← Back to team overview

kernel-packages team mailing list archive

[Bug 1277722] Re: Quantal update to v3.5.7.29 stable release

 

This bug was fixed in the package linux - 3.5.0-47.71

---------------
linux (3.5.0-47.71) quantal; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1281828

  [ Upstream Kernel Changes ]

  * Revert "mm: ensure get_unmapped_area() returns higher address than
    mmap_min_addr"
    - LP: #1277722
  * net: clamp ->msg_namelen instead of returning an error
    - LP: #1269053
  * netfilter: nf_conntrack: avoid large timeout for mid-stream pickup
    - LP: #1270237
  * SELinux: Fix kernel BUG on empty security contexts.
    - CVE-2014-1874
  * lirc_zilog: Don't use dynamic static allocation
    - LP: #1277722
  * net: Fix "ip rule delete table 256"
    - LP: #1277722
  * ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
    - LP: #1277722
  * random32: fix off-by-one in seeding requirement
    - LP: #1277722
  * bonding: don't permit to use ARP monitoring in 802.3ad mode
    - LP: #1277722
  * 6lowpan: Uncompression of traffic class field was incorrect
    - LP: #1277722
  * bonding: fix two race conditions in bond_store_updelay/downdelay
    - LP: #1277722
  * isdnloop: use strlcpy() instead of strcpy()
    - LP: #1277722
  * connector: improved unaligned access error fix
    - LP: #1277722
  * ipv4: fix possible seqlock deadlock
    - LP: #1277722
  * inet: prevent leakage of uninitialized memory to user in recv syscalls
    - LP: #1277722
  * atm: idt77252: fix dev refcnt leak
    - LP: #1277722
  * net: core: Always propagate flag changes to interfaces
    - LP: #1277722
  * net: rework recvmsg handler msg_name and msg_namelen logic
    - LP: #1277722
  * net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
    sockaddr_storage)
    - LP: #1277722
  * packet: fix use after free race in send path when dev is released
    - LP: #1277722
  * inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
    functions
    - LP: #1277722
  * ipv6: fix leaking uninitialized port number of offender sockaddr
    - LP: #1277722
  * net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
    - LP: #1277722
  * inet: fix possible seqlock deadlocks
    - LP: #1277722
  * ipv6: fix possible seqlock deadlock in ip6_finish_output2
    - LP: #1277722
  * af_packet: block BH in prb_shutdown_retire_blk_timer()
    - LP: #1277722
  * {pktgen, xfrm} Update IPv4 header total len and checksum after
    tranformation
    - LP: #1277722
  * bridge: flush br's address entry in fdb when remove the
    - LP: #1277722
  * mmc: block: fix a bug of error handling in MMC driver
    - LP: #1277722
  * NFSv4: Update list of irrecoverable errors on DELEGRETURN
    - LP: #1277722
  * Update of blkg_stat and blkg_rwstat may happen in bh context. While
    u64_stats_fetch_retry is only preempt_disable on 32bit UP system. This
    is not enough to avoid preemption by bh and may read strange 64 bit
    value.
    - LP: #1277722
  * ASoC: wm8990: Mark the register map as dirty when powering down
    - LP: #1277722
  * irq: Enable all irqs unconditionally in irq_resume
    - LP: #1277722
  * xen/gnttab: leave lazy MMU mode in the case of a m2p override failure
    - LP: #1277722
  * libsas: fix usage of ata_tf_to_fis
    - LP: #1277722
  * crypto: authenc - Find proper IV address in ablkcipher callback
    - LP: #1277722
  * s390/crypto: Don't panic after crypto instruction failures
    - LP: #1277722
  * crypto: s390 - Fix aes-xts parameter corruption
    - LP: #1277722
  * crypto: ccm - Fix handling of zero plaintext when computing mac
    - LP: #1277722
  * ALSA: hda - Fix silent output on ASUS W7J laptop
    - LP: #1277722
  * net: smc91: fix crash regression on the versatile
    - LP: #1277722
  * ARM: footbridge: fix VGA initialisation
    - LP: #1277722
  * hpsa: do not discard scsi status on aborted commands
    - LP: #1277722
  * hpsa: return 0 from driver probe function on success, not 1
    - LP: #1277722
  * ALSA: hda - Another fixup for ASUS laptop with ALC660 codec
    - LP: #1277722
  * enclosure: fix WARN_ON in dual path device removing
    - LP: #1277722
  * powerpc/gpio: Fix the wrong GPIO input data on MPC8572/MPC8536
    - LP: #1277722
  * ASoC: wm8731: fix dsp mode configuration
    - LP: #1277722
  * cpuidle: Check for dev before deregistering it.
    - LP: #1277722
  * iwlwifi: dvm: don't override mac80211's queue setting
    - LP: #1277722
  * um: add missing declaration of 'getrlimit()' and friends
    - LP: #1277722
  * dm: fix truncated status strings
    - LP: #1277722
