kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #177464
[Bug 1563916] Re: CVE-2016-0774
This bug was fixed in the package linux - 3.13.0-86.130
---------------
linux (3.13.0-86.130) trusty; urgency=low
[ Kamal Mostafa ]
* Release Tracking Bug
- LP: #1571718
[ Benjamin Tissoires ]
* SAUCE: Input: synaptics - handle spurious release of trackstick
buttons, again
- LP: #1553811
[ K. Y. Srinivasan ]
* SAUCE: (noup): Drivers: hv: vmbus: Fix a bug in
hv_need_to_signal_on_read()
- LP: #1556264
[ Kamal Mostafa ]
* [debian] BugLink: close LP: bugs only for Launchpad urls
* [Config] updateconfigs after v3.13.11-ckt38
[ Tim Gardner ]
* [Debian] Fix linux-doc dangling symlinks
- LP: #661306
[ Upstream Kernel Changes ]
* Revert "jffs2: Fix lock acquisition order bug in jffs2_write_begin"
- LP: #1562900
* [stable-only] AIO: properly check iovec sizes
- LP: #1562900
* Input: aiptek - fix crash on detecting device without endpoints
- LP: #1562900
* wext: fix message delay/ordering
- LP: #1562900
* cfg80211/wext: fix message ordering
- LP: #1562900
* mac80211: fix use of uninitialised values in RX aggregation
- LP: #1562900
* libata: fix HDIO_GET_32BIT ioctl
- LP: #1562900
* mac80211: minstrel_ht: set default tx aggregation timeout to 0
- LP: #1562900
* jffs2: Fix page lock / f->sem deadlock
- LP: #1562900
* Fix directory hardlinks from deleted directories
- LP: #1562900
* iommu/amd: Fix boot warning when device 00:00.0 is not iommu covered
- LP: #1562900
* libata: Align ata_device's id on a cacheline
- LP: #1562900
* vfio: fix ioctl error handling
- LP: #1562900
* ALSA: ctl: Fix ioctls for X32 ABI
- LP: #1562900
* ALSA: rawmidi: Fix ioctls X32 ABI
- LP: #1562900
* ALSA: timer: Fix broken compat timer user status ioctl
- LP: #1562900
* ALSA: timer: Fix ioctls for X32 ABI
- LP: #1562900
* cifs: fix out-of-bounds access in lease parsing
- LP: #1562900
* CIFS: Fix SMB2+ interim response processing for read requests
- LP: #1562900
* ALSA: hdspm: Fix wrong boolean ctl value accesses
- LP: #1562900
* ALSA: hdspm: Fix zero-division
- LP: #1562900
* ALSA: hdsp: Fix wrong boolean ctl value accesses
- LP: #1562900
* USB: cp210x: Add ID for Parrot NMEA GPS Flight Recorder
- LP: #1562900
* ASoC: wm8958: Fix enum ctl accesses in a wrong type
- LP: #1562900
* ASoC: wm8994: Fix enum ctl accesses in a wrong type
- LP: #1562900
* ASoC: wm_adsp: Fix enum ctl accesses in a wrong type
- LP: #1562900
* USB: serial: option: add support for Telit LE922 PID 0x1045
- LP: #1562900
* USB: serial: option: add support for Quectel UC20
- LP: #1562900
* ALSA: seq: oss: Don't drain at closing a client
- LP: #1562900
* drm/ast: Fix incorrect register check for DRAM width
- LP: #1562900
* drm/radeon/pm: update current crtc info after setting the powerstate
- LP: #1562900
* PM / sleep / x86: Fix crash on graph trace through x86 suspend
- LP: #1562900
* ALSA: hda - Fix mic issues on Acer Aspire E1-472
- LP: #1562900
* MIPS: traps: Fix SIGFPE information leak from `do_ov' and
`do_trap_or_bp'
- LP: #1562900
* ubi: Fix out of bounds write in volume update code
- LP: #1562900
* KVM: VMX: disable PEBS before a guest entry
- LP: #1562900
* ext4: iterate over buffer heads correctly in move_extent_per_page()
- LP: #1562900
* net/mlx4_core: Allow resetting VF admin mac to zero
- LP: #1562900
* ipv6: re-enable fragment header matching in ipv6_find_hdr
- LP: #1562900
* cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind
- LP: #1562900
* net: moxa: fix an error code
