kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #27358
[Bug 1240580] Re: Raring update to 3.8.13.10 stable release
This bug was fixed in the package linux - 3.8.0-33.48
---------------
linux (3.8.0-33.48) raring; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #1242849
[ Maximiliano Curia ]
* SAUCE: (no-up) Only let characters through when there are active
readers.
- LP: #1208740
[ Upstream Kernel Changes ]
* cciss: fix info leak in cciss_ioctl32_passthru()
- LP: #1188355
- CVE-2013-2147
* cpqarray: fix info leak in ida_locked_ioctl()
- LP: #1188355
- CVE-2013-2147
* mount: consolidate permission checks
- LP: #1226726
* get rid of full-hash scan on detaching vfsmounts
- LP: #1226726
* Smack: Fix the bug smackcipso can't set CIPSO correctly
- LP: #1236743
* ipvs: add backup_only flag to avoid loops
- LP: #1238494
* tuntap: correctly handle error in tun_set_iff()
- LP: #1229975
- CVE-2013-4343
* htb: fix sign extension bug
- LP: #1240580
* net: avoid to hang up on sending due to sysctl configuration overflow.
- LP: #1240580
* net: check net.core.somaxconn sysctl values
- LP: #1240580
* macvlan: validate flags
- LP: #1240580
* neighbour: populate neigh_parms on alloc before calling ndo_neigh_setup
- LP: #1240580
* bonding: modify only neigh_parms owned by us
- LP: #1240580
* fib_trie: remove potential out of bound access
- LP: #1240580
* bridge: don't try to update timers in case of broken MLD queries
- LP: #1240580
* tcp: cubic: fix overflow error in bictcp_update()
- LP: #1240580
* tcp: cubic: fix bug in bictcp_acked()
- LP: #1240580
* ipv6: don't stop backtracking in fib6_lookup_1 if subtree does not
match
- LP: #1240580
* 8139cp: Fix skb leak in rx_status_loop failure path.
- LP: #1240580
* tun: signedness bug in tun_get_user()
- LP: #1240580
* ipv6: remove max_addresses check from ipv6_create_tempaddr
- LP: #1240580
* ipv6: Store Router Alert option in IP6CB directly.
- LP: #1240580
* ipv6: drop packets with multiple fragmentation headers
- LP: #1240580
* tcp: set timestamps for restored skb-s
- LP: #1240580
* net: usb: Add HP hs2434 device to ZLP exception table
- LP: #1240580
* tcp: initialize rcv_tstamp for restored sockets
- LP: #1240580
* ipv4: sendto/hdrincl: don't use destination address found in header
- LP: #1240580
* tcp: tcp_make_synack() should use sock_wmalloc
- LP: #1240580
* tipc: set sk_err correctly when connection fails
- LP: #1240580
* net: bridge: convert MLDv2 Query MRC into msecs_to_jiffies for
max_delay
- LP: #1240580
* ICMPv6: treat dest unreachable codes 5 and 6 as EACCES, not EPROTO
- LP: #1240580
* tg3: Don't turn off led on 5719 serdes port 0
- LP: #1240580
* vhost_net: poll vhost queue after marking DMA is done
- LP: #1240580
* net: ipv6: tcp: fix potential use after free in tcp_v6_do_rcv
- LP: #1240580
* drm/radeon/si: Add support for CP DMA to CS checker for compute v2
- LP: #1240580
* sfc: Fix efx_rx_buf_offset() for recycled pages
- LP: #1240580
* cfq: explicitly use 64bit divide operation for 64bit arguments
- LP: #1240580
* drm/radeon/atom: workaround vbios bug in transmitter table on rs880
(v2)
- LP: #1240580
* drm/ast: fix the ast open key function
- LP: #1240580
* sched/fair: Fix small race where child->se.parent,cfs_rq might point to
invalid ones
- LP: #1240580
* tg3: Expand led off fix to include 5720
- LP: #1240580
* HID: provide a helper for validating hid reports
- LP: #1240580
* HID: zeroplus: validate output report details
- LP: #1240580
- CVE-2013-2889
* HID: LG: validate HID output report details
- LP: #1240580
- CVE-2013-2893
* HID: lenovo-tpkbd: validate output report details
- LP: #1240580
- CVE-2013-2894
* HID: validate feature and input report details
- LP: #1240580
- CVE-2013-2897
* HID: logitech-dj: validate output report details
- LP: #1240580
- CVE-2013-2895
* HID: multitouch: validate indexes details
