← Back to team overview

kernel-packages team mailing list archive

[Bug 1256083] Re: CVE-2013-6380

 

This bug was fixed in the package linux-lts-raring -
3.8.0-37.53~precise1

---------------
linux-lts-raring (3.8.0-37.53~precise1) precise; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1282210

  [ Upstream Kernel Changes ]

  * Revert "of/address: Handle #address-cells > 2 specially"
    - LP: #1278969
  * ath9k_htc: properly set MAC address and BSSID mask
    - LP: #1252422
    - CVE-2013-4579
  * aacraid: prevent invalid pointer dereference
    - LP: #1256083
    - CVE-2013-6380
  * net: clamp ->msg_namelen instead of returning an error
    - LP: #1269053
  * mmc: sdhci-pci: break out definitions to header file
    - LP: #1239938
  * mmc: sdhci-pci: add support of O2Micro/BayHubTech SD hosts
    - LP: #1239938
  * SELinux: Fix kernel BUG on empty security contexts.
    - CVE-2014-1874
  * xfs: add capability check to free eofblocks ioctl
    - LP: #1278969
  * staging: vt6656: [BUG] Fix for TX USB resets from vendors driver.
    - LP: #1278969
  * net: Fix "ip rule delete table 256"
    - LP: #1278969
  * ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
    - LP: #1278969
  * random32: fix off-by-one in seeding requirement
    - LP: #1278969
  * bonding: don't permit to use ARP monitoring in 802.3ad mode
    - LP: #1278969
  * usbnet: fix status interrupt urb handling
    - LP: #1278969
  * 6lowpan: Uncompression of traffic class field was incorrect
    - LP: #1278969
  * tuntap: limit head length of skb allocated
    - LP: #1278969
  * macvtap: limit head length of skb allocated
    - LP: #1278969
  * tcp: tsq: restore minimal amount of queueing
    - LP: #1278969
  * bonding: fix two race conditions in bond_store_updelay/downdelay
    - LP: #1278969
  * net-tcp: fix panic in tcp_fastopen_cache_set()
    - LP: #1278969
  * isdnloop: use strlcpy() instead of strcpy()
    - LP: #1278969
  * connector: improved unaligned access error fix
    - LP: #1278969
  * ipv4: fix possible seqlock deadlock
    - LP: #1278969
  * inet: prevent leakage of uninitialized memory to user in recv syscalls
    - LP: #1278969
  * net: rework recvmsg handler msg_name and msg_namelen logic
    - LP: #1278969
  * net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
    sockaddr_storage)
    - LP: #1278969
  * inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
    functions
    - LP: #1278969
  * ipv6: fix leaking uninitialized port number of offender sockaddr
    - LP: #1278969
  * ip6_output: fragment outgoing reassembled skb properly
    - LP: #1278969
  * xfrm: Release dst if this dst is improper for vti tunnel
    - LP: #1278969
  * atm: idt77252: fix dev refcnt leak
    - LP: #1278969
  * tcp: don't update snd_nxt, when a socket is switched from repair mode
    - LP: #1278969
  * ipv4: fix race in concurrent ip_route_input_slow()
    - LP: #1278969
  * net: core: Always propagate flag changes to interfaces
    - LP: #1278969
  * bridge: flush br's address entry in fdb when remove the bridge dev
    - LP: #1278969
  * packet: fix use after free race in send path when dev is released
    - LP: #1278969
  * af_packet: block BH in prb_shutdown_retire_blk_timer()
    - LP: #1278969
  * r8169: check ALDPS bit and disable it if enabled for the 8168g
    - LP: #1278969
  * net: 8139cp: fix a BUG_ON triggered by wrong bytes_compl
    - LP: #1278969
  * net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
    - LP: #1278969
  * inet: fix possible seqlock deadlocks
    - LP: #1278969
  * ipv6: fix possible seqlock deadlock in ip6_finish_output2
    - LP: #1278969
  * {pktgen, xfrm} Update IPv4 header total len and checksum after
    tranformation
    - LP: #1278969
  * crypto: s390 - Fix aes-cbc IV corruption
    - LP: #1278969
  * ahci: sata: add support for exynos5440 sata
    - LP: #1278969
  * ahci: add Marvell 9230 to the AHCI PCI device list
    - LP: #1278969
  * powerpc/signals: Improved mark VSX not saved with small contexts fix
    - LP: #1278969
  * gpio: mvebu: make mvchip->irqbase signed for error handling
    - LP: #1278969
  * staging: zsmalloc: Ensure handle is never 0 on success
    - LP: #1278969
  * ALSA: hda/realtek - Add support of ALC231 codec
    - LP: #1278969
  * ALSA: hda/realtek - Set pcbeep amp for ALC668
    - LP: #1278969
  * tracing: Allow events to have NULL strings
    - LP: #1278969
  * Staging: tidspbridge: disable driver
    - LP: #1278969
