kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #27382
[Bug 1188355] Re: CVE-2013-2147
This bug was fixed in the package linux - 3.8.0-33.48
---------------
linux (3.8.0-33.48) raring; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #1242849
[ Maximiliano Curia ]
* SAUCE: (no-up) Only let characters through when there are active
readers.
- LP: #1208740
[ Upstream Kernel Changes ]
* cciss: fix info leak in cciss_ioctl32_passthru()
- LP: #1188355
- CVE-2013-2147
* cpqarray: fix info leak in ida_locked_ioctl()
- LP: #1188355
- CVE-2013-2147
* mount: consolidate permission checks
- LP: #1226726
* get rid of full-hash scan on detaching vfsmounts
- LP: #1226726
* Smack: Fix the bug smackcipso can't set CIPSO correctly
- LP: #1236743
* ipvs: add backup_only flag to avoid loops
- LP: #1238494
* tuntap: correctly handle error in tun_set_iff()
- LP: #1229975
- CVE-2013-4343
* htb: fix sign extension bug
- LP: #1240580
* net: avoid to hang up on sending due to sysctl configuration overflow.
- LP: #1240580
* net: check net.core.somaxconn sysctl values
- LP: #1240580
* macvlan: validate flags
- LP: #1240580
* neighbour: populate neigh_parms on alloc before calling ndo_neigh_setup
- LP: #1240580
* bonding: modify only neigh_parms owned by us
- LP: #1240580
* fib_trie: remove potential out of bound access
- LP: #1240580
* bridge: don't try to update timers in case of broken MLD queries
- LP: #1240580
* tcp: cubic: fix overflow error in bictcp_update()
- LP: #1240580
* tcp: cubic: fix bug in bictcp_acked()
- LP: #1240580
* ipv6: don't stop backtracking in fib6_lookup_1 if subtree does not
match
- LP: #1240580
* 8139cp: Fix skb leak in rx_status_loop failure path.
- LP: #1240580
* tun: signedness bug in tun_get_user()
- LP: #1240580
* ipv6: remove max_addresses check from ipv6_create_tempaddr
- LP: #1240580
* ipv6: Store Router Alert option in IP6CB directly.
- LP: #1240580
* ipv6: drop packets with multiple fragmentation headers
- LP: #1240580
* tcp: set timestamps for restored skb-s
- LP: #1240580
* net: usb: Add HP hs2434 device to ZLP exception table
- LP: #1240580
* tcp: initialize rcv_tstamp for restored sockets
- LP: #1240580
* ipv4: sendto/hdrincl: don't use destination address found in header
- LP: #1240580
* tcp: tcp_make_synack() should use sock_wmalloc
- LP: #1240580
* tipc: set sk_err correctly when connection fails
- LP: #1240580
* net: bridge: convert MLDv2 Query MRC into msecs_to_jiffies for
max_delay
- LP: #1240580
* ICMPv6: treat dest unreachable codes 5 and 6 as EACCES, not EPROTO
- LP: #1240580
* tg3: Don't turn off led on 5719 serdes port 0
- LP: #1240580
* vhost_net: poll vhost queue after marking DMA is done
- LP: #1240580
* net: ipv6: tcp: fix potential use after free in tcp_v6_do_rcv
- LP: #1240580
* drm/radeon/si: Add support for CP DMA to CS checker for compute v2
- LP: #1240580
* sfc: Fix efx_rx_buf_offset() for recycled pages
- LP: #1240580
* cfq: explicitly use 64bit divide operation for 64bit arguments
- LP: #1240580
* drm/radeon/atom: workaround vbios bug in transmitter table on rs880
(v2)
- LP: #1240580
* drm/ast: fix the ast open key function
- LP: #1240580
* sched/fair: Fix small race where child->se.parent,cfs_rq might point to
invalid ones
- LP: #1240580
