptible' in stream receive code
- LP: #1538756
* KEYS: Fix race between read and revoke
- LP: #1538756
* tools: Add a "make all" rule
- LP: #1538756
* efi: Disable interrupts around EFI calls, not in the epilog/prolog
calls
- LP: #1538756
* net: ipmr: fix static mfc/dev leaks on table destruction
- LP: #1538756
* fuse: break infinite loop in fuse_fill_write_pages()
- LP: #1538756
* usb: gadget: pxa27x: fix suspend callback
- LP: #1538756
* iio: fix some warning messages
- LP: #1538756
* USB: cp210x: Remove CP2110 ID from compatibility list
- LP: #1538756
* USB: cdc_acm: Ignore Infineon Flash Loader utility
- LP: #1538756
* USB: serial: Another Infineon flash loader USB ID
- LP: #1538756
* ext4: Fix handling of extended tv_sec
- LP: #1538756
* jbd2: Fix unreclaimed pages after truncate in data=journal mode
- LP: #1538756
* drm/ttm: Fixed a read/write lock imbalance
- LP: #1538756
* i2c: mv64xxx: The n clockdiv factor is 0 based on sunxi SoCs
- LP: #1538756
* AHCI: Fix softreset failed issue of Port Multiplier
- LP: #1538756
* sata_sil: disable trim
- LP: #1538756
* staging: lustre: echo_copy.._lsm() dereferences userland pointers
directly
- LP: #1538756
* irqchip/versatile-fpga: Fix PCI IRQ mapping on Versatile PB
- LP: #1538756
* usb: core : hub: Fix BOS 'NULL pointer' kernel panic
- LP: #1538756
* USB: whci-hcd: add check for dma mapping error
- LP: #1538756
* usb: Use the USB_SS_MULT() macro to decode burst multiplier for log
message
- LP: #1538756
* dm btree: fix leak of bufio-backed block in btree_split_sibling error
path
- LP: #1538756
* SCSI: Fix NULL pointer dereference in runtime PM
- LP: #1538756
* usb: xhci: fix config fail of FS hub behind a HS hub with MTT
- LP: #1538756
* ALSA: rme96: Fix unexpected volume reset after rate changes
- LP: #1538756
* ALSA: hda - Add inverted dmic for Packard Bell DOTS
- LP: #1523232, #1538756
* virtio: fix memory leak of virtio ida cache layers
- LP: #1538756
* 9p: ->evict_inode() should kick out ->i_data, not ->i_mapping
- LP: #1538756
* radeon/cik: Fix GFX IB test on Big-Endian
- LP: #1538756
* crypto: skcipher - Copy iv from desc even for 0-len walks
- LP: #1538756
* dm thin metadata: fix bug when taking a metadata snapshot
- LP: #1538756
* dm space map metadata: fix ref counting bug when bootstrapping a new
space map
- LP: #1538756
* ipmi: move timer init to before irq is setup
- LP: #1538756
* KVM: PPC: Book3S HV: Prohibit setting illegal transaction state in MSR
- LP: #1538756
* rfkill: copy the name into the rfkill struct
- LP: #1538756
* dm btree: fix bufio buffer leaks in dm_btree_del() error path
- LP: #1538756
* ses: Fix problems with simple enclosures
- LP: #1538756
* vgaarb: fix signal handling in vga_get()
- LP: #1538756
* ses: fix additional element traversal bug
- LP: #1538756
* xhci: fix usb2 resume timing and races.