  * cpuset: Fix memory allocator deadlock
    - LP: #1278969
  * ALSA: hda - Initialize missing bass speaker pin for ASUS AIO ET2700
    - LP: #1278969
  * NFSv4 wait on recovery for async session errors
    - LP: #1278969
  * sched: Avoid throttle_cfs_rq() racing with period_timer stopping
    - LP: #1278969
  * staging: comedi: ssv_dnp: use comedi_dio_update_state()
    - LP: #1278969
  * staging: comedi: amplc_pc263: correct insn_bits result
    - LP: #1278969
  * staging: comedi: pcmuio: fix possible NULL deref on detach
    - LP: #1278969
  * [media] cxd2820r_core: fix sparse warnings
    - LP: #1278969
  * xen-netback: fix refcnt unbalance for 3.11 and earlier versions
    - LP: #1278969
  * mm/hugetlb: check for pte NULL pointer in __page_check_address()
    - LP: #1278969
  * NFSv4: Update list of irrecoverable errors on DELEGRETURN
    - LP: #1278969
  * Update of blkg_stat and blkg_rwstat may happen in bh context.
    - LP: #1278969
  * time: Fix 1ns/tick drift w/ GENERIC_TIME_VSYSCALL_OLD
    - LP: #1278969
  * ASoC: wm8990: Mark the register map as dirty when powering down
    - LP: #1278969
  * ARM: mvebu: use the virtual CPU registers to access coherency registers
    - LP: #1278969
  * can: sja1000: fix {pre,post}_irq() handling and IRQ handler return
    value
    - LP: #1278969
  * can: c_can: don't call pm_runtime_get_sync() from interrupt context
    - LP: #1278969
  * irq: Enable all irqs unconditionally in irq_resume
    - LP: #1278969
  * can: flexcan: use correct clock as base for bit rate calculation
    - LP: #1278969
  * xen/gnttab: leave lazy MMU mode in the case of a m2p override failure
    - LP: #1278969
  * ARM: OMAP2+: Disable POSTED mode for errata i103 and i767
    - LP: #1278969
  * [SCSI] libsas: fix usage of ata_tf_to_fis
    - LP: #1278969
  * crypto: authenc - Find proper IV address in ablkcipher callback
    - LP: #1278969
  * crypto: scatterwalk - Set the chain pointer indication bit
    - LP: #1278969
  * crypto: s390 - Fix aes-xts parameter corruption
    - LP: #1278969
  * crypto: ccm - Fix handling of zero plaintext when computing mac
    - LP: #1278969
  * [SCSI] Disable WRITE SAME for RAID and virtual host adapter drivers
    - LP: #1278969
  * efi-pstore: Make efi-pstore return a unique id
    - LP: #1278969
  * ALSA: hda - Fix silent output on ASUS W7J laptop
    - LP: #1278969
  * net: smc91: fix crash regression on the versatile
    - LP: #1278969
  * ARM: fix booting low-vectors machines
    - LP: #1278969
  * ARM: footbridge: fix VGA initialisation
    - LP: #1278969
  * [SCSI] hpsa: do not discard scsi status on aborted commands
    - LP: #1278969
  * ARM: footbridge: fix EBSA285 LEDs
    - LP: #1278969
  * [SCSI] hpsa: return 0 from driver probe function on success, not 1
    - LP: #1278969
  * ALSA: hda - Another fixup for ASUS laptop with ALC660 codec
    - LP: #1278969
  * [SCSI] enclosure: fix WARN_ON in dual path device removing
    - LP: #1278969
  * powerpc/gpio: Fix the wrong GPIO input data on MPC8572/MPC8536
    - LP: #1278969
  * [SCSI] bfa: Fix crash when symb name set for offline vport
    - LP: #1278969
  * ASoC: wm8731: fix dsp mode configuration
    - LP: #1278969
  * cpuidle: Check for dev before deregistering it.
    - LP: #1278969
  * x86-64, build: Always pass in -mno-sse
    - LP: #1278969
  * crypto: scatterwalk - Use sg_chain_ptr on chain entries
    - LP: #1278969
  * Linux 3.8.13.15
    - LP: #1278969
  * selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()
    - LP: #1278969
  * selinux: look for IPsec labels on both inbound and outbound packets
    - LP: #1278969
  * selinux: process labeled IPsec TCP SYN-ACK packets properly in
    selinux_ip_postroute()
    - LP: #1278969
  * dm delay: fix a possible deadlock due to shared workqueue
    - LP: #1278969
  * mac80211: fix scheduled scan rtnl deadlock
    - LP: #1278969
  * mac80211: don't attempt to reorder multicast frames
    - LP: #1278969
  * usb: gadget: composite: reset delayed_status on reset_config
    - LP: #1278969
  * usb: musb: only cancel work if it is initialized
    - LP: #1278969
  * usb: dwc3: fix implementation of endpoint wedge
    - LP: #1278969
  * [media] af9035: add ID [0ccd:00aa] TerraTec Cinergy T Stick (rev. 2)
    - LP: #1278969
  * [media] af9035: [0ccd:0099] TerraTec Cinergy T Stick Dual RC (rev. 2)
    - LP: #1278969
  * [media] af9035: add [0413:6a05] Leadtek WinFast DTV Dongle Dual
    - LP: #1278969