- LP: #1240580
- CVE-2013-2897
* HID: lenovo-tpkbd: fix leak if tpkbd_probe_tp fails
- LP: #1240580
* drm/radeon: fix panel scaling with eDP and LVDS bridges
- LP: #1240580
* cifs: fix filp leak in cifs_atomic_open()
- LP: #1240580
* net: usb: cdc_ether: Use wwan interface for Telit modules
- LP: #1240580
* usb: gadget: fix a bug and a WARN_ON in dummy-hcd
- LP: #1240580
* drm/i915: do not update cursor in crtc mode set
- LP: #1240580
* drm/i915: Don't enable the cursor on a disable pipe
- LP: #1240580
* drm/ttm: fix the tt_populated check in ttm_tt_destroy()
- LP: #1240580
* PCI / ACPI / PM: Clear pme_poll for devices in D3cold on wakeup
- LP: #1240580
* serial: pch_uart: fix tty-kref leak in dma-rx path
- LP: #1240580
* x86, efi: Don't map Boot Services on i386
- LP: #1240580
* ALSA: compress: Fix compress device unregister.
- LP: #1240580
* dm snapshot: workaround for a false positive lockdep warning
- LP: #1240580
* dm-snapshot: fix performance degradation due to small hash size
- LP: #1240580
* drm/radeon: Make r100_cp_ring_info() and radeon_ring_gfx() safe (v2)
- LP: #1240580
* ARM: 7837/3: fix Thumb-2 bug in AES assembler code
- LP: #1240580
* x86/reboot: Add quirk to make Dell C6100 use reboot=pci automatically
- LP: #1240580
* drm/radeon: disable tests/benchmarks if accel is disabled
- LP: #1240580
* xhci: Fix oops happening after address device timeout
- LP: #1240580
* xhci: Ensure a command structure points to the correct trb on the
command ring
- LP: #1240580
* drm/i915/dp: increase i2c-over-aux retry interval on AUX DEFER
- LP: #1240580
* staging: vt6656: [BUG] main_usb.c oops on device_close move flag
earlier.
- LP: #1240580
* staging: vt6656: [BUG] iwctl_siwencodeext return if device not open
- LP: #1240580
* USB: UHCI: accept very late isochronous URBs
- LP: #1240580
* USB: OHCI: accept very late isochronous URBs
- LP: #1240580
* USB: fix PM config symbol in uhci-hcd, ehci-hcd, and xhci-hcd
- LP: #1240580
* usb/core/devio.c: Don't reject control message to endpoint with wrong
direction bit
- LP: #1240580
* hwmon: (applesmc) Check key count before proceeding
- LP: #1240580
* fsl/usb: Resolve PHY_CLK_VLD instability issue for ULPI phy
- LP: #1240580
* driver core : Fix use after free of dev->parent in device_shutdown
- LP: #1240580
* USB: Fix breakage in ffs_fs_mount()
- LP: #1240580
* usb: dwc3: pci: add support for BayTrail
- LP: #1240580
* usb: dwc3: add support for Merrifield
- LP: #1240580
* ASoC: max98095: a couple array underflows
- LP: #1240580
* ASoC: ab8500-codec: info leak in anc_status_control_put()
- LP: #1240580
* ASoC: 88pm860x: array overflow in snd_soc_put_volsw_2r_st()
- LP: #1240580
* Bluetooth: Add a new PID/VID 0cf3/e005 for AR3012.
- LP: #1240580
* Bluetooth: Fix security level for peripheral role
- LP: #1240580
* Bluetooth: Fix encryption key size for peripheral role
- LP: #1240580
* Bluetooth: Add support for BCM20702A0 [0b05, 17cb]
- LP: #1240580
* Bluetooth: Introduce a new HCI_RFKILLED flag
- LP: #1240580
* rtlwifi: Align private space in rtl_priv struct
- LP: #1240580
* p54usb: add USB ID for Corega WLUSB2GTST USB adapter
- LP: #1240580
* mwifiex: fix hang issue for USB chipsets
- LP: #1240580
* mwifiex: fix NULL pointer dereference in usb suspend handler
- LP: #1240580
* fs/binfmt_elf.c: prevent a coredump with a large vm_map_count from
Oopsing
- LP: #1240580
* nilfs2: fix issue with race condition of competition between segments
for dirty blocks
- LP: #1240580
* mm: avoid reinserting isolated balloon pages into LRU lists
- LP: #1240580
* USB: serial: option: Ignore card reader interface on Huawei E1750
- LP: #1240580
* gpio/omap: maintain GPIO and IRQ usage separately
- LP: #1240580
* gpio/omap: auto-setup a GPIO when used as an IRQ
- LP: #1240580
* ib_srpt: Destroy cm_id before destroying QP.
