← Back to team overview

kernel-packages team mailing list archive

[Bug 1270237] Re: prevent the conntrack table from filling up in the kernel

 

This bug was fixed in the package linux - 3.5.0-47.71

---------------
linux (3.5.0-47.71) quantal; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1281828

  [ Upstream Kernel Changes ]

  * Revert "mm: ensure get_unmapped_area() returns higher address than
    mmap_min_addr"
    - LP: #1277722
  * net: clamp ->msg_namelen instead of returning an error
    - LP: #1269053
  * netfilter: nf_conntrack: avoid large timeout for mid-stream pickup
    - LP: #1270237
  * SELinux: Fix kernel BUG on empty security contexts.
    - CVE-2014-1874
  * lirc_zilog: Don't use dynamic static allocation
    - LP: #1277722
  * net: Fix "ip rule delete table 256"
    - LP: #1277722
  * ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
    - LP: #1277722
  * random32: fix off-by-one in seeding requirement
    - LP: #1277722
  * bonding: don't permit to use ARP monitoring in 802.3ad mode
    - LP: #1277722
  * 6lowpan: Uncompression of traffic class field was incorrect
    - LP: #1277722
  * bonding: fix two race conditions in bond_store_updelay/downdelay
    - LP: #1277722
  * isdnloop: use strlcpy() instead of strcpy()
    - LP: #1277722
  * connector: improved unaligned access error fix
    - LP: #1277722
  * ipv4: fix possible seqlock deadlock
    - LP: #1277722
  * inet: prevent leakage of uninitialized memory to user in recv syscalls
    - LP: #1277722
  * atm: idt77252: fix dev refcnt leak
    - LP: #1277722
  * net: core: Always propagate flag changes to interfaces
    - LP: #1277722
  * net: rework recvmsg handler msg_name and msg_namelen logic
    - LP: #1277722
  * net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
    sockaddr_storage)
    - LP: #1277722
  * packet: fix use after free race in send path when dev is released
    - LP: #1277722
  * inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
    functions
    - LP: #1277722
  * ipv6: fix leaking uninitialized port number of offender sockaddr
    - LP: #1277722
  * net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
    - LP: #1277722
  * inet: fix possible seqlock deadlocks
    - LP: #1277722
  * ipv6: fix possible seqlock deadlock in ip6_finish_output2
    - LP: #1277722
  * af_packet: block BH in prb_shutdown_retire_blk_timer()
    - LP: #1277722
  * {pktgen, xfrm} Update IPv4 header total len and checksum after
    tranformation
    - LP: #1277722
  * bridge: flush br's address entry in fdb when remove the
    - LP: #1277722
  * mmc: block: fix a bug of error handling in MMC driver
    - LP: #1277722
  * NFSv4: Update list of irrecoverable errors on DELEGRETURN
    - LP: #1277722
  * Update of blkg_stat and blkg_rwstat may happen in bh context. While
    u64_stats_fetch_retry is only preempt_disable on 32bit UP system. This
    is not enough to avoid preemption by bh and may read strange 64 bit
    value.
    - LP: #1277722
  * ASoC: wm8990: Mark the register map as dirty when powering down
    - LP: #1277722
  * irq: Enable all irqs unconditionally in irq_resume
    - LP: #1277722
  * xen/gnttab: leave lazy MMU mode in the case of a m2p override failure
    - LP: #1277722
  * libsas: fix usage of ata_tf_to_fis
    - LP: #1277722
  * crypto: authenc - Find proper IV address in ablkcipher callback
    - LP: #1277722
  * s390/crypto: Don't panic after crypto instruction failures
    - LP: #1277722