  * [media] saa7164: fix return value check in saa7164_initdev()
    - LP: #1278969
  * ath9k: Fix QuickDrop usage
    - LP: #1278969
  * ath9k: Fix XLNA bias strength
    - LP: #1278969
  * USB: serial: option: blacklist interface 1 for Huawei E173s-6
    - LP: #1278969
  * USB: option: support new huawei devices
    - LP: #1278969
  * USB: spcp8x5: correct handling of CS5 setting
    - LP: #1278969
  * USB: mos7840: correct handling of CS5 setting
    - LP: #1278969
  * USB: ftdi_sio: fixed handling of unsupported CSIZE setting
    - LP: #1278969
  * USB: pl2303: fixed handling of CS5 setting
    - LP: #1278969
  * USB: cdc-acm: Added support for the Lenovo RD02-D400 USB Modem
    - LP: #1278969
  * drm/radeon: fixup bad vram size on SI
    - LP: #1278969
  * drm/radeon/atom: fix bus probes when hw_i2c is set (v2)
    - LP: #1278969
  * usb: hub: Use correct reset for wedged USB3 devices that are
    NOTATTACHED
    - LP: #1278969
  * drivers/char/i8k.c: add Dell XPLS L421X
    - LP: #1278969
  * PCI: Disable Bus Master only on kexec reboot
    - LP: #1278969
  * ARM: 7912/1: check stack pointer in get_wchan
    - LP: #1278969
  * ARM: 7913/1: fix framepointer check in unwind_frame
    - LP: #1278969
  * x86, build: Pass in additional -mno-mmx, -mno-sse options
    - LP: #1278969
  * ALSA: memalloc.h - fix wrong truncation of dma_addr_t
    - LP: #1278969
  * ALSA: compress: Fix 64bit ABI incompatibility
    - LP: #1278969
  * dm snapshot: avoid snapshot space leak on crash
    - LP: #1278969
  * dm table: fail dm_table_create on dm_round_up overflow
    - LP: #1278969
  * dm thin: switch to read only mode if a mapping insert fails
    - LP: #1278969
  * dm thin: switch to read-only mode if metadata space is exhausted
    - LP: #1278969
  * dm thin: always fallback the pool mode if commit fails
    - LP: #1278969
  * dm thin: re-establish read-only state when switching to fail mode
    - LP: #1278969
  * dm thin: allow pool in read-only mode to transition to read-write mode
    - LP: #1278969
  * x86, build, icc: Remove uninitialized_var() from compiler-intel.h
    - LP: #1278969
  * x86, efi: Don't use (U)EFI time services on 32 bit
    - LP: #1278969
  * dm bufio: initialize read-only module parameters
    - LP: #1278969
  * ALSA: hda - hdmi: Fix IEC958 ctl indexes for some simple HDMI devices
    - LP: #1278969
  * ARM: pxa: tosa: fix keys mapping
    - LP: #1278969
  * ARM: pxa: prevent PXA270 occasional reboot freezes
    - LP: #1278969
  * hwmon: (w83l786ng) Fix fan speed control mode setting and reporting
    - LP: #1278969
  * hwmon: (w83l768ng) Fix fan speed control range
    - LP: #1278969
  * hwmon: Prevent some divide by zeros in FAN_TO_REG()
    - LP: #1278969
  * Btrfs: fix access_ok() check in btrfs_ioctl_send()
    - LP: #1278969
  * futex: fix handling of read-only-mapped hugepages
    - LP: #1278969
  * KVM: Improve create VCPU parameter (CVE-2013-4587)
    - LP: #1278969
  * KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
    - LP: #1278969
  * KVM: x86: Convert vapic synchronization to _cached functions
    (CVE-2013-6368)
    - LP: #1278969
  * KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376)
    - LP: #1278969
  * selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()
    - LP: #1278969
  * drivers/rtc/rtc-at91rm9200.c: correct alarm over day/month wrap
    - LP: #1278969
  * mm: memcg: fix race condition between memcg teardown and swapin
    - LP: #1278969
  * powerpc: kvm: fix rare but potential deadlock scene
    - LP: #1278969
  * drm/i915: Do not clobber config status after a forced restore of hw
    state
    - LP: #1278969
  * drm/i915: Hold mutex across i915_gem_release
    - LP: #1278969
  * ASoC: tegra: fix uninitialized variables in set_fmt
    - LP: #1278969
  * usb: cdc-wdm: manage_power should always set needs_remote_wakeup
    - LP: #1278969
  * usb: serial: zte_ev: move support for ZTE AC2726 from zte_ev back to
    option
    - LP: #1278969
  * xhci: Limit the spurious wakeup fix only to HP machines
    - LP: #1278969
  * drm/i915: don't update the dri1 breadcrumb with modesetting
    - LP: #1278969
  * iscsi-target: Fix-up all zero data-length CDBs with R/W_BIT set
    - LP: #1278969
  * qla2xxx: Fix schedule_delayed_work() for target timeout calculations
    - LP: #1278969
  * drm/radeon: Fix sideport problems on certain RS690 boards
    - LP: #1278969
  * ALSA: hda - Add enable_msi=0 workaround for four HP machines
