← Back to team overview

kernel-packages team mailing list archive

[Bug 1567191] Re: CVE-2016-3951

 

This bug was fixed in the package linux - 3.2.0-105.146

---------------
linux (3.2.0-105.146) precise; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1591329

  [ Kamal Mostafa ]

  * [debian] getabis: Fix inconsistent compiler versions check
    - LP: #1584890

  [ Upstream Kernel Changes ]

  * ppp: take reference on channels netns
    - LP: #1583963
    - CVE-2016-4805
  * ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
    - LP: #1580379
    - CVE-2016-4569
  * ALSA: timer: Fix leak in events via snd_timer_user_ccallback
    - LP: #1581866
    - CVE-2016-4578
  * ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
    - LP: #1581866
    - CVE-2016-4578
  * net: fix a kernel infoleak in x25 module
    - LP: #1585366
    - CVE-2016-4580
  * get_rock_ridge_filename(): handle malformed NM entries
    - LP: #1583962
    - CVE-2016-4913
  * USB: usbfs: fix potential infoleak in devio
    - LP: #1578493
    - CVE-2016-4482
  * IB/security: Restrict use of the write() interface
    - LP: #1580372
    - CVE-2016-4565
  * usbnet: cleanup after bind() in probe()
    - LP: #1567191
    - CVE-2016-3951