* tg3: Expand led off fix to include 5720
- LP: #1240580
* HID: provide a helper for validating hid reports
- LP: #1240580
* HID: zeroplus: validate output report details
- LP: #1240580
- CVE-2013-2889
* HID: LG: validate HID output report details
- LP: #1240580
- CVE-2013-2893
* HID: lenovo-tpkbd: validate output report details
- LP: #1240580
- CVE-2013-2894
* HID: validate feature and input report details
- LP: #1240580
- CVE-2013-2897
* HID: logitech-dj: validate output report details
- LP: #1240580
- CVE-2013-2895
* HID: multitouch: validate indexes details
- LP: #1240580
- CVE-2013-2897
* HID: lenovo-tpkbd: fix leak if tpkbd_probe_tp fails
- LP: #1240580
* drm/radeon: fix panel scaling with eDP and LVDS bridges
- LP: #1240580
* cifs: fix filp leak in cifs_atomic_open()
- LP: #1240580
* net: usb: cdc_ether: Use wwan interface for Telit modules
- LP: #1240580
* usb: gadget: fix a bug and a WARN_ON in dummy-hcd
- LP: #1240580
* drm/i915: do not update cursor in crtc mode set
- LP: #1240580
* drm/i915: Don't enable the cursor on a disable pipe
- LP: #1240580
* drm/ttm: fix the tt_populated check in ttm_tt_destroy()
- LP: #1240580
* PCI / ACPI / PM: Clear pme_poll for devices in D3cold on wakeup
- LP: #1240580
* serial: pch_uart: fix tty-kref leak in dma-rx path
- LP: #1240580
* x86, efi: Don't map Boot Services on i386
- LP: #1240580
* ALSA: compress: Fix compress device unregister.
- LP: #1240580
* dm snapshot: workaround for a false positive lockdep warning
- LP: #1240580
* dm-snapshot: fix performance degradation due to small hash size
- LP: #1240580
* drm/radeon: Make r100_cp_ring_info() and radeon_ring_gfx() safe (v2)
- LP: #1240580
* ARM: 7837/3: fix Thumb-2 bug in AES assembler code
- LP: #1240580
* x86/reboot: Add quirk to make Dell C6100 use reboot=pci automatically
- LP: #1240580
* drm/radeon: disable tests/benchmarks if accel is disabled
- LP: #1240580
* xhci: Fix oops happening after address device timeout
- LP: #1240580
* xhci: Ensure a command structure points to the correct trb on the
command ring
- LP: #1240580
* drm/i915/dp: increase i2c-over-aux retry interval on AUX DEFER
- LP: #1240580
* staging: vt6656: [BUG] main_usb.c oops on device_close move flag
earlier.
- LP: #1240580
* staging: vt6656: [BUG] iwctl_siwencodeext return if device not open
- LP: #1240580
* USB: UHCI: accept very late isochronous URBs
- LP: #1240580
* USB: OHCI: accept very late isochronous URBs
- LP: #1240580
* USB: fix PM config symbol in uhci-hcd, ehci-hcd, and xhci-hcd
- LP: #1240580
* usb/core/devio.c: Don't reject control message to endpoint with wrong
direction bit
- LP: #1240580
* hwmon: (applesmc) Check key count before proceeding
- LP: #1240580
* fsl/usb: Resolve PHY_CLK_VLD instability issue for ULPI phy
- LP: #1240580
* driver core : Fix use after free of dev->parent in device_shutdown
- LP: #1240580
* USB: Fix breakage in ffs_fs_mount()
- LP: #1240580
* usb: dwc3: pci: add support for BayTrail
- LP: #1240580
* usb: dwc3: add support for Merrifield
- LP: #1240580
* ASoC: max98095: a couple array underflows
- LP: #1240580
* ASoC: ab8500-codec: info leak in anc_status_control_put()
- LP: #1240580
* ASoC: 88pm860x: array overflow in snd_soc_put_volsw_2r_st()
- LP: #1240580
* Bluetooth: Add a new PID/VID 0cf3/e005 for AR3012.