  * elevator: acquire q->sysfs_lock in elevator_change()
    - LP: #1277722
  * iommu/vt-d: Fixed interaction of VFIO_IOMMU_MAP_DMA with IOMMU address
    limits
    - LP: #1277722
  * video: kyro: fix incorrect sizes when copying to userspace
    - LP: #1277722
  * Input: allow deselecting serio drivers even without CONFIG_EXPERT
    - LP: #1277722
  * Input: mousedev - allow disabling even without CONFIG_EXPERT
    - LP: #1277722
  * i2c: i801: SMBus patch for Intel Avoton DeviceIDs
    - LP: #1277722
  * HID: add quirk for Freescale i.MX23 ROM recovery
    - LP: #1277722
  * HID: hid-multitouch: add support for SiS panels
    - LP: #1277722
  * HID: roccat: fix Coverity CID 141438
    - LP: #1277722
  * HID: apple: option to swap the 'Option' ("Alt") and 'Command' ("Flag")
    keys.
    - LP: #1277722
  * 9p: send uevent after adding/removing mount_tag attribute
    - LP: #1277722
  * NFSv4 wait on recovery for async session errors
    - LP: #1277722
  * sched: Avoid throttle_cfs_rq() racing with period_timer stopping
    - LP: #1277722
  * nfs: fix do_div() warning by instead using sector_div()
    - LP: #1277722
  * dm delay: fix a possible deadlock due to shared workqueue
    - LP: #1277722
  * mac80211: don't attempt to reorder multicast frames
    - LP: #1277722
  * USB: serial: fix race in generic write
    - LP: #1277722
  * usb: gadget: composite: reset delayed_status on reset_config
    - LP: #1277722
  * usb: dwc3: fix implementation of endpoint wedge
    - LP: #1277722
  * saa7164: fix return value check in saa7164_initdev()
    - LP: #1277722
  * USB: serial: option: blacklist interface 1 for Huawei E173s-6
    - LP: #1277722
  * USB: option: support new huawei devices
    - LP: #1277722
  * USB: spcp8x5: correct handling of CS5 setting
    - LP: #1277722
  * USB: mos7840: correct handling of CS5 setting
    - LP: #1277722
  * USB: ftdi_sio: fixed handling of unsupported CSIZE setting
    - LP: #1277722
  * USB: pl2303: fixed handling of CS5 setting
    - LP: #1277722
  * USB: cdc-acm: Added support for the Lenovo RD02-D400 USB Modem
    - LP: #1277722
  * drm/radeon: fixup bad vram size on SI
    - LP: #1277722
  * usb: hub: Use correct reset for wedged USB3 devices that are
    NOTATTACHED
    - LP: #1277722
  * drivers/char/i8k.c: add Dell XPLS L421X
    - LP: #1277722
  * crypto: scatterwalk - Set the chain pointer indication bit
    - LP: #1277722
  * crypto: scatterwalk - Use sg_chain_ptr on chain entries
    - LP: #1277722
  * ARM: 7912/1: check stack pointer in get_wchan
    - LP: #1277722
  * ARM: 7913/1: fix framepointer check in unwind_frame
    - LP: #1277722
  * ALSA: memalloc.h - fix wrong truncation of dma_addr_t
    - LP: #1277722
  * dm snapshot: avoid snapshot space leak on crash
    - LP: #1277722
  * dm table: fail dm_table_create on dm_round_up overflow
    - LP: #1277722
  * x86, build, icc: Remove uninitialized_var() from compiler-intel.h
    - LP: #1277722
  * x86, efi: Don't use (U)EFI time services on 32 bit
    - LP: #1277722
  * dm bufio: initialize read-only module parameters
    - LP: #1277722
  * ARM: pxa: tosa: fix keys mapping
    - LP: #1277722
  * hwmon: (w83l786ng) Fix fan speed control mode setting and reporting
    - LP: #1277722
  * hwmon: (w83l768ng) Fix fan speed control range
    - LP: #1277722
  * hwmon: Prevent some divide by zeros in FAN_TO_REG()
    - LP: #1277722
  * futex: fix handling of read-only-mapped hugepages
    - LP: #1277722
  * KVM: Improve create VCPU parameter (CVE-2013-4587)
    - LP: #1277722
  * KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
    - LP: #1277722
  * KVM: x86: Convert vapic synchronization to _cached functions
    (CVE-2013-6368)
    - LP: #1277722
  * selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()
    - LP: #1277722
  * selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()
    - LP: #1277722
  * drivers/rtc/rtc-at91rm9200.c: correct alarm over day/month wrap
    - LP: #1277722
  * MIPS: DMA: For BMIPS5000 cores flush region just like non-coherent
    R10000
    - LP: #1277722
  * xfs: underflow bug in xfs_attrlist_by_handle()
    - LP: #1277722
  * Linux 3.5.7.28
    - LP: #1277722
  * ARM: OMAP3: hwmod data: Don't prevent RESET of USB Host module
    - LP: #1277722
  * ARM: OMAP2+: hwmod: Fix SOFTRESET logic
    - LP: #1277722
  * Input: usbtouchscreen - separate report and transmit buffer size
    handling
    - LP: #1277722
  * sc1200_wdt: Fix oops
    - LP: #1277722
  * cxd2820r_core: fix sparse warnings
    - LP: #1277722
  * staging: comedi: ssv_dnp: use comedi_dio_update_state()