  * crypto: s390 - Fix aes-xts parameter corruption
    - LP: #1277722
  * crypto: ccm - Fix handling of zero plaintext when computing mac
    - LP: #1277722
  * ALSA: hda - Fix silent output on ASUS W7J laptop
    - LP: #1277722
  * net: smc91: fix crash regression on the versatile
    - LP: #1277722
  * ARM: footbridge: fix VGA initialisation
    - LP: #1277722
  * hpsa: do not discard scsi status on aborted commands
    - LP: #1277722
  * hpsa: return 0 from driver probe function on success, not 1
    - LP: #1277722
  * ALSA: hda - Another fixup for ASUS laptop with ALC660 codec
    - LP: #1277722
  * enclosure: fix WARN_ON in dual path device removing
    - LP: #1277722
  * powerpc/gpio: Fix the wrong GPIO input data on MPC8572/MPC8536
    - LP: #1277722
  * ASoC: wm8731: fix dsp mode configuration
    - LP: #1277722
  * cpuidle: Check for dev before deregistering it.
    - LP: #1277722
  * iwlwifi: dvm: don't override mac80211's queue setting
    - LP: #1277722
  * um: add missing declaration of 'getrlimit()' and friends
    - LP: #1277722
  * dm: fix truncated status strings
    - LP: #1277722
  * elevator: acquire q->sysfs_lock in elevator_change()
    - LP: #1277722
  * iommu/vt-d: Fixed interaction of VFIO_IOMMU_MAP_DMA with IOMMU address
    limits
    - LP: #1277722
  * video: kyro: fix incorrect sizes when copying to userspace
    - LP: #1277722
  * Input: allow deselecting serio drivers even without CONFIG_EXPERT
    - LP: #1277722
  * Input: mousedev - allow disabling even without CONFIG_EXPERT
    - LP: #1277722
  * i2c: i801: SMBus patch for Intel Avoton DeviceIDs
    - LP: #1277722
  * HID: add quirk for Freescale i.MX23 ROM recovery
    - LP: #1277722
  * HID: hid-multitouch: add support for SiS panels
    - LP: #1277722
  * HID: roccat: fix Coverity CID 141438
    - LP: #1277722
  * HID: apple: option to swap the 'Option' ("Alt") and 'Command' ("Flag")
    keys.
    - LP: #1277722
  * 9p: send uevent after adding/removing mount_tag attribute
    - LP: #1277722
  * NFSv4 wait on recovery for async session errors
    - LP: #1277722
  * sched: Avoid throttle_cfs_rq() racing with period_timer stopping
    - LP: #1277722
  * nfs: fix do_div() warning by instead using sector_div()
    - LP: #1277722
  * dm delay: fix a possible deadlock due to shared workqueue
    - LP: #1277722
  * mac80211: don't attempt to reorder multicast frames
    - LP: #1277722
  * USB: serial: fix race in generic write
    - LP: #1277722
  * usb: gadget: composite: reset delayed_status on reset_config
    - LP: #1277722
  * usb: dwc3: fix implementation of endpoint wedge
    - LP: #1277722
  * saa7164: fix return value check in saa7164_initdev()
    - LP: #1277722
  * USB: serial: option: blacklist interface 1 for Huawei E173s-6
    - LP: #1277722
  * USB: option: support new huawei devices
    - LP: #1277722
  * USB: spcp8x5: correct handling of CS5 setting
    - LP: #1277722
  * USB: mos7840: correct handling of CS5 setting
    - LP: #1277722
  * USB: ftdi_sio: fixed handling of unsupported CSIZE setting
    - LP: #1277722
  * USB: pl2303: fixed handling of CS5 setting
    - LP: #1277722
  * USB: cdc-acm: Added support for the Lenovo RD02-D400 USB Modem
    - LP: #1277722
  * drm/radeon: fixup bad vram size on SI
    - LP: #1277722
  * usb: hub: Use correct reset for wedged USB3 devices that are
    NOTATTACHED
    - LP: #1277722
  * drivers/char/i8k.c: add Dell XPLS L421X
    - LP: #1277722
  * crypto: scatterwalk - Set the chain pointer indication bit