- LP: #1562900
* IB/core: Use GRH when the path hop-limit > 0
- LP: #1562900
* Linux 3.13.11-ckt37
- LP: #1562900
* Drivers: hv_vmbus: Fix signal to host condition
- LP: #1556264
* [stable-only] pipe: Fix buffer offset after partially failed read
- LP: #1563916
* EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr()
- LP: #1567615
* tty: Fix GPF in flush_to_ldisc(), part 2
- LP: #1567615
* [media] media: v4l2-compat-ioctl32: fix missing length copy in
put_v4l2_buffer32
- LP: #1567615
* [media] pwc: Add USB id for Philips Spc880nc webcam
- LP: #1567615
* 8250: use callbacks to access UART_DLL/UART_DLM
- LP: #1567615
* net: irda: Fix use-after-free in irtty_open()
- LP: #1567615
* usb: retry reset if a device times out
- LP: #1567615
* HID: core: do not scan reports if the group is already set
- LP: #1567615
* HID: fix hid_ignore_special_drivers module parameter
- LP: #1567615
* scripts/coccinelle: modernize &
- LP: #1567615
* [media] adv7511: TX_EDID_PRESENT is still 1 after a disconnect
- LP: #1567615
* [media] saa7134: Fix bytesperline not being set correctly for planar
formats
- LP: #1567615
* perf tools: Dont stop PMU parsing on alias parse error
- LP: #1567615
* Bluetooth: btusb: Add new AR3012 ID 13d3:3395
- LP: #1542564, #1567615
* Bluetooth: Add new AR3012 ID 0489:e095
- LP: #1542944, #1567615
* aacraid: Fix memory leak in aac_fib_map_free
- LP: #1567615
* mtd: onenand: fix deadlock in onenand_block_markbad
- LP: #1567615
* PCI: Disable IO/MEM decoding for devices with non-compliant BARs
- LP: #1567615
* md/raid5: Compare apples to apples (or sectors to sectors)
- LP: #1567615
* Bluetooth: btusb: Add a new AR3012 ID 04ca:3014
- LP: #1546694, #1567615
* IB/srpt: Simplify srpt_handle_tsk_mgmt()
- LP: #1567615
* [media] bttv: Width must be a multiple of 16 when capturing planar
formats
- LP: #1567615
* watchdog: rc32434_wdt: fix ioctl error handling
- LP: #1567615
* xfs: fix two memory leaks in xfs_attr_list.c error paths
- LP: #1567615
* quota: Fix possible GPF due to uninitialised pointers
- LP: #1567615
* mtip32xx: Print exact time when an internal command is interrupted
- LP: #1567615
* KVM: i8254: change PIT discard tick policy
- LP: #1567615
* sched/cputime: Fix steal time accounting vs. CPU hotplug
- LP: #1567615
* rt2x00: add new rt2800usb device Buffalo WLI-UC-G450
- LP: #1567615
* pinctrl-bcm2835: Fix cut-and-paste error in "pull" parsing
- LP: #1567615
* perf/core: Fix perf_sched_count derailment
- LP: #1567615
* perf/x86/intel: Use PAGE_SIZE for PEBS buffer size on Core2
- LP: #1567615
* bcache: fix cache_set_flush() NULL pointer dereference on OOM
- LP: #1567615
* x86/PCI: Mark Broadwell-EP Home Agent & PCU as having non-compliant
BARs
- LP: #1567615
* be2iscsi: set the boot_kset pointer to NULL in case of failure
- LP: #1567615
* drm/radeon: Don't drop DP 2.7 Ghz link setup on some cards.
- LP: #1567615
* sg: fix dxferp in from_to case
- LP: #1567615
* jbd2: fix FS corruption possibility in jbd2_journal_destroy() on umount
path
- LP: #1567615
* Bluetooth: btusb: Add a new AR3012 ID 13d3:3472
- LP: #1552925, #1567615
* iser-target: Separate flows for np listeners and connections cma events
- LP: #1567615
* xtensa: ISS: don't hang if stdin EOF is reached
- LP: #1567615
* xtensa: clear all DBREAKC registers on start
- LP: #1567615
* bus: imx-weim: Take the 'status' property value into account
- LP: #1567615
* ALSA: intel8x0: Add clock quirk entry for AD1981B on IBM ThinkPad X41.