    - LP: #1260225, #1278969
  * gpio: msm: Fix irq mask/unmask by writing bits instead of numbers
    - LP: #1278969
  * firewire: sbp2: bring back WRITE SAME support
    - LP: #1278969
  * ftrace: Initialize the ftrace profiler for each possible cpu
    - LP: #1278969
  * drm/edid: add quirk for BPC in Samsung NP700G7A-S01PL notebook
    - LP: #1278969
  * ASoC: wm5110: Correct HPOUT3 DAPM route typo
    - LP: #1278969
  * sched/rt: Fix rq's cpupri leak while enqueue/dequeue child RT entities
    - LP: #1278969
  * xfs: fix infinite loop by detaching the group/project hints from user
    dquot
    - LP: #1278969
  * ALSA: Add SNDRV_PCM_STATE_PAUSED case in wait_for_avail function
    - LP: #1278969
  * cpupower: Fix segfault due to incorrect getopt_long arugments
    - LP: #1278969
  * iio:adc:ad7887 Fix channel reported endianness from cpu to big endian
    - LP: #1278969
  * ASoC: wm_adsp: Add small delay while polling DSP RAM start
    - LP: #1278969
  * ASoC: wm8904: fix DSP mode B configuration
    - LP: #1278969
  * net_dma: mark broken
    - LP: #1278969
  * mm: numa: serialise parallel get_user_page against THP migration
    - LP: #1278969
  * mm: numa: call MMU notifiers on THP migration
    - LP: #1278969
  * mm: clear pmd_numa before invalidating
    - LP: #1278969
  * mm: numa: do not clear PMD during PTE update scan
    - LP: #1278969
  * mm: numa: do not clear PTE for pte_numa update
    - LP: #1278969
  * mm: numa: ensure anon_vma is locked to prevent parallel THP splits
    - LP: #1278969
  * mm: numa: avoid unnecessary work on the failure path
    - LP: #1278969
  * sched: numa: skip inaccessible VMAs
    - LP: #1278969
  * mm: numa: clear numa hinting information on mprotect
    - LP: #1278969
  * mm: numa: avoid unnecessary disruption of NUMA hinting during migration
    - LP: #1278969
  * mm: fix TLB flush race between migration, and change_protection_range
    - LP: #1278969
  * mm: numa: defer TLB flush for THP migration as long as possible
    - LP: #1278969
  * mm/compaction: respect ignore_skip_hint in update_pageblock_skip
    - LP: #1278969
  * target/file: Update hw_max_sectors based on current block_size
    - LP: #1278969
  * arm64: ptrace: avoid using HW_BREAKPOINT_EMPTY for disabled events
    - LP: #1278969
  * libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus
    SpinPoint M8
    - LP: #1278969
  * ext4: call ext4_error_inode() if jbd2_journal_dirty_metadata() fails
    - LP: #1278969
  * ext4: fix use-after-free in ext4_mb_new_blocks
    - LP: #1278969
  * ext4: check for overlapping extents in ext4_valid_extent_entries()
    - LP: #1278969
  * ext2: Fix oops in ext2_get_block() called from ext2_quota_write()
    - LP: #1278969
  * ext4: fix del_timer() misuse for ->s_err_report
    - LP: #1278969
  * scripts/link-vmlinux.sh: only filter kernel symbols for arm
    - LP: #1278969
  * drm/i915: Use the correct GMCH_CTRL register for Sandybridge+
    - LP: #1278969
  * ext4: fix deadlock when writing in ENOSPC conditions
    - LP: #1278969
  * libata, freezer: avoid block device removal while system is frozen
    - LP: #1278969
  * drm/radeon: fix asic gfx values for scrapper asics
    - LP: #1278969
  * selinux: fix broken peer recv check
    - LP: #1278969
  * selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()
    - LP: #1278969
  * auxvec.h: account for AT_HWCAP2 in AT_VECTOR_SIZE_BASE
    - LP: #1278969
  * radiotap: fix bitmap-end-finding buffer overrun
    - LP: #1278969
  * rtlwifi: pci: Fix oops on driver unload
    - LP: #1278969
  * ath9k: Fix interrupt handling for the AR9002 family
    - LP: #1278969
  * dm9601: fix reception of full size ethernet frames on dm9620/dm9621a
    - LP: #1278969
  * dm9601: work around tx fifo sync issue on dm962x
    - LP: #1278969
  * drm/radeon: 0x9649 is SUMO2 not SUMO
    - LP: #1278969
  * drm/radeon: fix render backend setup for SI and CIK
    - LP: #1278969
  * drm/radeon: expose render backend mask to the userspace
    - LP: #1278969
  * tg3: Expand 4g_overflow_test workaround to skb fragments of any size.
    - LP: #1278969
  * powerpc: Fix bad stack check in exception entry
    - LP: #1278969
  * KVM: x86: Fix APIC map calculation after re-enabling
    - LP: #1278969
  * x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround
    - LP: #1278969
  * mfd: rtsx_pcr: Disable interrupts before cancelling delayed works
    - LP: #1278969
  * mac80211: move "bufferable MMPDU" check to fix AP mode scan