    - LP: #1277722
  * crypto: scatterwalk - Use sg_chain_ptr on chain entries
    - LP: #1277722
  * ARM: 7912/1: check stack pointer in get_wchan
    - LP: #1277722
  * ARM: 7913/1: fix framepointer check in unwind_frame
    - LP: #1277722
  * ALSA: memalloc.h - fix wrong truncation of dma_addr_t
    - LP: #1277722
  * dm snapshot: avoid snapshot space leak on crash
    - LP: #1277722
  * dm table: fail dm_table_create on dm_round_up overflow
    - LP: #1277722
  * x86, build, icc: Remove uninitialized_var() from compiler-intel.h
    - LP: #1277722
  * x86, efi: Don't use (U)EFI time services on 32 bit
    - LP: #1277722
  * dm bufio: initialize read-only module parameters
    - LP: #1277722
  * ARM: pxa: tosa: fix keys mapping
    - LP: #1277722
  * hwmon: (w83l786ng) Fix fan speed control mode setting and reporting
    - LP: #1277722
  * hwmon: (w83l768ng) Fix fan speed control range
    - LP: #1277722
  * hwmon: Prevent some divide by zeros in FAN_TO_REG()
    - LP: #1277722
  * futex: fix handling of read-only-mapped hugepages
    - LP: #1277722
  * KVM: Improve create VCPU parameter (CVE-2013-4587)
    - LP: #1277722
  * KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
    - LP: #1277722
  * KVM: x86: Convert vapic synchronization to _cached functions
    (CVE-2013-6368)
    - LP: #1277722
  * selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()
    - LP: #1277722
  * selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()
    - LP: #1277722
  * drivers/rtc/rtc-at91rm9200.c: correct alarm over day/month wrap
    - LP: #1277722
  * MIPS: DMA: For BMIPS5000 cores flush region just like non-coherent
    R10000
    - LP: #1277722
  * xfs: underflow bug in xfs_attrlist_by_handle()
    - LP: #1277722
  * Linux 3.5.7.28
    - LP: #1277722
  * ARM: OMAP3: hwmod data: Don't prevent RESET of USB Host module
    - LP: #1277722
  * ARM: OMAP2+: hwmod: Fix SOFTRESET logic
    - LP: #1277722
  * Input: usbtouchscreen - separate report and transmit buffer size
    handling
    - LP: #1277722
  * sc1200_wdt: Fix oops
    - LP: #1277722
  * cxd2820r_core: fix sparse warnings
    - LP: #1277722
  * staging: comedi: ssv_dnp: use comedi_dio_update_state()
    - LP: #1277722
  * staging: comedi: pcmuio: fix possible NULL deref on detach
    - LP: #1277722
  * HID: Bump maximum global item tag report size to 128 bytes
    - LP: #1277722
  * selinux: look for IPsec labels on both inbound and outbound packets
    - LP: #1277722
  * selinux: process labeled IPsec TCP SYN-ACK packets properly in
    selinux_ip_postroute()
    - LP: #1277722
  * intel_idle: enable IVB Xeon support
    - LP: #1277722
  * mm/hugetlb: check for pte NULL pointer in __page_check_address()
    - LP: #1277722
  * dm mpath: fix race condition between multipath_dtr and pg_init_done
    - LP: #1277722
  * KVM: IOMMU: hva align mapping page size
    - LP: #1277722
  * IB/qib: Convert qib_user_sdma_pin_pages() to use get_user_pages_fast()
    - LP: #1277722
  * Staging: zram: Fix access of NULL pointer
    - LP: #1277722
  * ARM: pxa: prevent PXA270 occasional reboot freezes
    - LP: #1277722
  * Staging: zram: Fix memory leak by refcount mismatch
    - LP: #1277722
  * TTY: pmac_zilog, check existence of ports in pmz_console_init()
    - LP: #1277722
  * ceph: cleanup aborted requests when re-sending requests.
    - LP: #1277722
  * ceph: wake up 'safe' waiters when unregistering request
    - LP: #1277722
  * powerpc: kvm: fix rare but potential deadlock scene