- LP: #1567615
* s390/pci: enforce fmb page boundary rule
- LP: #1567615
* Input: powermate - fix oops with malicious USB descriptors
- LP: #1567615
* net: mvneta: enable change MAC address when interface is up
- LP: #1567615
* HID: i2c-hid: fix OOB write in i2c_hid_set_or_send_report()
- LP: #1567615
* ALSA: hda - Fix unconditional GPIO toggle via automute
- LP: #1567615
* ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()
- LP: #1567615
* ALSA: usb-audio: Add sanity checks for endpoint accesses
- LP: #1567615
* nfsd: fix deadlock secinfo+readdir compound
- LP: #1567615
* x86/iopl: Fix iopl capability check on Xen PV
- LP: #1567615
* Input: ims-pcu - sanity check against missing interfaces
- LP: #1567615
* x86/apic: Fix suspicious RCU usage in
smp_trace_call_function_interrupt()
- LP: #1567615
* USB: iowarrior: fix oops with malicious USB descriptors
- LP: #1567615
* USB: usb_driver_claim_interface: add sanity checking
- LP: #1567615
* USB: cdc-acm: more sanity checking
- LP: #1567615
* USB: uas: Reduce can_queue to MAX_CMNDS
- LP: #1567615
* tracing: Have preempt(irqs)off trace preempt disabled functions
- LP: #1567615
* tracing: Fix crash from reading trace_pipe with sendfile
- LP: #1567615
* splice: handle zero nr_pages in splice_to_pipe()
- LP: #1567615
* target: Fix target_release_cmd_kref shutdown comp leak
- LP: #1567615
* KVM: VMX: avoid guest hang on invalid invept instruction
- LP: #1567615
* KVM: fix spin_lock_init order on x86
- LP: #1567615
* tracing: Fix trace_printk() to print when not using bprintk()
- LP: #1567615
* fs/coredump: prevent fsuid=0 dumps into user-controlled directories
- LP: #1567615
* rapidio/rionet: fix deadlock on SMP
- LP: #1567615
* Input: ati_remote2 - fix crashes on detecting device with invalid
descriptor
- LP: #1567615
* MAINTAINERS: Update mailing list and web page for hwmon subsystem
- LP: #1567615
* ocfs2/dlm: fix race between convert and recovery
- LP: #1567615
* ocfs2/dlm: fix BUG in dlm_move_lockres_to_recovery_list
- LP: #1567615
* clk: xgene: Add missing parenthesis when clearing divider value
- LP: #1567615
* ppp: take reference on channels netns
- LP: #1567615
* mdio-sun4i: oops in error handling in probe
- LP: #1567615
* net: Fix use after free in the recvmmsg exit path
- LP: #1567615
* ethernet: micrel: fix some error codes
- LP: #1567615
* misc/bmp085: Enable building as a module
- LP: #1567615
* net/mlx5: Make command timeout way shorter
- LP: #1567615
* ipvs: correct initial offset of Call-ID header search in SIP
persistence engine
- LP: #1567615
* ath9k: fix buffer overrun for ar9287
- LP: #1567615
* mtd: map: fix .set_vpp() documentation
- LP: #1567615
* ARM: OMAP3: Add cpuidle parameters table for omap3430
- LP: #1567615
* rtc: vr41xx: Wire up alarm_irq_enable
- LP: #1567615
* sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a
race
- LP: #1567615
* ipv4: fix broadcast packets reception
- LP: #1567615
* lpfc: fix misleading indentation
- LP: #1567615
* ASoC: s3c24xx: use const snd_soc_component_driver pointer
- LP: #1567615
* kbuild/mkspec: fix grub2 installkernel issue
- LP: #1567615
* paride: make 'verbose' parameter an 'int' again
- LP: #1567615
* ppp: ensure file->private_data can't be overridden
- LP: #1567615
* clk: versatile: sp810: support reentrance
- LP: #1567615
* drivers/misc/ad525x_dpot: AD5274 fix RDAC read back errors
- LP: #1567615
* perf stat: Document --detailed option
- LP: #1567615
* x86/iopl/64: Properly context-switch IOPL on Xen PV
- LP: #1567615
* Linux 3.13.11-ckt38
- LP: #1567615
* drm/radeon: add a dpm quirk for sapphire Dual-X R7 370 2G D5
- LP: #1571041
* hwmon: (max1111) Return -ENODEV from max1111_read_channel if not
instantiated
- LP: #1571041
* drm/radeon: add another R7 370 quirk
- LP: #1571041
* usb: renesas_usbhs: avoid NULL pointer derefernce in
usbhsf_pkt_handler()
- LP: #1571041
* usb: renesas_usbhs: disable TX IRQ before starting TX DMAC transfer
- LP: #1571041
* USB: mct_u232: add sanity checking in probe
- LP: #1571041
- CVE-2016-3136
* USB: cypress_m8: add endpoint sanity check
- LP: #1571041
- CVE-2016-3137
* USB: digi_acceleport: do sanity checking for the number of ports
- LP: #1571041
* ALSA: timer: Use mod_timer() for rearming the system timer
- LP: #1571041
* mm: fix invalid node in alloc_migrate_target()
- LP: #1571041
* iio: st_magn: always define ST_MAGN_TRIGGER_SET_STATE
- LP: #1571041
* USB: serial: ftdi_sio: Add support for ICP DAS I-756xU devices
- LP: #1571041
* USB: serial: cp210x: Adding GE Healthcare Device ID
- LP: #1571041
* USB: option: add "D-Link DWM-221 B1" device id
- LP: #1571041
* parisc: Avoid function pointers for kernel exception routines
- LP: #1571041
* ip6_tunnel: set rtnl_link_ops before calling register_netdevice
- LP: #1571041
* Linux 3.13.11-ckt39
- LP: #1571041
* include/linux/poison.h: fix LIST_POISON{1,2} offset
- LP: #1561389
- CVE-2016-0821
* ipv4: Don't do expensive useless work during inetdev destroy.