- LP: #1240580
* Bluetooth: Fix security level for peripheral role
- LP: #1240580
* Bluetooth: Fix encryption key size for peripheral role
- LP: #1240580
* Bluetooth: Add support for BCM20702A0 [0b05, 17cb]
- LP: #1240580
* Bluetooth: Introduce a new HCI_RFKILLED flag
- LP: #1240580
* rtlwifi: Align private space in rtl_priv struct
- LP: #1240580
* p54usb: add USB ID for Corega WLUSB2GTST USB adapter
- LP: #1240580
* mwifiex: fix hang issue for USB chipsets
- LP: #1240580
* mwifiex: fix NULL pointer dereference in usb suspend handler
- LP: #1240580
* fs/binfmt_elf.c: prevent a coredump with a large vm_map_count from
Oopsing
- LP: #1240580
* nilfs2: fix issue with race condition of competition between segments
for dirty blocks
- LP: #1240580
* mm: avoid reinserting isolated balloon pages into LRU lists
- LP: #1240580
* USB: serial: option: Ignore card reader interface on Huawei E1750
- LP: #1240580
* gpio/omap: maintain GPIO and IRQ usage separately
- LP: #1240580
* gpio/omap: auto-setup a GPIO when used as an IRQ
- LP: #1240580
* ib_srpt: Destroy cm_id before destroying QP.
- LP: #1240580
* powerpc: Fix parameter clobber in csum_partial_copy_generic()
- LP: #1240580
* powerpc: Restore registers on error exit from
csum_partial_copy_generic()
- LP: #1240580
* powerpc/sysfs: Disable writing to PURR in guest mode
- LP: #1240580
* powerpc/iommu: Use GFP_KERNEL instead of GFP_ATOMIC in
iommu_init_table()
- LP: #1240580
* powerpc/vio: Fix modalias_show return values
- LP: #1240580
* ib_srpt: always set response for task management
- LP: #1240580
* xen/hvc: allow xenboot console to be used again
- LP: #1240580
* net: Update the sysctl permissions handler to test effective uid/gid
- LP: #1240580
* Linux 3.8.13.11
- LP: #1240580
-- Brad Figg <brad.figg@xxxxxxxxxxxxx> Mon, 21 Oct 2013 12:04:49 -0700
** Changed in: linux (Ubuntu Raring)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1188355
Title:
CVE-2013-2147
Status in “linux” package in Ubuntu:
Fix Released
Status in “linux-armadaxp” package in Ubuntu:
Invalid
Status in “linux-ec2” package in Ubuntu:
Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
Invalid
Status in “linux-lts-backport-natty” package in Ubuntu:
Invalid
Status in “linux-lts-backport-oneiric” package in Ubuntu:
Invalid
Status in “linux-lts-quantal” package in Ubuntu:
Invalid
Status in “linux-lts-raring” package in Ubuntu:
Invalid
Status in “linux-lts-saucy” package in Ubuntu:
New
Status in “linux-mvl-dove” package in Ubuntu:
Invalid
Status in “linux-ti-omap4” package in Ubuntu:
Fix Committed
Status in “linux” source package in Lucid:
Fix Released
Status in “linux-armadaxp” source package in Lucid:
Invalid
Status in “linux-ec2” source package in Lucid:
Fix Released
Status in “linux-fsl-imx51” source package in Lucid:
Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
Invalid
Status in “linux-lts-backport-natty” source package in Lucid:
Invalid
Status in “linux-lts-backport-oneiric” source package in Lucid:
Invalid
Status in “linux-lts-quantal” source package in Lucid:
Invalid
Status in “linux-lts-raring” source package in Lucid:
Invalid
Status in “linux-lts-saucy” source package in Lucid:
New
Status in “linux-mvl-dove” source package in Lucid:
Invalid
Status in “linux-ti-omap4” source package in Lucid:
Invalid
Status in “linux” source package in Precise:
Fix Released
Status in “linux-armadaxp” source package in Precise:
Fix Released
Status in “linux-ec2” source package in Precise:
Invalid
Status in “linux-fsl-imx51” source package in Precise:
Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
Invalid
Status in “linux-lts-backport-natty” source package in Precise:
Invalid
Status in “linux-lts-backport-oneiric” source package in Precise:
Invalid
Status in “linux-lts-quantal” source package in Precise:
Fix Released
Status in “linux-lts-raring” source package in Precise:
Fix Released