- LP: #1538756
* USB: add quirk for devices with broken LPM
- LP: #1538756
* powercap / RAPL: fix BIOS lock check
- LP: #1538756
* parisc iommu: fix panic due to trying to allocate too large region
- LP: #1538756
* mm, vmstat: allow WQ concurrency to discover memory reclaim doesn't
make any progress
- LP: #1538756
* mm: hugetlb: call huge_pte_alloc() only if ptep is null
- LP: #1538756
* drivers/base/memory.c: prohibit offlining of memory blocks with missing
sections
- LP: #1538756
* sh64: fix __NR_fgetxattr
- LP: #1538756
* n_tty: Fix poll() after buffer-limited eof push read
- LP: #1538756
* tty: Fix GPF in flush_to_ldisc()
- LP: #1538756
* genirq: Prevent chip buslock deadlock
- LP: #1538756
* ALSA: usb-audio: Add a more accurate volume quirk for AudioQuest
DragonFly
- LP: #1538756
* ARM: 8471/1: need to save/restore arm register(r11) when it is
corrupted
- LP: #1538756
* spi: fix parent-device reference leak
- LP: #1538756
* scripts: recordmcount: break hardlinks
- LP: #1538756
* ftrace/scripts: Have recordmcount copy the object file
- LP: #1538756
* ARC: dw2 unwind: Reinstante unwinding out of modules
- LP: #1538756
* ARC: dw2 unwind: Ignore CIE version !=1 gracefully instead of bailing
- LP: #1538756
* ALSA: hda - Set SKL+ hda controller power at freeze() and thaw()
- LP: #1538756
* s390/dis: Fix handling of format specifiers
- LP: #1538756
* USB: ipaq.c: fix a timeout loop
- LP: #1538756
* USB: fix invalid memory access in hub_activate()
- LP: #1538756
* x86/mce: Ensure offline CPUs don't participate in rendezvous process
- LP: #1538756
* parisc: Fix syscall restarts
- LP: #1538756
* ALSA: hda/realtek - Fix silent headphone output on MacPro 4,1 (v2)
- LP: #1538756
* ASoC: arizona: Fix bclk for sample rates that are multiple of 4kHz
- LP: #1538756
* mm/memory_hotplug.c: check for missing sections in
test_pages_in_a_zone()
- LP: #1538756
* ftrace/scripts: Fix incorrect use of sprintf in recordmcount
- LP: #1538756
* tracing: Fix setting of start_index in find_next()
- LP: #1538756
* async_tx: use GFP_NOWAIT rather than GFP_IO
- LP: #1538756
* dts: vt8500: Add SDHC node to DTS file for WM8650
- LP: #1538756
* ftrace/module: Call clean up function when module init fails early
- LP: #1538756
* vmstat: allocate vmstat_wq before it is used
- LP: #1538756
* firmware: dmi_scan: Fix UUID endianness for SMBIOS >= 2.6
- LP: #1538756
* kvm: x86: only channel 0 of the i8254 is linked to the HPET
- LP: #1538756
* ipv6/addrlabel: fix ip6addrlbl_get()
- LP: #1538756
* net: fix warnings in 'make htmldocs' by moving macro definition out of
field declaration
- LP: #1538756
* ser_gigaset: fix deallocation of platform device structure
- LP: #1538756
* pinctrl: bcm2835: Fix initial value for direction_output
- LP: #1538756
* mISDN: fix a loop count
- LP: #1538756
* sh_eth: fix TX buffer byte-swapping
- LP: #1538756
* qlcnic: fix a timeout loop
- LP: #1538756
* net: phy: mdio-mux: Check return value of mdiobus_alloc()
- LP: #1538756
* include/linux/mmdebug.h: should include linux/bug.h
- LP: #1538756
* net: possible use after free in dst_release
- LP: #1538756
* Linux 3.13.11-ckt33
- LP: #1538756
* xfrm: dst_entries_init() per-net dst_ops
- LP: #1486670
-- Luis Henriques <luis.henriques@xxxxxxxxxxxxx> Fri, 19 Feb 2016
13:14:25 +0000
** Changed in: linux (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1575
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1576
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1538756
Title:
Trusty update to v3.13.11-ckt33 stable release
Status in linux package in Ubuntu:
New
Status in linux source package in Trusty:
Fix Released
Bug description:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The v3.13.11-ckt33 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
git://kernel.ubuntu.com/ubuntu/linux.git
TEST CASE: TBD
The following patches from the v3.13.11-ckt33 stable release
shall be applied:
Linux 3.13.11-ckt33
Revert "[stable-only] net: add length argument to skb_copy_and_csum_datagram_iovec"
net: possible use after free in dst_release
include/linux/mmdebug.h: should include linux/bug.h
net: phy: mdio-mux: Check return value of mdiobus_alloc()
qlcnic: fix a timeout loop
sh_eth: fix TX buffer byte-swapping
mISDN: fix a loop count
pinctrl: bcm2835: Fix initial value for direction_output
ser_gigaset: fix deallocation of platform device structure
net: fix warnings in 'make htmldocs' by moving macro definition out of field declaration
ipv6/addrlabel: fix ip6addrlbl_get()
kvm: x86: only channel 0 of the i8254 is linked to the HPET
firmware: dmi_scan: Fix UUID endianness for SMBIOS >= 2.6