    - LP: #1277722
  * staging: comedi: pcmuio: fix possible NULL deref on detach
    - LP: #1277722
  * HID: Bump maximum global item tag report size to 128 bytes
    - LP: #1277722
  * selinux: look for IPsec labels on both inbound and outbound packets
    - LP: #1277722
  * selinux: process labeled IPsec TCP SYN-ACK packets properly in
    selinux_ip_postroute()
    - LP: #1277722
  * intel_idle: enable IVB Xeon support
    - LP: #1277722
  * mm/hugetlb: check for pte NULL pointer in __page_check_address()
    - LP: #1277722
  * dm mpath: fix race condition between multipath_dtr and pg_init_done
    - LP: #1277722
  * KVM: IOMMU: hva align mapping page size
    - LP: #1277722
  * IB/qib: Convert qib_user_sdma_pin_pages() to use get_user_pages_fast()
    - LP: #1277722
  * Staging: zram: Fix access of NULL pointer
    - LP: #1277722
  * ARM: pxa: prevent PXA270 occasional reboot freezes
    - LP: #1277722
  * Staging: zram: Fix memory leak by refcount mismatch
    - LP: #1277722
  * TTY: pmac_zilog, check existence of ports in pmz_console_init()
    - LP: #1277722
  * ceph: cleanup aborted requests when re-sending requests.
    - LP: #1277722
  * ceph: wake up 'safe' waiters when unregistering request
    - LP: #1277722
  * powerpc: kvm: fix rare but potential deadlock scene
    - LP: #1277722
  * libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus
    SpinPoint M8
    - LP: #1277722
  * ext4: fix use-after-free in ext4_mb_new_blocks
    - LP: #1277722
  * ext4: check for overlapping extents in ext4_valid_extent_entries()
    - LP: #1277722
  * ext2: Fix oops in ext2_get_block() called from ext2_quota_write()
    - LP: #1277722
  * ext4: fix del_timer() misuse for ->s_err_report
    - LP: #1277722
  * usb: cdc-wdm: manage_power should always set needs_remote_wakeup
    - LP: #1277722
  * scripts/link-vmlinux.sh: only filter kernel symbols for arm
    - LP: #1277722
  * xhci: Limit the spurious wakeup fix only to HP machines
    - LP: #1277722
  * drm/i915: don't update the dri1 breadcrumb with modesetting
    - LP: #1277722
  * iscsi-target: Fix-up all zero data-length CDBs with R/W_BIT set
    - LP: #1277722
  * drm/radeon: Fix sideport problems on certain RS690 boards
    - LP: #1277722
  * ALSA: hda - Add enable_msi=0 workaround for four HP machines
    - LP: #1260225, #1277722
  * gpio: msm: Fix irq mask/unmask by writing bits instead of numbers
    - LP: #1277722
  * radiotap: fix bitmap-end-finding buffer overrun
    - LP: #1277722
  * ftrace: Initialize the ftrace profiler for each possible cpu
    - LP: #1277722
  * libata: disable a disk via libata.force params
    - LP: #1277722
  * drm/edid: add quirk for BPC in Samsung NP700G7A-S01PL notebook
    - LP: #1277722
  * sched/rt: Fix rq's cpupri leak while enqueue/dequeue child RT entities
    - LP: #1277722
  * ALSA: Add SNDRV_PCM_STATE_PAUSED case in wait_for_avail function
    - LP: #1277722
  * rtlwifi: pci: Fix oops on driver unload
    - LP: #1277722
  * ath9k: Fix interrupt handling for the AR9002 family
    - LP: #1277722
  * cpupower: Fix segfault due to incorrect getopt_long arugments
    - LP: #1277722
  * iio:adc:ad7887 Fix channel reported endianness from cpu to big endian
    - LP: #1277722
  * ASoC: wm8904: fix DSP mode B configuration
    - LP: #1277722
  * net_dma: mark broken
    - LP: #1277722
  * dm9601: fix reception of full size ethernet frames on dm9620/dm9621a
    - LP: #1277722
  * dm9601: work around tx fifo sync issue on dm962x
    - LP: #1277722
  * libata, freezer: avoid block device removal while system is frozen
    - LP: #1277722
  * drm/radeon: fix asic gfx values for scrapper asics
    - LP: #1277722
  * ext4: add explicit casts when masking cluster sizes
    - LP: #1277722
  * drm/radeon: 0x9649 is SUMO2 not SUMO
    - LP: #1277722
  * selinux: fix broken peer recv check
    - LP: #1277722
  * selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()
    - LP: #1277722
  * powerpc: Fix bad stack check in exception entry
    - LP: #1277722
  * ARM: fix "bad mode in ... handler" message for undefined instructions
    - LP: #1277722
  * ath9k_htc: properly set MAC address and BSSID mask
    - LP: #1277722
  * powerpc: Align p_end
    - LP: #1277722
  * Input: allocate absinfo data when setting ABS capability
    - LP: #1277722
  * GFS2: don't hold s_umount over blkdev_put
    - LP: #1277722
  * GFS2: Fix incorrect invalidation for DIO/buffered I/O
    - LP: #1277722
  * jbd2: don't BUG but return ENOSPC if a handle runs out of space
    - LP: #1277722