- LP: #1240580
* powerpc: Fix parameter clobber in csum_partial_copy_generic()
- LP: #1240580
* powerpc: Restore registers on error exit from
csum_partial_copy_generic()
- LP: #1240580
* powerpc/sysfs: Disable writing to PURR in guest mode
- LP: #1240580
* powerpc/iommu: Use GFP_KERNEL instead of GFP_ATOMIC in
iommu_init_table()
- LP: #1240580
* powerpc/vio: Fix modalias_show return values
- LP: #1240580
* ib_srpt: always set response for task management
- LP: #1240580
* xen/hvc: allow xenboot console to be used again
- LP: #1240580
* net: Update the sysctl permissions handler to test effective uid/gid
- LP: #1240580
* Linux 3.8.13.11
- LP: #1240580
-- Brad Figg <brad.figg@xxxxxxxxxxxxx> Mon, 21 Oct 2013 12:04:49 -0700
** Changed in: linux (Ubuntu Raring)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2147
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2889
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2893
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2894
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2895
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2897
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4343
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1240580
Title:
Raring update to 3.8.13.10 stable release
Status in “linux” package in Ubuntu:
New
Status in “linux” source package in Raring:
Fix Released
Bug description:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from Linus' tree or in a minimally
backported form of that patch. The 3.8.13.10 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
git://kernel.ubuntu.com/ubuntu/linux.git
TEST CASE: TBD
The following patches are in the 3.8.13.10 stable release:
Linux 3.8.13.11
net: Update the sysctl permissions handler to test effective uid/gid
xen/hvc: allow xenboot console to be used again
ib_srpt: always set response for task management
powerpc/vio: Fix modalias_show return values
powerpc/iommu: Use GFP_KERNEL instead of GFP_ATOMIC in iommu_init_table()
powerpc/sysfs: Disable writing to PURR in guest mode
powerpc: Restore registers on error exit from csum_partial_copy_generic()
powerpc: Fix parameter clobber in csum_partial_copy_generic()
ib_srpt: Destroy cm_id before destroying QP.
gpio/omap: auto-setup a GPIO when used as an IRQ
gpio/omap: maintain GPIO and IRQ usage separately
USB: serial: option: Ignore card reader interface on Huawei E1750
mm: avoid reinserting isolated balloon pages into LRU lists
nilfs2: fix issue with race condition of competition between segments for dirty blocks
fs/binfmt_elf.c: prevent a coredump with a large vm_map_count from Oopsing
mwifiex: fix NULL pointer dereference in usb suspend handler
mwifiex: fix hang issue for USB chipsets
p54usb: add USB ID for Corega WLUSB2GTST USB adapter
rtlwifi: Align private space in rtl_priv struct
Bluetooth: Introduce a new HCI_RFKILLED flag
Bluetooth: Add support for BCM20702A0 [0b05, 17cb]
Bluetooth: Fix encryption key size for peripheral role
Bluetooth: Fix security level for peripheral role
Bluetooth: Add a new PID/VID 0cf3/e005 for AR3012.
