← Back to team overview

kernel-packages team mailing list archive

[Bug 1271444] Re: CVE-2014-1445

 

This bug was fixed in the package linux-ec2 - 2.6.32-362.75

---------------
linux-ec2 (2.6.32-362.75) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-57.119
  * Release Tracking Bug
    - LP: #1281942

  [ Ubuntu: 2.6.32-57.119 ]

  * ubuntu: AUFS: fsnotify_open() now receives a file
    - LP: #1097680
    - CVE-2013-0160
  * KVM: Improve create VCPU parameter (CVE-2013-4587)
    - LP: #1261564
    - CVE-2013-4587
  * KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
    - LP: #1261566
    - CVE-2013-6367
  * xfs: underflow bug in xfs_attrlist_by_handle()
    - LP: #1256091
    - CVE-2013-6382
  * aacraid: prevent invalid pointer dereference
    - LP: #1256083
    - CVE-2013-6380
  * wireless: radiotap: fix parsing buffer overrun
    - LP: #1260622
    - CVE-2013-7027
  * net: rework recvmsg handler msg_name and msg_namelen logic
    - LP: #1267081
    - CVE-2013-7266
  * net: rose: restore old recvmsg behavior
    - LP: #1267081
    - CVE-2013-7266
  * fsnotify: pass a file instead of an inode to open, read, and write
    - LP: #1097680
    - CVE-2013-0160
  * vfs: introduce FMODE_NONOTIFY
    - LP: #1097680
    - CVE-2013-0160
  * fanotify: FMODE_NONOTIFY and __O_SYNC in sparc conflict
    - LP: #1097680
    - CVE-2013-0160
  * TTY: do not update atime/mtime on read/write
    - LP: #1097680
    - CVE-2013-0160
  * TTY: fix atime/mtime regression
    - LP: #1097680
    - CVE-2013-0160
  * tty: fix up atime/mtime mess, take three
    - LP: #1097680
    - CVE-2013-0160
  * farsync: fix info leak in ioctl
    - LP: #1271442
    - CVE-2014-1444
  * wanxl: fix info leak in ioctl
    - LP: #1271444
    - CVE-2014-1445
  * hamradio/yam: fix info leak in ioctl
    - LP: #1271445
    - CVE-2014-1446
  * SELinux: Fix kernel BUG on empty security contexts.
    - CVE-2014-1874
  * exec/ptrace: fix get_dumpable() incorrect tests
    - LP: #1260610
    - CVE-2013-2929
 -- Stefan Bader <stefan.bader@xxxxxxxxxxxxx>   Wed, 19 Feb 2014 16:51:53 +0100

** Changed in: linux-ec2 (Ubuntu Lucid)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0160

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2929

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4587

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6367

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6380

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6382

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-7027

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-7266

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1444

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1446

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1874

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1271444

Title:
  CVE-2014-1445

Status in “linux” package in Ubuntu:
  Invalid
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  New
Status in “linux-lts-backport-natty” package in Ubuntu:
  New
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  Fix Committed
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  Fix Released
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  New
Status in “linux-lts-backport-natty” source package in Lucid:
  New
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-lts-saucy” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Fix Committed
Status in “linux-armadaxp” source package in Precise:
  Fix Released
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  New
Status in “linux-lts-backport-natty” source package in Precise:
  New
Status in “linux-lts-quantal” source package in Precise:
  Fix Committed
Status in “linux-lts-raring” source package in Precise:
  Fix Committed
Status in “linux-lts-saucy” source package in Precise:
  Fix Committed
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  Fix Committed
Status in “linux” source package in Quantal:
  Fix Committed
Status in “linux-armadaxp” source package in Quantal:
  Fix Released
Status in “linux-ec2” source package in Quantal:
  Invalid
Status in “linux-fsl-imx51” source package in Quantal:
  Invalid
Status in “linux-lts-backport-maverick” source package in Quantal:
  New
Status in “linux-lts-backport-natty” source package in Quantal:
  New
Status in “linux-lts-quantal” source package in Quantal:
  Invalid
Status in “linux-lts-raring” source package in Quantal:
  Invalid
Status in “linux-lts-saucy” source package in Quantal:
  Invalid
Status in “linux-mvl-dove” source package in Quantal:
  Invalid
Status in “linux-ti-omap4” source package in Quantal:
  Fix Committed
Status in “linux-lts-backport-maverick” source package in Raring:
  New
Status in “linux-lts-backport-natty” source package in Raring:
  New
Status in “linux” source package in Saucy:
  Fix Committed
Status in “linux-armadaxp” source package in Saucy:
  Invalid
Status in “linux-ec2” source package in Saucy:
  Invalid
Status in “linux-fsl-imx51” source package in Saucy:
  Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
  New
Status in “linux-lts-backport-natty” source package in Saucy:
  New
Status in “linux-lts-quantal” source package in Saucy:
  Invalid
Status in “linux-lts-raring” source package in Saucy:
  Invalid
Status in “linux-lts-saucy” source package in Saucy:
  Invalid
Status in “linux-mvl-dove” source package in Saucy:
  Invalid
Status in “linux-ti-omap4” source package in Saucy:
  Fix Committed
Status in “linux” source package in Trusty:
  Invalid
Status in “linux-armadaxp” source package in Trusty:
  Invalid
Status in “linux-ec2” source package in Trusty:
  Invalid
Status in “linux-fsl-imx51” source package in Trusty:
  Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
  New
Status in “linux-lts-backport-natty” source package in Trusty:
  New
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid
Status in “linux-mvl-dove” source package in Trusty:
  Invalid
Status in “linux-ti-omap4” source package in Trusty:
  Invalid

Bug description:
  The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux
  kernel before 3.11.7 does not properly initialize a certain data
  structure, which allows local users to obtain sensitive information
  from kernel memory via an ioctl call.

  Break-Fix: - 2b13d06c9584b4eb773f1e80bbaedab9a1c344e1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1271444/+subscriptions


References