  * sh: always link in helper functions extracted from libgcc
    - LP: #1277722
  * ceph: Avoid data inconsistency due to d-cache aliasing in readpage()
    - LP: #1277722
  * mm: ensure get_unmapped_area() returns higher address than
    mmap_min_addr
    - LP: #1277722
  * ftrace: Check module functions being traced on reload
    - LP: #1277722
  * sched: Fix race on toggling cfs_bandwidth_used
    - LP: #1277722
  * sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining
    - LP: #1277722
  * sched: Fix hrtimer_cancel()/rq->lock deadlock
    - LP: #1277722
  * sched: Guarantee new group-entities always have weight
    - LP: #1277722
  * net: do not pretend FRAGLIST support
    - LP: #1277722
  * rds: prevent BUG_ON triggered on congestion update to loopback
    - LP: #1277722
  * macvtap: Do not double-count received packets
    - LP: #1277722
  * macvtap: update file current position
    - LP: #1277722
  * tun: update file current position
    - LP: #1277722
  * macvtap: signal truncated packets
    - LP: #1277722
  * ipv6: don't count addrconf generated routes against gc limit
    - LP: #1277722
  * net: drop_monitor: fix the value of maxattr
    - LP: #1277722
  * net: unix: allow set_peek_off to fail
    - LP: #1277722
  * tg3: Initialize REG_BASE_ADDR at PCI config offset 120 to 0
    - LP: #1277722
  * netvsc: don't flush peers notifying work during setting mtu
    - LP: #1277722
  * net: unix: allow bind to fail on mutex lock
    - LP: #1277722
  * net: inet_diag: zero out uninitialized idiag_{src,dst} fields
    - LP: #1277722
  * drivers/net/hamradio: Integer overflow in hdlcdrv_ioctl()
    - LP: #1277722
  * hamradio/yam: fix info leak in ioctl
    - LP: #1277722
  * rds: prevent dereference of a NULL device
    - LP: #1277722
  * net: rose: restore old recvmsg behavior
    - LP: #1277722
  * vlan: Fix header ops passthru when doing TX VLAN offload.
    - LP: #1277722
  * net: llc: fix use after free in llc_ui_recvmsg
    - LP: #1277722
  * bridge: use spin_lock_bh() in br_multicast_set_hash_max
    - LP: #1277722
  * x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround
    - LP: #1277722
  * mac80211: move "bufferable MMPDU" check to fix AP mode scan
    - LP: #1277722
  * SELinux: Fix possible NULL pointer dereference in
    selinux_inode_permission()
    - LP: #1277722
  * Linux 3.5.7.29
    - LP: #1277722
  * ext4: fix deadlock when writing in ENOSPC conditions
    - LP: #1281791
  * writeback: Fix data corruption on NFS
    - LP: #1281791
  * md/raid5: Fix possible confusion when multiple write errors occur.
    - LP: #1281791
  * md/raid10: fix two bugs in handling of known-bad-blocks.
    - LP: #1281791
  * md/raid10: fix bug when raid10 recovery fails to recover a block.
    - LP: #1281791
  * hwmon: (coretemp) Fix truncated name of alarm attributes
    - LP: #1281791
  * nilfs2: fix segctor bug that causes file system corruption
    - LP: #1281791
  * mm: fix crash when using XFS on loopback
    - LP: #1281791
  * vfs: In d_path don't call d_dname on a mount point
    - LP: #1281791
  * perf/x86/amd/ibs: Fix waking up from S3 for AMD family 10h
    - LP: #1281791
  * staging: comedi: 8255_pci: fix for newer PCI-DIO48H
    - LP: #1281791
  * mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate
    successfully
    - LP: #1281791
  * serial: amba-pl011: use port lock to guard control register access
    - LP: #1281791
  * rtlwifi: rtl8192cu: Fix W=1 build warning
    - LP: #1281791
  * rtlwifi: rtl8192cu: Add new firmware
    - LP: #1281791
  * rtlwifi: Set the link state
    - LP: #1281791
  * rtlwifi: rtl8192c: Add new definitions in the dm_common header
    - LP: #1281791
  * rtlwifi: rtl8192cu: Fix some code in RF handling
    - LP: #1281791
  * NFSv4: OPEN must handle the NFS4ERR_IO return code correctly
    - LP: #1281791
  * parport: parport_pc: remove double PCI ID for NetMos
    - LP: #1281791
  * staging: vt6656: [BUG] BBvUpdatePreEDThreshold Always set sensitivity
    on bScanning
    - LP: #1281791
  * bfa: Chinook quad port 16G FC HBA claim issue
    - LP: #1281791
  * usb: option: add new zte 3g modem pids to option driver
    - LP: #1281791
  * dib8000: make 32 bits read atomic
    - LP: #1281791
  * serial: add support for 200 v3 series Titan card
    - LP: #1281791
  * usb: xhci: Check for XHCI_PLAT in xhci_cleanup_msix()
    - LP: #1281791
  * x86/efi: Fix off-by-one bug in EFI Boot Services reservation
    - LP: #1281791
  * perf kvm: Fix kvm report without guestmount.
    - LP: #1281791
  * mtd: mxc_nand: remove duplicated ecc_stats counting