 -- Kamal Mostafa <kamal@xxxxxxxxxxxxx>  Fri, 10 Jun 2016 12:12:23 -0700

** Changed in: linux (Ubuntu Precise)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4482

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4565

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4569

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4578

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4580

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4805

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4913

** Changed in: linux (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1567191

Title:
  CVE-2016-3951

Status in linux package in Ubuntu:
  Fix Released
Status in linux-armadaxp package in Ubuntu:
  Invalid
Status in linux-flo package in Ubuntu:
  New
Status in linux-goldfish package in Ubuntu:
  New
Status in linux-lts-quantal package in Ubuntu:
  Invalid
Status in linux-lts-raring package in Ubuntu:
  Invalid
Status in linux-lts-saucy package in Ubuntu:
  Invalid
Status in linux-lts-trusty package in Ubuntu:
  Invalid
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux-lts-vivid package in Ubuntu:
  Invalid
Status in linux-lts-wily package in Ubuntu:
  Invalid
Status in linux-lts-xenial package in Ubuntu:
  Invalid
Status in linux-mako package in Ubuntu:
  New
Status in linux-manta package in Ubuntu:
  Invalid
Status in linux-raspi2 package in Ubuntu:
  New
Status in linux-snapdragon package in Ubuntu:
  New
Status in linux-ti-omap4 package in Ubuntu:
  Invalid
Status in linux source package in Precise:
  Fix Released
Status in linux-armadaxp source package in Precise:
  Fix Released
Status in linux-flo source package in Precise:
  Invalid
Status in linux-goldfish source package in Precise:
  Invalid
Status in linux-lts-quantal source package in Precise:
  Invalid
Status in linux-lts-raring source package in Precise:
  Invalid
Status in linux-lts-saucy source package in Precise:
  Invalid
Status in linux-lts-trusty source package in Precise:
  Fix Released
Status in linux-lts-utopic source package in Precise:
  Invalid
Status in linux-lts-vivid source package in Precise:
  Invalid
Status in linux-lts-wily source package in Precise:
  Invalid
Status in linux-lts-xenial source package in Precise:
  Invalid
Status in linux-mako source package in Precise:
  Invalid
Status in linux-manta source package in Precise:
  Invalid
Status in linux-raspi2 source package in Precise:
  Invalid
Status in linux-snapdragon source package in Precise:
  Invalid
Status in linux-ti-omap4 source package in Precise:
  Fix Released
Status in linux source package in Trusty:
  Fix Released
Status in linux-armadaxp source package in Trusty:
  Invalid
Status in linux-flo source package in Trusty:
  Invalid
Status in linux-goldfish source package in Trusty:
  Invalid
Status in linux-lts-quantal source package in Trusty:
  Invalid
Status in linux-lts-raring source package in Trusty:
  Invalid
Status in linux-lts-saucy source package in Trusty:
  Invalid
Status in linux-lts-trusty source package in Trusty:
  Invalid
Status in linux-lts-utopic source package in Trusty:
  Fix Released
Status in linux-lts-vivid source package in Trusty:
  Fix Released
Status in linux-lts-wily source package in Trusty:
  Fix Released
Status in linux-lts-xenial source package in Trusty:
  Fix Released
Status in linux-mako source package in Trusty:
  Invalid
Status in linux-manta source package in Trusty:
  Invalid
Status in linux-raspi2 source package in Trusty:
  Invalid
Status in linux-snapdragon source package in Trusty:
  Invalid
Status in linux-ti-omap4 source package in Trusty:
  Invalid
Status in linux source package in Vivid:
  Fix Released
Status in linux-armadaxp source package in Vivid:
  New
Status in linux-flo source package in Vivid:
  New
Status in linux-goldfish source package in Vivid:
  New
Status in linux-lts-quantal source package in Vivid:
  New
Status in linux-lts-raring source package in Vivid:
  New
Status in linux-lts-saucy source package in Vivid:
  New
Status in linux-lts-trusty source package in Vivid:
  New
Status in linux-lts-utopic source package in Vivid:
  New
Status in linux-lts-vivid source package in Vivid:
  New
Status in linux-lts-wily source package in Vivid:
  New
Status in linux-lts-xenial source package in Vivid:
  New
Status in linux-mako source package in Vivid:
  New
Status in linux-manta source package in Vivid:
  New
Status in linux-raspi2 source package in Vivid:
  New
Status in linux-snapdragon source package in Vivid:
  New
Status in linux-ti-omap4 source package in Vivid:
  New
Status in linux source package in Wily:
  Fix Released
Status in linux-armadaxp source package in Wily:
  Invalid
Status in linux-flo source package in Wily:
  New
Status in linux-goldfish source package in Wily:
  New
Status in linux-lts-quantal source package in Wily:
  Invalid
Status in linux-lts-raring source package in Wily:
  Invalid
Status in linux-lts-saucy source package in Wily:
  Invalid
Status in linux-lts-trusty source package in Wily:
  Invalid
Status in linux-lts-utopic source package in Wily:
  Invalid
Status in linux-lts-vivid source package in Wily:
  Invalid
Status in linux-lts-wily source package in Wily:
  Invalid
Status in linux-lts-xenial source package in Wily:
  Invalid
Status in linux-mako source package in Wily:
  New
Status in linux-manta source package in Wily:
  New
Status in linux-raspi2 source package in Wily:
  Fix Released
Status in linux-snapdragon source package in Wily:
  Invalid
Status in linux-ti-omap4 source package in Wily:
  Invalid
Status in linux source package in Xenial:
  Fix Released
Status in linux-armadaxp source package in Xenial:
  Invalid
Status in linux-flo source package in Xenial:
  New
Status in linux-goldfish source package in Xenial:
  New
Status in linux-lts-quantal source package in Xenial:
  Invalid
Status in linux-lts-raring source package in Xenial:
  Invalid
Status in linux-lts-saucy source package in Xenial:
  Invalid
Status in linux-lts-trusty source package in Xenial:
  Invalid
Status in linux-lts-utopic source package in Xenial:
  Invalid
Status in linux-lts-vivid source package in Xenial:
  Invalid
Status in linux-lts-wily source package in Xenial:
  Invalid
Status in linux-lts-xenial source package in Xenial:
  Invalid
Status in linux-mako source package in Xenial:
  New
Status in linux-manta source package in Xenial:
  Invalid
Status in linux-raspi2 source package in Xenial:
  Fix Released
Status in linux-snapdragon source package in Xenial:
  Fix Released
Status in linux-ti-omap4 source package in Xenial:
  Invalid
Status in linux source package in Yakkety:
  Fix Released
Status in linux-armadaxp source package in Yakkety:
  Invalid
Status in linux-flo source package in Yakkety:
  New
Status in linux-goldfish source package in Yakkety:
  New
Status in linux-lts-quantal source package in Yakkety:
  Invalid
Status in linux-lts-raring source package in Yakkety:
  Invalid
Status in linux-lts-saucy source package in Yakkety:
  Invalid
Status in linux-lts-trusty source package in Yakkety:
  Invalid
Status in linux-lts-utopic source package in Yakkety:
  Invalid
Status in linux-lts-vivid source package in Yakkety:
  Invalid
Status in linux-lts-wily source package in Yakkety:
  Invalid
Status in linux-lts-xenial source package in Yakkety:
  Invalid
Status in linux-mako source package in Yakkety:
  New
Status in linux-manta source package in Yakkety:
  Invalid
Status in linux-raspi2 source package in Yakkety:
  New
Status in linux-snapdragon source package in Yakkety:
  New
Status in linux-ti-omap4 source package in Yakkety:
  Invalid

Bug description:
  Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux
  kernel before 4.5 allows physically proximate attackers to cause a
  denial of service (system crash) or possibly have unspecified other
  impact by inserting a USB device with an invalid USB descriptor.

  Break-Fix: 8a34b0ae8778f6b42ed38857486b769a224e2536 4d06dd537f95683aba3651098ae288b7cbff8274
  Break-Fix: - 1666984c8625b3db19a9abc298931d35ab7bc64b

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1567191/+subscriptions


References