    - LP: #1277722
  * libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus
    SpinPoint M8
    - LP: #1277722
  * ext4: fix use-after-free in ext4_mb_new_blocks
    - LP: #1277722
  * ext4: check for overlapping extents in ext4_valid_extent_entries()
    - LP: #1277722
  * ext2: Fix oops in ext2_get_block() called from ext2_quota_write()
    - LP: #1277722
  * ext4: fix del_timer() misuse for ->s_err_report
    - LP: #1277722
  * usb: cdc-wdm: manage_power should always set needs_remote_wakeup
    - LP: #1277722
  * scripts/link-vmlinux.sh: only filter kernel symbols for arm
    - LP: #1277722
  * xhci: Limit the spurious wakeup fix only to HP machines
    - LP: #1277722
  * drm/i915: don't update the dri1 breadcrumb with modesetting
    - LP: #1277722
  * iscsi-target: Fix-up all zero data-length CDBs with R/W_BIT set
    - LP: #1277722
  * drm/radeon: Fix sideport problems on certain RS690 boards
    - LP: #1277722
  * ALSA: hda - Add enable_msi=0 workaround for four HP machines
    - LP: #1260225, #1277722
  * gpio: msm: Fix irq mask/unmask by writing bits instead of numbers
    - LP: #1277722
  * radiotap: fix bitmap-end-finding buffer overrun
    - LP: #1277722
  * ftrace: Initialize the ftrace profiler for each possible cpu
    - LP: #1277722
  * libata: disable a disk via libata.force params
    - LP: #1277722
  * drm/edid: add quirk for BPC in Samsung NP700G7A-S01PL notebook
    - LP: #1277722
  * sched/rt: Fix rq's cpupri leak while enqueue/dequeue child RT entities
    - LP: #1277722
  * ALSA: Add SNDRV_PCM_STATE_PAUSED case in wait_for_avail function
    - LP: #1277722
  * rtlwifi: pci: Fix oops on driver unload
    - LP: #1277722
  * ath9k: Fix interrupt handling for the AR9002 family
    - LP: #1277722
  * cpupower: Fix segfault due to incorrect getopt_long arugments
    - LP: #1277722
  * iio:adc:ad7887 Fix channel reported endianness from cpu to big endian
    - LP: #1277722
  * ASoC: wm8904: fix DSP mode B configuration
    - LP: #1277722
  * net_dma: mark broken
    - LP: #1277722
  * dm9601: fix reception of full size ethernet frames on dm9620/dm9621a
    - LP: #1277722
  * dm9601: work around tx fifo sync issue on dm962x
    - LP: #1277722
  * libata, freezer: avoid block device removal while system is frozen
    - LP: #1277722
  * drm/radeon: fix asic gfx values for scrapper asics
    - LP: #1277722
  * ext4: add explicit casts when masking cluster sizes
    - LP: #1277722
  * drm/radeon: 0x9649 is SUMO2 not SUMO
    - LP: #1277722
  * selinux: fix broken peer recv check
    - LP: #1277722
  * selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()
    - LP: #1277722
  * powerpc: Fix bad stack check in exception entry
    - LP: #1277722
  * ARM: fix "bad mode in ... handler" message for undefined instructions
    - LP: #1277722
  * ath9k_htc: properly set MAC address and BSSID mask
    - LP: #1277722
  * powerpc: Align p_end
    - LP: #1277722
  * Input: allocate absinfo data when setting ABS capability
    - LP: #1277722
  * GFS2: don't hold s_umount over blkdev_put
    - LP: #1277722
  * GFS2: Fix incorrect invalidation for DIO/buffered I/O
    - LP: #1277722
  * jbd2: don't BUG but return ENOSPC if a handle runs out of space
    - LP: #1277722
  * sh: always link in helper functions extracted from libgcc
    - LP: #1277722
  * ceph: Avoid data inconsistency due to d-cache aliasing in readpage()
    - LP: #1277722
  * mm: ensure get_unmapped_area() returns higher address than