    - LP: #1281791
  * xen/pvhvm: If xen_platform_pci=0 is set don't blow up (v4).
    - LP: #1281791
  * USB: serial: add support for iBall 3.5G connect usb modem
    - LP: #1281791
  * USB: Nokia 502 is an unusual device
    - LP: #1281791
  * USB: cypress_m8: fix ring-indicator detection and reporting
    - LP: #1281791
  * ALSA: rme9652: fix a missing comma in channel_map_9636_ds[]
    - LP: #1281791
  * sunrpc: Fix infinite loop in RPC state machine
    - LP: #1281791
  * dm thin: initialize dm_thin_new_mapping returned by get_next_mapping
    - LP: #1281791
  * SELinux: Fix memory leak upon loading policy
    - LP: #1281791
  * drm/radeon: warn users when hw_i2c is enabled (v2)
    - LP: #1281791
  * USB: ftdi_sio: added CS5 quirk for broken smartcard readers
    - LP: #1281791
  * serial: 8250: enable UART_BUG_NOMSR for Tegra
    - LP: #1281791
  * dm: wait until embedded kobject is released before destroying a device
    - LP: #1281791
  * dm space map common: make sure new space is used during extend
    - LP: #1281791
  * ASoC: adau1701: Fix ADAU1701_SEROCTL_WORD_LEN_16 constant
    - LP: #1281791
  * radeon/pm: Guard access to rdev->pm.power_state array
    - LP: #1281791
  * drm/radeon: skip colorbuffer checking if COLOR_INFO.FORMAT is set to
    INVALID
    - LP: #1281791
  * staging: r8712u: Set device type to wlan
    - LP: #1281791
  * ALSA: Enable CONFIG_ZONE_DMA for smaller PCI DMA masks
    - LP: #1281791
  * mmc: atmel-mci: fix timeout errors in SDIO mode when using DMA
    - LP: #1281791
  * rtlwifi: rtl8192cu: Add new device ID
    - LP: #1281791
  * mwifiex: add missing endian conversion for fw_tsf
    - LP: #1281791
  * b43: Fix lockdep splat
    - LP: #1281791
  * b43: Fix unload oops if firmware is not available
    - LP: #1281791
  * b43legacy: Fix unload oops if firmware is not available
    - LP: #1281791
  * nfs4.1: properly handle ENOTSUP in SECINFO_NO_NAME
    - LP: #1281791
  * audit: correct a type mismatch in audit_syscall_exit()
    - LP: #1281791
  * md/raid5: fix long-standing problem with bitmap handling on write
    failure.
    - LP: #1281791
  * drm/radeon: set the full cache bit for fences on r7xx+
    - LP: #1281791
  * hp_accel: Add a new PnP ID HPQ6007 for new HP laptops
    - LP: #1281791
  * intel-iommu: fix off-by-one in pagetable freeing
    - LP: #1281791
  * fuse: fix pipe_buf_operations
    - LP: #1281791
  * drm/cirrus: correct register values for 16bpp
    - LP: #1281791
  * IB/qib: Fix QP check when looping back to/from QP1
    - LP: #1281791
  * ore: Fix wrong math in allocation of per device BIO
    - LP: #1281791
  * b43: fix the wrong assignment of status.freq in b43_rx()
    - LP: #1281791
  * KVM: PPC: e500: Fix bad address type in deliver_tlb_misss()
    - LP: #1281791
  * Btrfs: handle EAGAIN case properly in btrfs_drop_snapshot()
    - LP: #1281791
  * ACPI / init: Flag use of ACPI and ACPI idioms for power supplies to
    regulator API
    - LP: #1281791
  * powerpc: Make sure "cache" directory is removed when offlining cpu
    - LP: #1281791
  * drm/radeon/DCE4+: clear bios scratch dpms bit (v2)
    - LP: #1281791
  * mm/page-writeback.c: fix dirty_balance_reserve subtraction from
    dirtyable memory
    - LP: #1281791
  * target/iscsi: Fix network portal creation race
    - LP: #1281791
  * mm, oom: base root bonus on current usage
    - LP: #1281791
  * x86, x32: Correct invalid use of user timespec in the kernel
    - LP: #1281791
  * alpha: fix broken network checksum
    - LP: #1281791
  * ARM: at91: smc: bug fix in sam9_smc_cs_read()
    - LP: #1281791
  * KVM: s390: fix diagnose code extraction
    - LP: #1281791
  * e752x_edac: Fix pci_dev usage count
    - LP: #1281791
  * lib/decompressors: fix "no limit" output buffer length
    - LP: #1281791
  * bnx2x: fix DMA unmapping of TSO split BDs
    - LP: #1281791
  * inet_diag: fix inet_diag_dump_icsk() timewait socket state logic
    - LP: #1281791
  * net: avoid reference counter overflows on fib_rules in multicast
    forwarding
    - LP: #1281791
  * net,via-rhine: Fix tx_timeout handling
    - LP: #1281791
  * mm: hugetlbfs: fix hugetlbfs optimization
    - LP: #1281791
  * usb: core: get config and string descriptors for unauthorized devices
    - LP: #1281791
  * tty/serial: at91: Handle shutdown more safely
    - LP: #1281791
  * slub: Fix calculation of cpu slabs
    - LP: #1281791
  * turbostat: Use GCC's CPUID functions to support PIC
    - LP: #1281791
  * Linux 3.5.7.30
    - LP: #1281791
 -- Brad Figg <brad.figg@xxxxxxxxxxxxx>   Mon, 10 Feb 2014 09:51:32 -0800