Status in “linux-lts-saucy” source package in Precise:
New
Status in “linux-mvl-dove” source package in Precise:
Invalid
Status in “linux-ti-omap4” source package in Precise:
Fix Released
Status in “linux” source package in Quantal:
Fix Released
Status in “linux-armadaxp” source package in Quantal:
Fix Released
Status in “linux-ec2” source package in Quantal:
Invalid
Status in “linux-fsl-imx51” source package in Quantal:
Invalid
Status in “linux-lts-backport-maverick” source package in Quantal:
Invalid
Status in “linux-lts-backport-natty” source package in Quantal:
Invalid
Status in “linux-lts-backport-oneiric” source package in Quantal:
Invalid
Status in “linux-lts-quantal” source package in Quantal:
Invalid
Status in “linux-lts-raring” source package in Quantal:
Invalid
Status in “linux-lts-saucy” source package in Quantal:
New
Status in “linux-mvl-dove” source package in Quantal:
Invalid
Status in “linux-ti-omap4” source package in Quantal:
Fix Released
Status in “linux” source package in Raring:
Fix Released
Status in “linux-armadaxp” source package in Raring:
Invalid
Status in “linux-ec2” source package in Raring:
Invalid
Status in “linux-fsl-imx51” source package in Raring:
Invalid
Status in “linux-lts-backport-maverick” source package in Raring:
Invalid
Status in “linux-lts-backport-natty” source package in Raring:
Invalid
Status in “linux-lts-backport-oneiric” source package in Raring:
Invalid
Status in “linux-lts-quantal” source package in Raring:
Invalid
Status in “linux-lts-raring” source package in Raring:
Invalid
Status in “linux-lts-saucy” source package in Raring:
New
Status in “linux-mvl-dove” source package in Raring:
Invalid
Status in “linux-ti-omap4” source package in Raring:
Fix Released
Status in “linux” source package in Saucy:
Fix Released
Status in “linux-armadaxp” source package in Saucy:
Invalid
Status in “linux-ec2” source package in Saucy:
Invalid
Status in “linux-fsl-imx51” source package in Saucy:
Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
Invalid
Status in “linux-lts-backport-natty” source package in Saucy:
Invalid
Status in “linux-lts-backport-oneiric” source package in Saucy:
Invalid
Status in “linux-lts-quantal” source package in Saucy:
Invalid
Status in “linux-lts-raring” source package in Saucy:
Invalid
Status in “linux-lts-saucy” source package in Saucy:
New
Status in “linux-mvl-dove” source package in Saucy:
Invalid
Status in “linux-ti-omap4” source package in Saucy:
Fix Released
Status in “linux” source package in Trusty:
Fix Released
Status in “linux-armadaxp” source package in Trusty:
Invalid
Status in “linux-ec2” source package in Trusty:
Invalid
Status in “linux-fsl-imx51” source package in Trusty:
Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
Invalid
Status in “linux-lts-backport-natty” source package in Trusty:
Invalid
Status in “linux-lts-backport-oneiric” source package in Trusty:
Invalid
Status in “linux-lts-quantal” source package in Trusty:
Invalid
Status in “linux-lts-raring” source package in Trusty:
Invalid
Status in “linux-lts-saucy” source package in Trusty:
New
Status in “linux-mvl-dove” source package in Trusty:
Invalid
Status in “linux-ti-omap4” source package in Trusty:
Fix Committed
Bug description:
The HP Smart Array controller disk-array driver and Compaq SMART2
controller disk-array driver in the Linux kernel through 3.9.4 do not
initialize certain data structures, which allows local users to obtain
sensitive information from kernel memory via (1) a crafted
IDAGETPCIINFO command for a /dev/ida device, related to the
ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted
CCISS_PASSTHRU32 command for a /dev/cciss device, related to the
cciss_ioctl32_passthru function in drivers/block/cciss.c.
Break-Fix: - 627aad1c01da6f881e7f98d71fd928ca0c316b1a
Break-Fix: - 58f09e00ae095e46ef9edfcf3a5fd9ccdfad065e
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1188355/+subscriptions