    mmap_min_addr
    - LP: #1277722
  * ftrace: Check module functions being traced on reload
    - LP: #1277722
  * sched: Fix race on toggling cfs_bandwidth_used
    - LP: #1277722
  * sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining
    - LP: #1277722
  * sched: Fix hrtimer_cancel()/rq->lock deadlock
    - LP: #1277722
  * sched: Guarantee new group-entities always have weight
    - LP: #1277722
  * net: do not pretend FRAGLIST support
    - LP: #1277722
  * rds: prevent BUG_ON triggered on congestion update to loopback
    - LP: #1277722
  * macvtap: Do not double-count received packets
    - LP: #1277722
  * macvtap: update file current position
    - LP: #1277722
  * tun: update file current position
    - LP: #1277722
  * macvtap: signal truncated packets
    - LP: #1277722
  * ipv6: don't count addrconf generated routes against gc limit
    - LP: #1277722
  * net: drop_monitor: fix the value of maxattr
    - LP: #1277722
  * net: unix: allow set_peek_off to fail
    - LP: #1277722
  * tg3: Initialize REG_BASE_ADDR at PCI config offset 120 to 0
    - LP: #1277722
  * netvsc: don't flush peers notifying work during setting mtu
    - LP: #1277722
  * net: unix: allow bind to fail on mutex lock
    - LP: #1277722
  * net: inet_diag: zero out uninitialized idiag_{src,dst} fields
    - LP: #1277722
  * drivers/net/hamradio: Integer overflow in hdlcdrv_ioctl()
    - LP: #1277722
  * hamradio/yam: fix info leak in ioctl
    - LP: #1277722
  * rds: prevent dereference of a NULL device
    - LP: #1277722
  * net: rose: restore old recvmsg behavior
    - LP: #1277722
  * vlan: Fix header ops passthru when doing TX VLAN offload.
    - LP: #1277722
  * net: llc: fix use after free in llc_ui_recvmsg
    - LP: #1277722
  * bridge: use spin_lock_bh() in br_multicast_set_hash_max
    - LP: #1277722
  * x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround
    - LP: #1277722
  * mac80211: move "bufferable MMPDU" check to fix AP mode scan
    - LP: #1277722
  * SELinux: Fix possible NULL pointer dereference in
    selinux_inode_permission()
    - LP: #1277722
  * Linux 3.5.7.29
    - LP: #1277722
  * ext4: fix deadlock when writing in ENOSPC conditions
    - LP: #1281791
  * writeback: Fix data corruption on NFS
    - LP: #1281791
  * md/raid5: Fix possible confusion when multiple write errors occur.
    - LP: #1281791
  * md/raid10: fix two bugs in handling of known-bad-blocks.
    - LP: #1281791
  * md/raid10: fix bug when raid10 recovery fails to recover a block.
    - LP: #1281791
  * hwmon: (coretemp) Fix truncated name of alarm attributes
    - LP: #1281791
  * nilfs2: fix segctor bug that causes file system corruption
    - LP: #1281791
  * mm: fix crash when using XFS on loopback
    - LP: #1281791
  * vfs: In d_path don't call d_dname on a mount point
    - LP: #1281791
  * perf/x86/amd/ibs: Fix waking up from S3 for AMD family 10h
    - LP: #1281791
  * staging: comedi: 8255_pci: fix for newer PCI-DIO48H
    - LP: #1281791
  * mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate
    successfully
    - LP: #1281791
  * serial: amba-pl011: use port lock to guard control register access
    - LP: #1281791
  * rtlwifi: rtl8192cu: Fix W=1 build warning
    - LP: #1281791
  * rtlwifi: rtl8192cu: Add new firmware
    - LP: #1281791
  * rtlwifi: Set the link state
    - LP: #1281791
  * rtlwifi: rtl8192c: Add new definitions in the dm_common header
    - LP: #1281791
  * rtlwifi: rtl8192cu: Fix some code in RF handling