** Changed in: linux (Ubuntu Quantal)
       Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4587

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6367

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6368

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1874

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1277722

Title:
  Quantal update to v3.5.7.29 stable release

Status in “linux” package in Ubuntu:
  Confirmed
Status in “linux” source package in Quantal:
  Fix Released

Bug description:
  SRU Justification

      Impact:
         The upstream process for stable tree updates is quite similar
         in scope to the Ubuntu SRU process, e.g., each patch has to
         demonstrably fix a bug, and each patch is vetted by upstream
         by originating either directly from Linus' tree or in a minimally
         backported form of that patch. The v3.5.7.29 upstream stable
         patch set is now available. It should be included in the Ubuntu
         kernel as well.

         git://git.kernel.org/

      TEST CASE: TBD

         The following patches are in the v3.5.7.29 stable release:

  Linux 3.5.7.29
  SELinux: Fix possible NULL pointer dereference in selinux_inode_permission()
  mac80211: move "bufferable MMPDU" check to fix AP mode scan
  x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround
  bridge: use spin_lock_bh() in br_multicast_set_hash_max
  net: llc: fix use after free in llc_ui_recvmsg
  vlan: Fix header ops passthru when doing TX VLAN offload.
  net: rose: restore old recvmsg behavior
  rds: prevent dereference of a NULL device
  hamradio/yam: fix info leak in ioctl
  drivers/net/hamradio: Integer overflow in hdlcdrv_ioctl()
  net: inet_diag: zero out uninitialized idiag_{src,dst} fields
  net: unix: allow bind to fail on mutex lock
  netvsc: don't flush peers notifying work during setting mtu
  tg3: Initialize REG_BASE_ADDR at PCI config offset 120 to 0
  net: unix: allow set_peek_off to fail
  net: drop_monitor: fix the value of maxattr
  ipv6: don't count addrconf generated routes against gc limit
  macvtap: signal truncated packets
  tun: update file current position
  macvtap: update file current position
  macvtap: Do not double-count received packets
  rds: prevent BUG_ON triggered on congestion update to loopback
  net: do not pretend FRAGLIST support
  sched: Guarantee new group-entities always have weight
  sched: Fix hrtimer_cancel()/rq->lock deadlock
  sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining
  sched: Fix race on toggling cfs_bandwidth_used
  ftrace: Check module functions being traced on reload
  mm: ensure get_unmapped_area() returns higher address than mmap_min_addr
  Revert "mm: ensure get_unmapped_area() returns higher address than mmap_min_addr"
  ceph: Avoid data inconsistency due to d-cache aliasing in readpage()
  sh: always link in helper functions extracted from libgcc
  jbd2: don't BUG but return ENOSPC if a handle runs out of space
  GFS2: Fix incorrect invalidation for DIO/buffered I/O
  GFS2: don't hold s_umount over blkdev_put
  Input: allocate absinfo data when setting ABS capability
  powerpc: Align p_end
  ath9k_htc: properly set MAC address and BSSID mask
  ARM: fix "bad mode in ... handler" message for undefined instructions
  powerpc: Fix bad stack check in exception entry
  selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()
  selinux: fix broken peer recv check
  drm/radeon: 0x9649 is SUMO2 not SUMO
  ext4: add explicit casts when masking cluster sizes
  drm/radeon: fix asic gfx values for scrapper asics
  libata, freezer: avoid block device removal while system is frozen
  dm9601: work around tx fifo sync issue on dm962x
  dm9601: fix reception of full size ethernet frames on dm9620/dm9621a
  net_dma: mark broken
  ASoC: wm8904: fix DSP mode B configuration
  iio:adc:ad7887 Fix channel reported endianness from cpu to big endian
  cpupower: Fix segfault due to incorrect getopt_long arugments
  ath9k: Fix interrupt handling for the AR9002 family
  rtlwifi: pci: Fix oops on driver unload
  ALSA: Add SNDRV_PCM_STATE_PAUSED case in wait_for_avail function
  sched/rt: Fix rq's cpupri leak while enqueue/dequeue child RT entities