vmstat: allocate vmstat_wq before it is used
ftrace/module: Call clean up function when module init fails early
dts: vt8500: Add SDHC node to DTS file for WM8650
async_tx: use GFP_NOWAIT rather than GFP_IO
tracing: Fix setting of start_index in find_next()
ftrace/scripts: Fix incorrect use of sprintf in recordmcount
mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone()
ASoC: arizona: Fix bclk for sample rates that are multiple of 4kHz
ALSA: hda/realtek - Fix silent headphone output on MacPro 4,1 (v2)
parisc: Fix syscall restarts
x86/mce: Ensure offline CPUs don't participate in rendezvous process
USB: fix invalid memory access in hub_activate()
USB: ipaq.c: fix a timeout loop
s390/dis: Fix handling of format specifiers
ALSA: hda - Set SKL+ hda controller power at freeze() and thaw()
ARC: dw2 unwind: Ignore CIE version !=1 gracefully instead of bailing
ARC: dw2 unwind: Reinstante unwinding out of modules
ftrace/scripts: Have recordmcount copy the object file
scripts: recordmcount: break hardlinks
spi: fix parent-device reference leak
ARM: 8471/1: need to save/restore arm register(r11) when it is corrupted
ALSA: usb-audio: Add a more accurate volume quirk for AudioQuest DragonFly
genirq: Prevent chip buslock deadlock
tty: Fix GPF in flush_to_ldisc()
n_tty: Fix poll() after buffer-limited eof push read
sh64: fix __NR_fgetxattr
drivers/base/memory.c: prohibit offlining of memory blocks with missing sections
mm: hugetlb: call huge_pte_alloc() only if ptep is null
mm, vmstat: allow WQ concurrency to discover memory reclaim doesn't make any progress
parisc iommu: fix panic due to trying to allocate too large region
powercap / RAPL: fix BIOS lock check
USB: add quirk for devices with broken LPM
xhci: fix usb2 resume timing and races.
ses: fix additional element traversal bug
vgaarb: fix signal handling in vga_get()
ses: Fix problems with simple enclosures
dm btree: fix bufio buffer leaks in dm_btree_del() error path
rfkill: copy the name into the rfkill struct
KVM: PPC: Book3S HV: Prohibit setting illegal transaction state in MSR
ipmi: move timer init to before irq is setup
dm space map metadata: fix ref counting bug when bootstrapping a new space map
dm thin metadata: fix bug when taking a metadata snapshot
crypto: skcipher - Copy iv from desc even for 0-len walks
radeon/cik: Fix GFX IB test on Big-Endian
9p: ->evict_inode() should kick out ->i_data, not ->i_mapping
virtio: fix memory leak of virtio ida cache layers
ALSA: hda - Add inverted dmic for Packard Bell DOTS
ALSA: rme96: Fix unexpected volume reset after rate changes
usb: xhci: fix config fail of FS hub behind a HS hub with MTT
SCSI: Fix NULL pointer dereference in runtime PM
dm btree: fix leak of bufio-backed block in btree_split_sibling error path
usb: Use the USB_SS_MULT() macro to decode burst multiplier for log message
USB: whci-hcd: add check for dma mapping error
usb: core : hub: Fix BOS 'NULL pointer' kernel panic
irqchip/versatile-fpga: Fix PCI IRQ mapping on Versatile PB
staging: lustre: echo_copy.._lsm() dereferences userland pointers directly
sata_sil: disable trim
AHCI: Fix softreset failed issue of Port Multiplier
i2c: mv64xxx: The n clockdiv factor is 0 based on sunxi SoCs
drm/ttm: Fixed a read/write lock imbalance
jbd2: Fix unreclaimed pages after truncate in data=journal mode
ext4: Fix handling of extended tv_sec
USB: serial: Another Infineon flash loader USB ID
USB: cdc_acm: Ignore Infineon Flash Loader utility
USB: cp210x: Remove CP2110 ID from compatibility list
iio: fix some warning messages
usb: gadget: pxa27x: fix suspend callback
fuse: break infinite loop in fuse_fill_write_pages()
net: ipmr: fix static mfc/dev leaks on table destruction
efi: Disable interrupts around EFI calls, not in the epilog/prolog calls
tools: Add a "make all" rule
KEYS: Fix race between read and revoke
af_unix: Revert 'lock_interruptible' in stream receive code
bluetooth: Validate socket address length in sco_sock_bind().
pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
sh_eth: fix kernel oops in skb_put()
net: add validation for the socket syscall protocol argument
ipv6: sctp: clone options to avoid use after free
sctp: update the netstamp_needed counter when copying sockets
sctp: use the same clock as if sock source timestamps were on
atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation
gre6: allow to update all parameters via rtnl
ip6mr: call del_timer_sync() in ip6mr_free_table()
ARC: Fix silly typo in MAINTAINERS file
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1538756/+subscriptions
References
