kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #47905
[Bug 1271442] Re: CVE-2014-1444
This bug was fixed in the package linux-ec2 - 2.6.32-362.75
---------------
linux-ec2 (2.6.32-362.75) lucid-proposed; urgency=low
[ Stefan Bader ]
* Rebased to Ubuntu-2.6.32-57.119
* Release Tracking Bug
- LP: #1281942
[ Ubuntu: 2.6.32-57.119 ]
* ubuntu: AUFS: fsnotify_open() now receives a file
- LP: #1097680
- CVE-2013-0160
* KVM: Improve create VCPU parameter (CVE-2013-4587)
- LP: #1261564
- CVE-2013-4587
* KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
- LP: #1261566
- CVE-2013-6367
* xfs: underflow bug in xfs_attrlist_by_handle()
- LP: #1256091
- CVE-2013-6382
* aacraid: prevent invalid pointer dereference
- LP: #1256083
- CVE-2013-6380
* wireless: radiotap: fix parsing buffer overrun
- LP: #1260622
- CVE-2013-7027
* net: rework recvmsg handler msg_name and msg_namelen logic
- LP: #1267081
- CVE-2013-7266
* net: rose: restore old recvmsg behavior
- LP: #1267081
- CVE-2013-7266
* fsnotify: pass a file instead of an inode to open, read, and write
- LP: #1097680
- CVE-2013-0160
* vfs: introduce FMODE_NONOTIFY
- LP: #1097680
- CVE-2013-0160
* fanotify: FMODE_NONOTIFY and __O_SYNC in sparc conflict
- LP: #1097680
- CVE-2013-0160
* TTY: do not update atime/mtime on read/write
- LP: #1097680
- CVE-2013-0160
* TTY: fix atime/mtime regression
- LP: #1097680
- CVE-2013-0160
* tty: fix up atime/mtime mess, take three
- LP: #1097680
- CVE-2013-0160
* farsync: fix info leak in ioctl
- LP: #1271442
- CVE-2014-1444
* wanxl: fix info leak in ioctl
- LP: #1271444
- CVE-2014-1445
* hamradio/yam: fix info leak in ioctl
- LP: #1271445
- CVE-2014-1446
* SELinux: Fix kernel BUG on empty security contexts.
- CVE-2014-1874
* exec/ptrace: fix get_dumpable() incorrect tests
- LP: #1260610
- CVE-2013-2929
-- Stefan Bader <stefan.bader@xxxxxxxxxxxxx> Wed, 19 Feb 2014 16:51:53 +0100
** Changed in: linux-ec2 (Ubuntu Lucid)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0160
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2929
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4587
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6367
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6380
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6382
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-7027
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-7266
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1445
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1446
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1874
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1271442
Title:
CVE-2014-1444
Status in “linux” package in Ubuntu:
Invalid
Status in “linux-armadaxp” package in Ubuntu:
Invalid
Status in “linux-ec2” package in Ubuntu:
Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
New
Status in “linux-lts-backport-natty” package in Ubuntu:
New
Status in “linux-lts-quantal” package in Ubuntu:
Invalid
Status in “linux-lts-raring” package in Ubuntu:
Invalid
Status in “linux-lts-saucy” package in Ubuntu:
Invalid
Status in “linux-mvl-dove” package in Ubuntu:
Invalid
Status in “linux-ti-omap4” package in Ubuntu:
Invalid
Status in “linux” source package in Lucid:
Fix Committed
Status in “linux-armadaxp” source package in Lucid:
Invalid
Status in “linux-ec2” source package in Lucid:
Fix Released
Status in “linux-fsl-imx51” source package in Lucid:
Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
New
Status in “linux-lts-backport-natty” source package in Lucid:
New
Status in “linux-lts-quantal” source package in Lucid:
Invalid
Status in “linux-lts-raring” source package in Lucid:
Invalid
Status in “linux-lts-saucy” source package in Lucid:
Invalid
Status in “linux-mvl-dove” source package in Lucid:
Invalid
Status in “linux-ti-omap4” source package in Lucid:
Invalid
Status in “linux” source package in Precise:
Fix Committed
Status in “linux-armadaxp” source package in Precise:
Fix Released
Status in “linux-ec2” source package in Precise:
Invalid
Status in “linux-fsl-imx51” source package in Precise:
Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
New
Status in “linux-lts-backport-natty” source package in Precise:
New
Status in “linux-lts-quantal” source package in Precise:
Fix Committed
Status in “linux-lts-raring” source package in Precise:
Fix Committed
Status in “linux-lts-saucy” source package in Precise:
Fix Committed
Status in “linux-mvl-dove” source package in Precise:
Invalid
Status in “linux-ti-omap4” source package in Precise:
Fix Committed
Status in “linux” source package in Quantal:
Fix Committed
Status in “linux-armadaxp” source package in Quantal:
Fix Released
Status in “linux-ec2” source package in Quantal:
Invalid
Status in “linux-fsl-imx51” source package in Quantal:
Invalid
Status in “linux-lts-backport-maverick” source package in Quantal:
New
Status in “linux-lts-backport-natty” source package in Quantal:
New
Status in “linux-lts-quantal” source package in Quantal:
Invalid
Status in “linux-lts-raring” source package in Quantal:
Invalid
Status in “linux-lts-saucy” source package in Quantal:
Invalid
Status in “linux-mvl-dove” source package in Quantal:
Invalid
Status in “linux-ti-omap4” source package in Quantal:
Fix Committed
Status in “linux-lts-backport-maverick” source package in Raring:
New
Status in “linux-lts-backport-natty” source package in Raring:
New
Status in “linux” source package in Saucy:
Fix Committed
Status in “linux-armadaxp” source package in Saucy:
Invalid
Status in “linux-ec2” source package in Saucy:
Invalid
Status in “linux-fsl-imx51” source package in Saucy:
Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
New
Status in “linux-lts-backport-natty” source package in Saucy:
New
Status in “linux-lts-quantal” source package in Saucy:
Invalid
Status in “linux-lts-raring” source package in Saucy:
Invalid
Status in “linux-lts-saucy” source package in Saucy:
Invalid
Status in “linux-mvl-dove” source package in Saucy:
Invalid
Status in “linux-ti-omap4” source package in Saucy:
Fix Committed
Status in “linux” source package in Trusty:
Invalid
Status in “linux-armadaxp” source package in Trusty:
Invalid
Status in “linux-ec2” source package in Trusty:
Invalid
Status in “linux-fsl-imx51” source package in Trusty:
Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
New
Status in “linux-lts-backport-natty” source package in Trusty:
New
Status in “linux-lts-quantal” source package in Trusty:
Invalid
Status in “linux-lts-raring” source package in Trusty:
Invalid
Status in “linux-lts-saucy” source package in Trusty:
Invalid
Status in “linux-mvl-dove” source package in Trusty:
Invalid
Status in “linux-ti-omap4” source package in Trusty:
Invalid
Bug description:
The fst_get_iface function in drivers/net/wan/farsync.c in the Linux
kernel before 3.11.7 does not properly initialize a certain data
structure, which allows local users to obtain sensitive information
from kernel memory by leveraging the CAP_NET_ADMIN capability for an
SIOCWANDEV ioctl call.
Break-Fix: - 96b340406724d87e4621284ebac5e059d67b2194
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1271442/+subscriptions
References