    - LP: #1278969
  * ARM: fix footbridge clockevent device
    - LP: #1278969
  * ahci: add PCI ID for Marvell 88SE9170 SATA controller
    - LP: #1278969
  * ARM: fix "bad mode in ... handler" message for undefined instructions
    - LP: #1278969
  * ACPI / TPM: fix memory leak when walking ACPI namespace
    - LP: #1278969
  * ACPI / Battery: Add a _BIX quirk for NEC LZ750/LS
    - LP: #1278969
  * drm/nouveau/bios: make jump conditional
    - LP: #1278969
  * clk: clk-divider: fix divisor > 255 bug
    - LP: #1278969
  * SELinux: Fix possible NULL pointer dereference in
    selinux_inode_permission()
    - LP: #1278969
  * IPv6: Fixed support for blackhole and prohibit routes
    - LP: #1278969
  * net: do not pretend FRAGLIST support
    - LP: #1278969
  * rds: prevent BUG_ON triggered on congestion update to loopback
    - LP: #1278969
  * macvtap: Do not double-count received packets
    - LP: #1278969
  * macvtap: update file current position
    - LP: #1278969
  * tun: update file current position
    - LP: #1278969
  * macvtap: signal truncated packets
    - LP: #1278969
  * virtio: delete napi structures from netdev before releasing memory
    - LP: #1278969
  * packet: fix send path when running with proto == 0
    - LP: #1278969
  * ipv6: don't count addrconf generated routes against gc limit
    - LP: #1278969
  * net: drop_monitor: fix the value of maxattr
    - LP: #1278969
  * net: unix: allow set_peek_off to fail
    - LP: #1278969
  * tg3: Initialize REG_BASE_ADDR at PCI config offset 120 to 0
    - LP: #1278969
  * netvsc: don't flush peers notifying work during setting mtu
    - LP: #1278969
  * net: unix: allow bind to fail on mutex lock
    - LP: #1278969
  * net: inet_diag: zero out uninitialized idiag_{src,dst} fields
    - LP: #1278969
  * drivers/net/hamradio: Integer overflow in hdlcdrv_ioctl()
    - LP: #1278969
  * hamradio/yam: fix info leak in ioctl
    - LP: #1278969
  * ipv6: always set the new created dst's from in ip6_rt_copy
    - LP: #1278969
  * rds: prevent dereference of a NULL device
    - LP: #1278969
  * net: rose: restore old recvmsg behavior
    - LP: #1278969
  * vlan: Fix header ops passthru when doing TX VLAN offload.
    - LP: #1278969
  * virtio_net: fix error handling for mergeable buffers
    - LP: #1278969
  * virtio-net: make all RX paths handle errors consistently
    - LP: #1278969
  * virtio_net: don't leak memory or block when too many frags
    - LP: #1278969
  * virtio-net: fix refill races during restore
    - LP: #1278969
  * net: llc: fix use after free in llc_ui_recvmsg
    - LP: #1278969
  * netpoll: Fix missing TXQ unlock and and OOPS.
    - LP: #1278969
  * bridge: use spin_lock_bh() in br_multicast_set_hash_max
    - LP: #1278969
  * Linux 3.8.13.16
    - LP: #1278969
  * vfs: In d_path don't call d_dname on a mount point
    - LP: #1278969
  * writeback: Fix data corruption on NFS
    - LP: #1278969
  * drm/i915: fix DDI PLLs HW state readout code
    - LP: #1278969
  * ftrace/x86: Load ftrace_ops in parameter not the variable holding it
    - LP: #1278969
  * md/raid5: Fix possible confusion when multiple write errors occur.
    - LP: #1278969
  * md/raid10: fix two bugs in handling of known-bad-blocks.
    - LP: #1278969
  * md/raid10: fix bug when raid10 recovery fails to recover a block.
    - LP: #1278969
  * hwmon: (coretemp) Fix truncated name of alarm attributes
    - LP: #1278969
  * nilfs2: fix segctor bug that causes file system corruption
    - LP: #1278969
  * perf/x86/amd/ibs: Fix waking up from S3 for AMD family 10h
    - LP: #1278969
  * net: rds: fix per-cpu helper usage
    - LP: #1278969
  * staging: comedi: 8255_pci: fix for newer PCI-DIO48H
    - LP: #1278969
  * staging: comedi: addi_apci_1032: fix subdevice type/flags bug
    - LP: #1278969
  * Linux 3.8.13.17
    - LP: #1278969
  * KVM: s390: kvm/sigp.c: fix memory leakage
    - LP: #1282144
  * KVM: s390: Always store status during SIGP STOP_AND_STORE_STATUS
    - LP: #1282144
  * KVM: s390: fix diagnose code extraction
    - LP: #1282144
  * rtlwifi: rtl8192cu: Fix W=1 build warning
    - LP: #1282144
  * rtlwifi: rtl8192cu: Add new firmware
    - LP: #1282144
  * rtlwifi: Set the link state
    - LP: #1282144
  * rtlwifi: rtl8192cu: Fix duplicate if test
    - LP: #1282144
  * rtlwifi: rtl8192cu: Fix some code in RF handling
    - LP: #1282144
  * NFSv4: OPEN must handle the NFS4ERR_IO return code correctly
    - LP: #1282144