    - LP: #1281791
  * NFSv4: OPEN must handle the NFS4ERR_IO return code correctly
    - LP: #1281791
  * parport: parport_pc: remove double PCI ID for NetMos
    - LP: #1281791
  * staging: vt6656: [BUG] BBvUpdatePreEDThreshold Always set sensitivity
    on bScanning
    - LP: #1281791
  * bfa: Chinook quad port 16G FC HBA claim issue
    - LP: #1281791
  * usb: option: add new zte 3g modem pids to option driver
    - LP: #1281791
  * dib8000: make 32 bits read atomic
    - LP: #1281791
  * serial: add support for 200 v3 series Titan card
    - LP: #1281791
  * usb: xhci: Check for XHCI_PLAT in xhci_cleanup_msix()
    - LP: #1281791
  * x86/efi: Fix off-by-one bug in EFI Boot Services reservation
    - LP: #1281791
  * perf kvm: Fix kvm report without guestmount.
    - LP: #1281791
  * mtd: mxc_nand: remove duplicated ecc_stats counting
    - LP: #1281791
  * xen/pvhvm: If xen_platform_pci=0 is set don't blow up (v4).
    - LP: #1281791
  * USB: serial: add support for iBall 3.5G connect usb modem
    - LP: #1281791
  * USB: Nokia 502 is an unusual device
    - LP: #1281791
  * USB: cypress_m8: fix ring-indicator detection and reporting
    - LP: #1281791
  * ALSA: rme9652: fix a missing comma in channel_map_9636_ds[]
    - LP: #1281791
  * sunrpc: Fix infinite loop in RPC state machine
    - LP: #1281791
  * dm thin: initialize dm_thin_new_mapping returned by get_next_mapping
    - LP: #1281791
  * SELinux: Fix memory leak upon loading policy
    - LP: #1281791
  * drm/radeon: warn users when hw_i2c is enabled (v2)
    - LP: #1281791
  * USB: ftdi_sio: added CS5 quirk for broken smartcard readers
    - LP: #1281791
  * serial: 8250: enable UART_BUG_NOMSR for Tegra
    - LP: #1281791
  * dm: wait until embedded kobject is released before destroying a device
    - LP: #1281791
  * dm space map common: make sure new space is used during extend
    - LP: #1281791
  * ASoC: adau1701: Fix ADAU1701_SEROCTL_WORD_LEN_16 constant
    - LP: #1281791
  * radeon/pm: Guard access to rdev->pm.power_state array
    - LP: #1281791
  * drm/radeon: skip colorbuffer checking if COLOR_INFO.FORMAT is set to
    INVALID
    - LP: #1281791
  * staging: r8712u: Set device type to wlan
    - LP: #1281791
  * ALSA: Enable CONFIG_ZONE_DMA for smaller PCI DMA masks
    - LP: #1281791
  * mmc: atmel-mci: fix timeout errors in SDIO mode when using DMA
    - LP: #1281791
  * rtlwifi: rtl8192cu: Add new device ID
    - LP: #1281791
  * mwifiex: add missing endian conversion for fw_tsf
    - LP: #1281791
  * b43: Fix lockdep splat
    - LP: #1281791
  * b43: Fix unload oops if firmware is not available
    - LP: #1281791
  * b43legacy: Fix unload oops if firmware is not available
    - LP: #1281791
  * nfs4.1: properly handle ENOTSUP in SECINFO_NO_NAME
    - LP: #1281791
  * audit: correct a type mismatch in audit_syscall_exit()
    - LP: #1281791
  * md/raid5: fix long-standing problem with bitmap handling on write
    failure.
    - LP: #1281791
  * drm/radeon: set the full cache bit for fences on r7xx+
    - LP: #1281791
  * hp_accel: Add a new PnP ID HPQ6007 for new HP laptops
    - LP: #1281791
  * intel-iommu: fix off-by-one in pagetable freeing
    - LP: #1281791
  * fuse: fix pipe_buf_operations
    - LP: #1281791
  * drm/cirrus: correct register values for 16bpp
    - LP: #1281791
  * IB/qib: Fix QP check when looping back to/from QP1
    - LP: #1281791
  * ore: Fix wrong math in allocation of per device BIO
    - LP: #1281791