  drm/edid: add quirk for BPC in Samsung NP700G7A-S01PL notebook
  libata: disable a disk via libata.force params
  ftrace: Initialize the ftrace profiler for each possible cpu
  radiotap: fix bitmap-end-finding buffer overrun
  gpio: msm: Fix irq mask/unmask by writing bits instead of numbers
  ALSA: hda - Add enable_msi=0 workaround for four HP machines
  drm/radeon: Fix sideport problems on certain RS690 boards
  iscsi-target: Fix-up all zero data-length CDBs with R/W_BIT set
  drm/i915: don't update the dri1 breadcrumb with modesetting
  xhci: Limit the spurious wakeup fix only to HP machines
  scripts/link-vmlinux.sh: only filter kernel symbols for arm
  usb: cdc-wdm: manage_power should always set needs_remote_wakeup
  ext4: fix del_timer() misuse for ->s_err_report
  ext2: Fix oops in ext2_get_block() called from ext2_quota_write()
  ext4: check for overlapping extents in ext4_valid_extent_entries()
  ext4: fix use-after-free in ext4_mb_new_blocks
  libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus SpinPoint M8
  powerpc: kvm: fix rare but potential deadlock scene
  ceph: wake up 'safe' waiters when unregistering request
  ceph: cleanup aborted requests when re-sending requests.
  TTY: pmac_zilog, check existence of ports in pmz_console_init()
  Staging: zram: Fix memory leak by refcount mismatch
  ARM: pxa: prevent PXA270 occasional reboot freezes
  Staging: zram: Fix access of NULL pointer
  IB/qib: Convert qib_user_sdma_pin_pages() to use get_user_pages_fast()
  KVM: IOMMU: hva align mapping page size
  dm mpath: fix race condition between multipath_dtr and pg_init_done
  mm/hugetlb: check for pte NULL pointer in __page_check_address()
  intel_idle: enable IVB Xeon support
  intel_idle: initial IVB support
  selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute()
  selinux: look for IPsec labels on both inbound and outbound packets
  HID: Bump maximum global item tag report size to 128 bytes
  staging: comedi: pcmuio: fix possible NULL deref on detach
  staging: comedi: ssv_dnp: use comedi_dio_update_state()
  [media] cxd2820r_core: fix sparse warnings
  sc1200_wdt: Fix oops
  Input: usbtouchscreen - separate report and transmit buffer size handling
  ARM: OMAP2+: hwmod: Fix SOFTRESET logic
  ARM: OMAP3: hwmod data: Don't prevent RESET of USB Host module
  Linux 3.5.7.28
  xfs: underflow bug in xfs_attrlist_by_handle()
  MIPS: DMA: For BMIPS5000 cores flush region just like non-coherent R10000
  drivers/rtc/rtc-at91rm9200.c: correct alarm over day/month wrap
  selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()
  selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()
  KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368)
  KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
  KVM: Improve create VCPU parameter (CVE-2013-4587)
  futex: fix handling of read-only-mapped hugepages
  hwmon: Prevent some divide by zeros in FAN_TO_REG()
  hwmon: (w83l768ng) Fix fan speed control range
  hwmon: (w83l786ng) Fix fan speed control mode setting and reporting
  ARM: pxa: tosa: fix keys mapping
  dm bufio: initialize read-only module parameters
  x86, efi: Don't use (U)EFI time services on 32 bit
  x86, build, icc: Remove uninitialized_var() from compiler-intel.h
  dm table: fail dm_table_create on dm_round_up overflow
  dm snapshot: avoid snapshot space leak on crash
  ALSA: memalloc.h - fix wrong truncation of dma_addr_t
  ARM: 7913/1: fix framepointer check in unwind_frame
  ARM: 7912/1: check stack pointer in get_wchan
  crypto: scatterwalk - Use sg_chain_ptr on chain entries
  crypto: scatterwalk - Set the chain pointer indication bit
  drivers/char/i8k.c: add Dell XPLS L421X
  usb: hub: Use correct reset for wedged USB3 devices that are NOTATTACHED
  drm/radeon: fixup bad vram size on SI
  USB: cdc-acm: Added support for the Lenovo RD02-D400 USB Modem
  USB: pl2303: fixed handling of CS5 setting
  USB: ftdi_sio: fixed handling of unsupported CSIZE setting
  USB: mos7840: correct handling of CS5 setting
  USB: spcp8x5: correct handling of CS5 setting
  USB: option: support new huawei devices
  USB: serial: option: blacklist interface 1 for Huawei E173s-6