- LP: #1558847
- CVE-2016-3156
-- Kamal Mostafa <kamal@xxxxxxxxxxxxx> Mon, 18 Apr 2016 09:03:12 -0700
** Changed in: linux (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-0821
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3136
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3137
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3156
** Changed in: linux (Ubuntu Precise)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1563916
Title:
CVE-2016-0774
Status in linux package in Ubuntu:
Invalid
Status in linux-armadaxp package in Ubuntu:
Invalid
Status in linux-flo package in Ubuntu:
New
Status in linux-goldfish package in Ubuntu:
New
Status in linux-lts-quantal package in Ubuntu:
Invalid
Status in linux-lts-raring package in Ubuntu:
Invalid
Status in linux-lts-saucy package in Ubuntu:
Invalid
Status in linux-lts-trusty package in Ubuntu:
Invalid
Status in linux-lts-utopic package in Ubuntu:
Invalid
Status in linux-lts-vivid package in Ubuntu:
Invalid
Status in linux-lts-wily package in Ubuntu:
Invalid
Status in linux-lts-xenial package in Ubuntu:
Invalid
Status in linux-mako package in Ubuntu:
New
Status in linux-manta package in Ubuntu:
Invalid
Status in linux-raspi2 package in Ubuntu:
Invalid
Status in linux-snapdragon package in Ubuntu:
Invalid
Status in linux-ti-omap4 package in Ubuntu:
Invalid
Status in linux source package in Precise:
Fix Released
Status in linux-armadaxp source package in Precise:
Fix Released
Status in linux-flo source package in Precise:
Invalid
Status in linux-goldfish source package in Precise:
Invalid
Status in linux-lts-quantal source package in Precise:
Invalid
Status in linux-lts-raring source package in Precise:
Invalid
Status in linux-lts-saucy source package in Precise:
Invalid
Status in linux-lts-trusty source package in Precise:
Fix Released
Status in linux-lts-utopic source package in Precise:
Invalid
Status in linux-lts-vivid source package in Precise:
Invalid
Status in linux-lts-wily source package in Precise:
Invalid
Status in linux-lts-xenial source package in Precise:
Invalid
Status in linux-mako source package in Precise:
Invalid
Status in linux-manta source package in Precise:
Invalid
Status in linux-raspi2 source package in Precise:
Invalid
Status in linux-snapdragon source package in Precise:
Invalid
Status in linux-ti-omap4 source package in Precise:
Fix Released
Status in linux source package in Trusty:
Fix Released
Status in linux-armadaxp source package in Trusty:
Invalid
Status in linux-flo source package in Trusty:
Invalid
Status in linux-goldfish source package in Trusty:
Invalid
Status in linux-lts-quantal source package in Trusty:
Invalid
Status in linux-lts-raring source package in Trusty:
Invalid
Status in linux-lts-saucy source package in Trusty:
Invalid
Status in linux-lts-trusty source package in Trusty:
Invalid
Status in linux-lts-utopic source package in Trusty:
Invalid
Status in linux-lts-vivid source package in Trusty:
Invalid
Status in linux-lts-wily source package in Trusty:
Invalid
Status in linux-lts-xenial source package in Trusty:
Invalid
Status in linux-mako source package in Trusty:
Invalid
Status in linux-manta source package in Trusty:
Invalid
Status in linux-raspi2 source package in Trusty:
Invalid
Status in linux-snapdragon source package in Trusty:
Invalid
Status in linux-ti-omap4 source package in Trusty:
Invalid
Status in linux source package in Vivid:
New
Status in linux-armadaxp source package in Vivid:
New
Status in linux-flo source package in Vivid:
New
Status in linux-goldfish source package in Vivid:
New
Status in linux-lts-quantal source package in Vivid:
New
Status in linux-lts-raring source package in Vivid:
New
Status in linux-lts-saucy source package in Vivid:
New
Status in linux-lts-trusty source package in Vivid:
New
Status in linux-lts-utopic source package in Vivid:
New
Status in linux-lts-vivid source package in Vivid:
New
Status in linux-lts-wily source package in Vivid:
New