  * b43: fix the wrong assignment of status.freq in b43_rx()
    - LP: #1281791
  * KVM: PPC: e500: Fix bad address type in deliver_tlb_misss()
    - LP: #1281791
  * Btrfs: handle EAGAIN case properly in btrfs_drop_snapshot()
    - LP: #1281791
  * ACPI / init: Flag use of ACPI and ACPI idioms for power supplies to
    regulator API
    - LP: #1281791
  * powerpc: Make sure "cache" directory is removed when offlining cpu
    - LP: #1281791
  * drm/radeon/DCE4+: clear bios scratch dpms bit (v2)
    - LP: #1281791
  * mm/page-writeback.c: fix dirty_balance_reserve subtraction from
    dirtyable memory
    - LP: #1281791
  * target/iscsi: Fix network portal creation race
    - LP: #1281791
  * mm, oom: base root bonus on current usage
    - LP: #1281791
  * x86, x32: Correct invalid use of user timespec in the kernel
    - LP: #1281791
  * alpha: fix broken network checksum
    - LP: #1281791
  * ARM: at91: smc: bug fix in sam9_smc_cs_read()
    - LP: #1281791
  * KVM: s390: fix diagnose code extraction
    - LP: #1281791
  * e752x_edac: Fix pci_dev usage count
    - LP: #1281791
  * lib/decompressors: fix "no limit" output buffer length
    - LP: #1281791
  * bnx2x: fix DMA unmapping of TSO split BDs
    - LP: #1281791
  * inet_diag: fix inet_diag_dump_icsk() timewait socket state logic
    - LP: #1281791
  * net: avoid reference counter overflows on fib_rules in multicast
    forwarding
    - LP: #1281791
  * net,via-rhine: Fix tx_timeout handling
    - LP: #1281791
  * mm: hugetlbfs: fix hugetlbfs optimization
    - LP: #1281791
  * usb: core: get config and string descriptors for unauthorized devices
    - LP: #1281791
  * tty/serial: at91: Handle shutdown more safely
    - LP: #1281791
  * slub: Fix calculation of cpu slabs
    - LP: #1281791
  * turbostat: Use GCC's CPUID functions to support PIC
    - LP: #1281791
  * Linux 3.5.7.30
    - LP: #1281791
 -- Brad Figg <brad.figg@xxxxxxxxxxxxx>   Mon, 10 Feb 2014 09:51:32 -0800

** Changed in: linux (Ubuntu Quantal)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4587

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6367

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1270237

Title:
  prevent the conntrack table from filling up in the kernel

Status in “linux” package in Ubuntu:
  Fix Released
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux” source package in Precise:
  Fix Released
Status in “linux-lts-raring” source package in Precise:
  Fix Committed
Status in “linux” source package in Quantal:
  Fix Released
Status in “linux-lts-raring” source package in Quantal:
  Invalid
Status in “linux” source package in Raring:
  Invalid
Status in “linux-lts-raring” source package in Raring:
  Invalid

Bug description:
  [Impact]
  When running a server for an extended amount of time the conntrack table can fill up.
  Here is the netfilter discussion: http://www.spinics.net/lists/netfilter-devel/msg26759.html

  [Fix]
  https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6547a221871f139cc56328a38105d47c14874cbe

  Present in 3.11 >

  [Test Case]
  From the patch:
  When loose tracking is enabled (default), non-syn packets cause
  creation of new conntracks in established state with default timeout for
  established state (5 days).  This causes the table to fill up with UNREPLIED
  when the 'new ack' packet happened to be the last-ack of a previous,
  already timed-out connection.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1270237/+subscriptions


References