  [media] saa7164: fix return value check in saa7164_initdev()
  usb: dwc3: fix implementation of endpoint wedge
  usb: gadget: composite: reset delayed_status on reset_config
  USB: serial: fix race in generic write
  mac80211: don't attempt to reorder multicast frames
  dm delay: fix a possible deadlock due to shared workqueue
  nfs: fix do_div() warning by instead using sector_div()
  sched: Avoid throttle_cfs_rq() racing with period_timer stopping
  NFSv4 wait on recovery for async session errors
  9p: send uevent after adding/removing mount_tag attribute
  HID: apple: option to swap the 'Option' ("Alt") and 'Command' ("Flag") keys.
  HID: roccat: fix Coverity CID 141438
  HID: hid-multitouch: add support for SiS panels
  HID: add quirk for Freescale i.MX23 ROM recovery
  i2c: i801: SMBus patch for Intel Avoton DeviceIDs
  Input: mousedev - allow disabling even without CONFIG_EXPERT
  Input: allow deselecting serio drivers even without CONFIG_EXPERT
  video: kyro: fix incorrect sizes when copying to userspace
  iommu/vt-d: Fixed interaction of VFIO_IOMMU_MAP_DMA with IOMMU address limits
  elevator: acquire q->sysfs_lock in elevator_change()
  dm: fix truncated status strings
  um: add missing declaration of 'getrlimit()' and friends
  iwlwifi: dvm: don't override mac80211's queue setting
  cpuidle: Check for dev before deregistering it.
  ASoC: wm8731: fix dsp mode configuration
  powerpc/gpio: Fix the wrong GPIO input data on MPC8572/MPC8536
  [SCSI] enclosure: fix WARN_ON in dual path device removing
  ALSA: hda - Another fixup for ASUS laptop with ALC660 codec
  [SCSI] hpsa: return 0 from driver probe function on success, not 1
  [SCSI] hpsa: do not discard scsi status on aborted commands
  ARM: footbridge: fix VGA initialisation
  net: smc91: fix crash regression on the versatile
  ALSA: hda - Fix silent output on ASUS W7J laptop
  crypto: ccm - Fix handling of zero plaintext when computing mac
  crypto: s390 - Fix aes-xts parameter corruption
  s390/crypto: Don't panic after crypto instruction failures
  crypto: authenc - Find proper IV address in ablkcipher callback
  [SCSI] libsas: fix usage of ata_tf_to_fis
  xen/gnttab: leave lazy MMU mode in the case of a m2p override failure
  irq: Enable all irqs unconditionally in irq_resume
  ASoC: wm8990: Mark the register map as dirty when powering down
  Update of blkg_stat and blkg_rwstat may happen in bh context. While u64_stats_fetch_retry is only preempt_disable on 32bit UP system. This is not enough to avoid preemption by bh and may read strange 64 bit value.
  NFSv4: Update list of irrecoverable errors on DELEGRETURN
  mmc: block: fix a bug of error handling in MMC driver
  bridge: flush br's address entry in fdb when remove the
  {pktgen, xfrm} Update IPv4 header total len and checksum after tranformation
  af_packet: block BH in prb_shutdown_retire_blk_timer()
  ipv6: fix possible seqlock deadlock in ip6_finish_output2
  inet: fix possible seqlock deadlocks
  net: clamp ->msg_namelen instead of returning an error
  net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
  ipv6: fix leaking uninitialized port number of offender sockaddr
  inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions
  packet: fix use after free race in send path when dev is released
  net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage)
  net: rework recvmsg handler msg_name and msg_namelen logic
  net: core: Always propagate flag changes to interfaces
  atm: idt77252: fix dev refcnt leak
  inet: prevent leakage of uninitialized memory to user in recv syscalls
  ipv4: fix possible seqlock deadlock
  connector: improved unaligned access error fix
  isdnloop: use strlcpy() instead of strcpy()
  bonding: fix two race conditions in bond_store_updelay/downdelay
  6lowpan: Uncompression of traffic class field was incorrect
  bonding: don't permit to use ARP monitoring in 802.3ad mode
  random32: fix off-by-one in seeding requirement
  ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
  net: Fix "ip rule delete table 256"
  [media] lirc_zilog: Don't use dynamic static allocation

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1277722/+subscriptions


References