  * parport: parport_pc: remove double PCI ID for NetMos
    - LP: #1282144
  * staging: vt6656: [BUG] BBvUpdatePreEDThreshold Always set sensitivity
    on bScanning
    - LP: #1282144
  * [SCSI] bfa: Chinook quad port 16G FC HBA claim issue
    - LP: #1282144
  * usb: option: add new zte 3g modem pids to option driver
    - LP: #1282144
  * [media] dib8000: make 32 bits read atomic
    - LP: #1282144
  * serial: add support for 200 v3 series Titan card
    - LP: #1282144
  * usb: xhci: Check for XHCI_PLAT in xhci_cleanup_msix()
    - LP: #1282144
  * [media] anysee: fix non-working E30 Combo Plus DVB-T
    - LP: #1282144
  * x86/efi: Fix off-by-one bug in EFI Boot Services reservation
    - LP: #1282144
  * perf kvm: Fix kvm report without guestmount.
    - LP: #1282144
  * rtc-cmos: Add an alarm disable quirk
    - LP: #1282144
  * slub: Fix calculation of cpu slabs
    - LP: #1282144
  * mtd: mxc_nand: remove duplicated ecc_stats counting
    - LP: #1282144
  * xen/pvhvm: If xen_platform_pci=0 is set don't blow up (v4).
    - LP: #1282144
  * USB: pl2303: fix data corruption on termios updates
    - LP: #1282144
  * USB: serial: add support for iBall 3.5G connect usb modem
    - LP: #1282144
  * USB: Nokia 502 is an unusual device
    - LP: #1282144
  * USB: cypress_m8: fix ring-indicator detection and reporting
    - LP: #1282144
  * ALSA: rme9652: fix a missing comma in channel_map_9636_ds[]
    - LP: #1282144
  * SUNRPC: don't map EKEYEXPIRED to EACCES in call_refreshresult
    - LP: #1282144
  * sunrpc: Fix infinite loop in RPC state machine
    - LP: #1282144
  * tpm/tpm_ppi: Do not compare strcmp(a,b) == -1
    - LP: #1282144
  * dm thin: initialize dm_thin_new_mapping returned by get_next_mapping
    - LP: #1282144
  * dm thin: fix discard support to a previously shared block
    - LP: #1282144
  * dm thin: fix set_pool_mode exposed pool operation races
    - LP: #1282144
  * SELinux: Fix memory leak upon loading policy
    - LP: #1282144
  * drm/radeon: warn users when hw_i2c is enabled (v2)
    - LP: #1282144
  * USB: fix race between hub_disconnect and recursively_mark_NOTATTACHED
    - LP: #1282144
  * ext4: avoid clearing beyond i_blocks when truncating an inline data
    file
    - LP: #1282144
  * USB: ftdi_sio: added CS5 quirk for broken smartcard readers
    - LP: #1282144
  * dm: wait until embedded kobject is released before destroying a device
    - LP: #1282144
  * dm space map common: make sure new space is used during extend
    - LP: #1282144
  * ASoC: adau1701: Fix ADAU1701_SEROCTL_WORD_LEN_16 constant
    - LP: #1282144
  * radeon/pm: Guard access to rdev->pm.power_state array
    - LP: #1282144
  * drm/radeon: skip colorbuffer checking if COLOR_INFO.FORMAT is set to
    INVALID
    - LP: #1282144
  * staging: r8712u: Set device type to wlan
    - LP: #1282144
  * ALSA: Enable CONFIG_ZONE_DMA for smaller PCI DMA masks
    - LP: #1282144
  * [media] media: s5p_mfc: remove s5p_mfc_get_node_type() function
    - LP: #1282144
  * mmc: atmel-mci: fix timeout errors in SDIO mode when using DMA
    - LP: #1282144
  * ftrace: Check module functions being traced on reload
    - LP: #1282144
  * ftrace: Fix function graph with loading of modules
    - LP: #1282144
  * ftrace: Use schedule_on_each_cpu() as a heavy synchronize_sched()
    - LP: #1282144
  * ftrace: Fix synchronization location disabling and freeing ftrace_ops
    - LP: #1282144
  * rtlwifi: rtl8192cu: Add new device ID
    - LP: #1282144
  * mwifiex: add missing endian conversion for fw_tsf
    - LP: #1282144
  * b43: Fix lockdep splat
    - LP: #1282144
  * b43: Fix unload oops if firmware is not available
    - LP: #1282144
  * b43legacy: Fix unload oops if firmware is not available
    - LP: #1282144
  * nfs4.1: properly handle ENOTSUP in SECINFO_NO_NAME
    - LP: #1282144
  * usb: ehci: add freescale imx28 special write register method
    - LP: #1282144
  * audit: reset audit backlog wait time after error recovery
    - LP: #1282144
  * audit: correct a type mismatch in audit_syscall_exit()
    - LP: #1282144
  * xtensa: xtfpga: fix definitions of platform devices
    - LP: #1282144
  * dm sysfs: fix a module unload race
    - LP: #1282144
  * KVM: x86: limit PIT timer frequency
    - LP: #1282144
  * ata: sata_mv: introduce compatible string "marvell, armada-370-sata"
    - LP: #1282144
  * ata: sata_mv: fix disk hotplug for Armada 370/XP SoCs
    - LP: #1282144