Status in linux-lts-xenial source package in Vivid:
New
Status in linux-mako source package in Vivid:
New
Status in linux-manta source package in Vivid:
New
Status in linux-raspi2 source package in Vivid:
New
Status in linux-snapdragon source package in Vivid:
New
Status in linux-ti-omap4 source package in Vivid:
New
Status in linux source package in Wily:
Invalid
Status in linux-armadaxp source package in Wily:
Invalid
Status in linux-flo source package in Wily:
New
Status in linux-goldfish source package in Wily:
New
Status in linux-lts-quantal source package in Wily:
Invalid
Status in linux-lts-raring source package in Wily:
Invalid
Status in linux-lts-saucy source package in Wily:
Invalid
Status in linux-lts-trusty source package in Wily:
Invalid
Status in linux-lts-utopic source package in Wily:
Invalid
Status in linux-lts-vivid source package in Wily:
Invalid
Status in linux-lts-wily source package in Wily:
Invalid
Status in linux-lts-xenial source package in Wily:
Invalid
Status in linux-mako source package in Wily:
New
Status in linux-manta source package in Wily:
New
Status in linux-raspi2 source package in Wily:
Invalid
Status in linux-snapdragon source package in Wily:
Invalid
Status in linux-ti-omap4 source package in Wily:
Invalid
Status in linux source package in Xenial:
Invalid
Status in linux-armadaxp source package in Xenial:
Invalid
Status in linux-flo source package in Xenial:
New
Status in linux-goldfish source package in Xenial:
New
Status in linux-lts-quantal source package in Xenial:
Invalid
Status in linux-lts-raring source package in Xenial:
Invalid
Status in linux-lts-saucy source package in Xenial:
Invalid
Status in linux-lts-trusty source package in Xenial:
Invalid
Status in linux-lts-utopic source package in Xenial:
Invalid
Status in linux-lts-vivid source package in Xenial:
Invalid
Status in linux-lts-wily source package in Xenial:
Invalid
Status in linux-lts-xenial source package in Xenial:
Invalid
Status in linux-mako source package in Xenial:
New
Status in linux-manta source package in Xenial:
Invalid
Status in linux-raspi2 source package in Xenial:
Invalid
Status in linux-snapdragon source package in Xenial:
Invalid
Status in linux-ti-omap4 source package in Xenial:
Invalid
Status in linux source package in Yakkety:
Invalid
Status in linux-armadaxp source package in Yakkety:
Invalid
Status in linux-flo source package in Yakkety:
New
Status in linux-goldfish source package in Yakkety:
New
Status in linux-lts-quantal source package in Yakkety:
Invalid
Status in linux-lts-raring source package in Yakkety:
Invalid
Status in linux-lts-saucy source package in Yakkety:
Invalid
Status in linux-lts-trusty source package in Yakkety:
Invalid
Status in linux-lts-utopic source package in Yakkety:
Invalid
Status in linux-lts-vivid source package in Yakkety:
Invalid
Status in linux-lts-wily source package in Yakkety:
Invalid
Status in linux-lts-xenial source package in Yakkety:
Invalid
Status in linux-mako source package in Yakkety:
New
Status in linux-manta source package in Yakkety:
Invalid
Status in linux-raspi2 source package in Yakkety:
Invalid
Status in linux-snapdragon source package in Yakkety:
Invalid
Status in linux-ti-omap4 source package in Yakkety:
Invalid
Bug description:
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a
certain Linux kernel backport in the linux package before
3.2.73-2+deb7u3 on Debian wheezy and the kernel package before
3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly
consider the side effects of failed __copy_to_user_inatomic and
__copy_from_user_inatomic calls, which allows local users to cause a
denial of service (system crash) or possibly gain privileges via a
crafted application, aka an "I/O vector array overrun." NOTE: this
vulnerability exists because of an incorrect fix for CVE-2015-1805.
Break-Fix: local-2016-0774-break local-2016-0774-fix
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1563916/+subscriptions
References