ASoC: 88pm860x: array overflow in snd_soc_put_volsw_2r_st()
ASoC: ab8500-codec: info leak in anc_status_control_put()
ASoC: max98095: a couple array underflows
usb: dwc3: add support for Merrifield
usb: dwc3: pci: add support for BayTrail
USB: Fix breakage in ffs_fs_mount()
driver core : Fix use after free of dev->parent in device_shutdown
fsl/usb: Resolve PHY_CLK_VLD instability issue for ULPI phy
hwmon: (applesmc) Check key count before proceeding
usb/core/devio.c: Don't reject control message to endpoint with wrong direction bit
USB: fix PM config symbol in uhci-hcd, ehci-hcd, and xhci-hcd
USB: OHCI: accept very late isochronous URBs
USB: UHCI: accept very late isochronous URBs
staging: vt6656: [BUG] iwctl_siwencodeext return if device not open
staging: vt6656: [BUG] main_usb.c oops on device_close move flag earlier.
drm/i915/dp: increase i2c-over-aux retry interval on AUX DEFER
xhci: Ensure a command structure points to the correct trb on the command ring
xhci: Fix oops happening after address device timeout
drm/radeon: disable tests/benchmarks if accel is disabled
x86/reboot: Add quirk to make Dell C6100 use reboot=pci automatically
ARM: 7837/3: fix Thumb-2 bug in AES assembler code
drm/radeon: Make r100_cp_ring_info() and radeon_ring_gfx() safe (v2)
dm-snapshot: fix performance degradation due to small hash size
dm snapshot: workaround for a false positive lockdep warning
ALSA: compress: Fix compress device unregister.
x86, efi: Don't map Boot Services on i386
serial: pch_uart: fix tty-kref leak in dma-rx path
Smack: Fix the bug smackcipso can't set CIPSO correctly
PCI / ACPI / PM: Clear pme_poll for devices in D3cold on wakeup
drm/ttm: fix the tt_populated check in ttm_tt_destroy()
drm/i915: Don't enable the cursor on a disable pipe
drm/i915: do not update cursor in crtc mode set
usb: gadget: fix a bug and a WARN_ON in dummy-hcd
net: usb: cdc_ether: Use wwan interface for Telit modules
cifs: fix filp leak in cifs_atomic_open()
drm/radeon: fix panel scaling with eDP and LVDS bridges
HID: lenovo-tpkbd: fix leak if tpkbd_probe_tp fails
HID: multitouch: validate indexes details
HID: logitech-dj: validate output report details
HID: validate feature and input report details
HID: lenovo-tpkbd: validate output report details
HID: LG: validate HID output report details
HID: zeroplus: validate output report details
HID: provide a helper for validating hid reports
tg3: Expand led off fix to include 5720
sched/fair: Fix small race where child->se.parent,cfs_rq might point to invalid ones
drm/ast: fix the ast open key function
drm/radeon/atom: workaround vbios bug in transmitter table on rs880 (v2)
cciss: fix info leak in cciss_ioctl32_passthru()
cpqarray: fix info leak in ida_locked_ioctl()
cfq: explicitly use 64bit divide operation for 64bit arguments
sfc: Fix efx_rx_buf_offset() for recycled pages
drm/radeon/si: Add support for CP DMA to CS checker for compute v2
net: ipv6: tcp: fix potential use after free in tcp_v6_do_rcv
vhost_net: poll vhost queue after marking DMA is done
tg3: Don't turn off led on 5719 serdes port 0
ICMPv6: treat dest unreachable codes 5 and 6 as EACCES, not EPROTO
net: bridge: convert MLDv2 Query MRC into msecs_to_jiffies for max_delay
tipc: set sk_err correctly when connection fails
tcp: tcp_make_synack() should use sock_wmalloc
ipv4: sendto/hdrincl: don't use destination address found in header
tcp: initialize rcv_tstamp for restored sockets
net: usb: Add HP hs2434 device to ZLP exception table
tcp: set timestamps for restored skb-s
ipv6: drop packets with multiple fragmentation headers
ipv6: Store Router Alert option in IP6CB directly.
ipv6: remove max_addresses check from ipv6_create_tempaddr
tun: signedness bug in tun_get_user()
8139cp: Fix skb leak in rx_status_loop failure path.
ipv6: don't stop backtracking in fib6_lookup_1 if subtree does not match
tcp: cubic: fix bug in bictcp_acked()
tcp: cubic: fix overflow error in bictcp_update()
bridge: don't try to update timers in case of broken MLD queries
fib_trie: remove potential out of bound access
bonding: modify only neigh_parms owned by us
neighbour: populate neigh_parms on alloc before calling ndo_neigh_setup
macvlan: validate flags
net: check net.core.somaxconn sysctl values
net: avoid to hang up on sending due to sysctl configuration overflow.
htb: fix sign extension bug
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1240580/+subscriptions
References