  * arm: mvebu: fix length of SATA registers area in .dtsi
    - LP: #1282144
  * ARM: mvebu: update the SATA compatible string for Armada 370/XP
    - LP: #1282144
  * md/raid5: fix long-standing problem with bitmap handling on write
    failure.
    - LP: #1282144
  * libata: disable LPM for some WD SATA-I devices
    - LP: #1282144
  * mmc: sdhci: fix lockdep error in tuning routine
    - LP: #1282144
  * turbostat: Don't put unprocessed uapi headers in the include path
    - LP: #1282144
  * turbostat: Use GCC's CPUID functions to support PIC
    - LP: #1282144
  * drm/radeon: disable ss on DP for DCE3.x
    - LP: #1282144
  * nfs4: fix discover_server_trunking use after free
    - LP: #1282144
  * drm/radeon: fix surface sync in fence on cayman (v2)
    - LP: #1282144
  * drm/radeon: set the full cache bit for fences on r7xx+
    - LP: #1282144
  * mfd: max77686: Fix regmap resource leak on driver remove
    - LP: #1282144
  * hp_accel: Add a new PnP ID HPQ6007 for new HP laptops
    - LP: #1282144
  * ASoC: wm5110: Extend SYSCLK patch file for rev D
    - LP: #1282144
  * intel-iommu: fix off-by-one in pagetable freeing
    - LP: #1282144
  * arch/sh/kernel/kgdb.c: add missing #include <linux/sched.h>
    - LP: #1282144
  * fuse: fix pipe_buf_operations
    - LP: #1282144
  * drm/cirrus: correct register values for 16bpp
    - LP: #1282144
  * IB/qib: Fix QP check when looping back to/from QP1
    - LP: #1282144
  * ore: Fix wrong math in allocation of per device BIO
    - LP: #1282144
  * drm/i915: VLV2 - Fix hotplug detect bits
    - LP: #1282144
  * b43: fix the wrong assignment of status.freq in b43_rx()
    - LP: #1282144
  * rtc: max8907: weekday encoding fixes
    - LP: #1282144
  * vfs: Is mounted should be testing mnt_ns for NULL or error.
    - LP: #1282144
  * Btrfs: handle EAGAIN case properly in btrfs_drop_snapshot()
    - LP: #1282144
  * btrfs: restrict snapshotting to own subvolumes
    - LP: #1282144
  * ACPI / init: Flag use of ACPI and ACPI idioms for power supplies to
    regulator API
    - LP: #1282144
  * drm/ast: do not attempt to acquire a reservation while in an interrupt
    handler
    - LP: #1282144
  * drm/cirrus: do not attempt to acquire a reservation while in an
    interrupt handler
    - LP: #1282144
  * drm/mgag200: do not attempt to acquire a reservation while in an
    interrupt handler
    - LP: #1282144
  * drm: ast,cirrus,mgag200: use drm_can_sleep
    - LP: #1282144
  * powerpc: Make sure "cache" directory is removed when offlining cpu
    - LP: #1282144
  * drm/radeon/DCE4+: clear bios scratch dpms bit (v2)
    - LP: #1282144
  * mm/page-writeback.c: fix dirty_balance_reserve subtraction from
    dirtyable memory
    - LP: #1282144
  * mm/page-writeback.c: do not count anon pages as dirtyable memory
    - LP: #1282144
  * mm: numa: initialise numa balancing after jump label initialisation
    - LP: #1282144
  * target/iscsi: Fix network portal creation race
    - LP: #1282144
  * mm/mempolicy.c: fix mempolicy printing in numa_maps
    - LP: #1282144
  * mm, oom: base root bonus on current usage
    - LP: #1282144
  * alpha: fix broken network checksum
    - LP: #1282144
  * hpfs: remember free space
    - LP: #1282144
  * drm/nouveau/bios: fix offset calculation for BMPv1 bioses
    - LP: #1282144
  * e752x_edac: Fix pci_dev usage count
    - LP: #1282144
  * bnx2x: fix DMA unmapping of TSO split BDs
    - LP: #1282144
  * inet_diag: fix inet_diag_dump_icsk() timewait socket state logic
    - LP: #1282144
  * ieee802154: Fix memory leak in ieee802154_add_iface()
    - LP: #1282144
  * net: avoid reference counter overflows on fib_rules in multicast
    forwarding
    - LP: #1282144
  * net,via-rhine: Fix tx_timeout handling
    - LP: #1282144
  * tcp: metrics: Avoid duplicate entries with the same destination-IP
    - LP: #1282144
  * bpf: do not use reciprocal divide
    - LP: #1282144
  * s390/bpf,jit: fix 32 bit divisions, use unsigned divide instructions
    - LP: #1282144
  * fib_frontend: fix possible NULL pointer dereference
    - LP: #1282144
  * net: Fix memory leak if TPROXY used with TCP early demux
    - LP: #1282144
  * xen-netfront: fix resource leak in netfront
    - LP: #1282144
  * sit: fix double free of fb_tunnel_dev on exit
    - LP: #1282144
  * ip6tnl: fix double free of fb_tnl_dev on exit
    - LP: #1282144
  * Linux 3.8.13.18
    - LP: #1282144
 -- Joseph Salisbury <joseph.salisbury@xxxxxxxxxxxxx>   Wed, 19 Feb 2014 13:44:39 -0500

** Changed in: linux-lts-raring (Ubuntu Precise)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4579

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6368

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6376

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1256083

Title:
  CVE-2013-6380

Status in “linux” package in Ubuntu:
  Invalid
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  Won't Fix
Status in “linux-lts-backport-natty” package in Ubuntu:
  Won't Fix
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  Fix Released
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  Fix Released
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Lucid:
  Won't Fix
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-lts-saucy” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Fix Released
Status in “linux-armadaxp” source package in Precise:
  Fix Released
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Precise:
  Won't Fix
Status in “linux-lts-quantal” source package in Precise:
  Fix Released
Status in “linux-lts-raring” source package in Precise:
  Fix Released
Status in “linux-lts-saucy” source package in Precise:
  Fix Released
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  Fix Released
Status in “linux” source package in Quantal:
  Fix Released
Status in “linux-armadaxp” source package in Quantal:
  Fix Released
Status in “linux-ec2” source package in Quantal:
  Invalid
Status in “linux-fsl-imx51” source package in Quantal:
  Invalid
Status in “linux-lts-backport-maverick” source package in Quantal:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Quantal:
  Won't Fix
Status in “linux-lts-quantal” source package in Quantal:
  Invalid
Status in “linux-lts-raring” source package in Quantal:
  Invalid
Status in “linux-lts-saucy” source package in Quantal:
  Invalid
Status in “linux-mvl-dove” source package in Quantal:
  Invalid
Status in “linux-ti-omap4” source package in Quantal:
  Fix Released
Status in “linux-lts-backport-maverick” source package in Raring:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Raring:
  Won't Fix
Status in “linux” source package in Saucy:
  Fix Released
Status in “linux-armadaxp” source package in Saucy:
  Invalid
Status in “linux-ec2” source package in Saucy:
  Invalid
Status in “linux-fsl-imx51” source package in Saucy:
  Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Saucy:
  Won't Fix
Status in “linux-lts-quantal” source package in Saucy:
  Invalid
Status in “linux-lts-raring” source package in Saucy:
  Invalid
Status in “linux-lts-saucy” source package in Saucy:
  Invalid
Status in “linux-mvl-dove” source package in Saucy:
  Invalid
Status in “linux-ti-omap4” source package in Saucy:
  Fix Released
Status in “linux” source package in Trusty:
  Invalid
Status in “linux-armadaxp” source package in Trusty:
  Invalid
Status in “linux-ec2” source package in Trusty:
  Invalid
Status in “linux-fsl-imx51” source package in Trusty:
  Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Trusty:
  Won't Fix
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid
Status in “linux-mvl-dove” source package in Trusty:
  Invalid
Status in “linux-ti-omap4” source package in Trusty:
  Invalid

Bug description:
  The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in
  the Linux kernel through 3.12.1 does not properly validate a certain
  size value, which allows local users to cause a denial of service
  (invalid pointer dereference) or possibly have unspecified other
  impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted
  SRB command.

  Break-Fix: - b4789b8e6be3151a955ade74872822f30e8cd914

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1256083/+subscriptions


References