← Back to team overview

kernel-packages team mailing list archive

[Bug 1316735] Re: CVE-2014-1738

 

This bug was fixed in the package linux-lts-quantal -
3.5.0-51.76~precise1

---------------
linux-lts-quantal (3.5.0-51.76~precise1) precise; urgency=low

  [ Brad Figg ]

  * Revert "rtlwifi: Set the link state"

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - re-used previous tracking bug

linux (3.5.0-51.75) quantal; urgency=low

  [ Kamal Mostafa ]

  * Merged back Ubuntu-3.5.0-49.74 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1317333

  [ Upstream Kernel Changes ]

  * ipv6: don't set DST_NOCOUNT for remotely added routes
    - LP: #1293726
    - CVE-2014-2309
  * vhost: fix total length when packets are too short
    - LP: #1312984
    - CVE-2014-0077
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

linux (3.5.0-50.74) quantal; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1313852

  [ Upstream Kernel Changes ]

  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * vhost: validate vhost_get_vq_desc return value
    - LP: #1298117
    - CVE-2014-0055
  * netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
    - LP: #1295090
    - CVE-2014-2523
  * ALSA: oxygen: Xonar DG(X): capture from I2S channel 1, not 2
    - LP: #1310783
  * ALSA: oxygen: Xonar DG(X): modify DAC routing
    - LP: #1310783
  * mac80211: fix AP powersave TX vs. wakeup race
    - LP: #1310783
  * iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when assoc fails
    - LP: #1310783
  * ath9k: protect tid->sched check
    - LP: #1310783
  * ath9k: Fix ETSI compliance for AR9462 2.0
    - LP: #1310783
  * genirq: Remove racy waitqueue_active check
    - LP: #1310783
  * sched: Fix double normalization of vruntime
    - LP: #1310783
  * cpuset: fix a race condition in __cpuset_node_allowed_softwall()
    - LP: #1310783
  * firewire: net: fix use after free
    - LP: #1310783
  * mwifiex: do not advertise usb autosuspend support
    - LP: #1310783
  * NFS: Fix a delegation callback race
    - LP: #1310783
  * can: flexcan: fix shutdown: first disable chip, then all interrupts
    - LP: #1310783
  * can: flexcan: flexcan_open(): fix error path if flexcan_chip_start()
    fails
    - LP: #1310783
  * tracing: Do not add event files for modules that fail tracepoints
    - LP: #1310783
  * ocfs2: fix quota file corruption
    - LP: #1310783
  * rapidio/tsi721: fix tasklet termination in dma channel release
    - LP: #1310783
  * ALSA: usb-audio: Add quirk for Logitech Webcam C500
    - LP: #1310783
  * drm/radeon: TTM must be init with cpu-visible VRAM, v2
    - LP: #1310783
  * drm/radeon/atom: select the proper number of lanes in transmitter setup
    - LP: #1310783
  * powerpc: Align p_dyn, p_rela and p_st symbols
    - LP: #1310783
  * libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus
    SpinPoint M8 (2BA30001)
    - LP: #1310783
  * usb: Add device quirk for Logitech HD Pro Webcams C920 and C930e
    - LP: #1310783
  * usb: Make DELAY_INIT quirk wait 100ms between Get Configuration
    requests
    - LP: #1310783
  * ARM: 7991/1: sa1100: fix compile problem on Collie
    - LP: #1310783
  * firewire: don't use PREPARE_DELAYED_WORK
    - LP: #1310783
  * x86: Ignore NMIs that come in during early boot
    - LP: #1310783
  * x86: fix compile error due to X86_TRAP_NMI use in asm files
    - LP: #1310783
  * virtio-net: alloc big buffers also when guest can receive UFO
    - LP: #1310783
  * tg3: Don't check undefined error bits in RXBD
    - LP: #1310783
  * net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
    - LP: #1310783
  * usb: dwc3: add support for Merrifield
    - LP: #1310783
  * mac80211: clear sequence/fragment number in QoS-null frames
    - LP: #1310783
  * mwifiex: copy AP's HT capability info correctly
    - LP: #1310783
  * net: unix socket code abuses csum_partial
    - LP: #1310783
  * ibmveth: Fix endian issues with MAC addresses
    - LP: #1310783
  * [SCSI] isci: fix reset timeout handling
    - LP: #1310783
  * [SCSI] isci: correct erroneous for_each_isci_host macro
    - LP: #1310783
  * [SCSI] qla2xxx: Poll during initialization for ISP25xx and ISP83xx
    - LP: #1310783
  * ocfs2 syncs the wrong range...
    - LP: #1310783
  * fs/proc/base.c: fix GPF in /proc/$PID/map_files
    - LP: #1310783
  * vmxnet3: fix netpoll race condition
    - LP: #1310783
  * [SCSI] storvsc: NULL pointer dereference fix
    - LP: #1310783
  * PCI: Enable INTx in pci_reenable_device() only when MSI/MSI-X not
    enabled
    - LP: #1310783
  * KVM: SVM: fix cr8 intercept window
    - LP: #1310783
  * drm/ttm: don't oops if no invalidate_caches()
    - LP: #1310783
  * vmxnet3: fix building without CONFIG_PCI_MSI
    - LP: #1310783
  * x86/amd/numa: Fix northbridge quirk to assign correct NUMA node
    - LP: #1310783
  * Btrfs: fix data corruption when reading/updating compressed extents
    - LP: #1310783
  * jiffies: Avoid undefined behavior from signed overflow
    - LP: #1310783
  * ALSA: compress: Pass through return value of open ops callback
    - LP: #1310783
  * acpi-cpufreq: set current frequency based on target P-State
    - LP: #1310783
  * hpfs: deadlock and race in directory lseek()
    - LP: #1310783
  * intel_idle: Check cpu_idle_get_driver() for NULL before dereferencing
    it.
    - LP: #1310783
  * ipc/msg: fix race around refcount
    - LP: #1310783
  * Input: synaptics - add manual min/max quirk
    - LP: #1310783
  * Input: synaptics - add manual min/max quirk for ThinkPad X240
    - LP: #1310783
  * x86: fix boot on uniprocessor systems
    - LP: #1310783
  * staging: speakup: Prefix externally-visible symbols
    - LP: #1310783
  * ext4: atomically set inode->i_flags in ext4_set_inode_flags()
    - LP: #1310783
  * deb-pkg: Fix cross-building linux-headers package
    - LP: #1310783
  * x86: bpf_jit: support negative offsets
    - LP: #1310783
  * p54: clamp properly instead of just truncating
    - LP: #1310783
  * ALSA: hda/realtek - Avoid invalid COEFs for ALC271X
    - LP: #1310783
  * of: Fix address decoding on Bimini and js2x machines
    - LP: #1310783
  * of: fix PCI bus match for PCIe slots
    - LP: #1310783
  * libata: disable LPM for some WD SATA-I devices
    - LP: #1310783
  * mmc: sdhci: fix lockdep error in tuning routine
    - LP: #1310783
  * usb: ehci: add freescale imx28 special write register method
    - LP: #1310783
  * USB: pl2303: fix data corruption on termios updates
    - LP: #1310783
  * Linux 3.5.7.33
    - LP: #1310783
  * net: ipv4: current group_info should be put after using.
    - CVE-2014-2851
 -- Kamal Mostafa <kamal@xxxxxxxxxxxxx>   Fri, 16 May 2014 09:12:33 -0700

** Changed in: linux-lts-raring (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1316735

Title:
  CVE-2014-1738

Status in “linux” package in Ubuntu:
  Fix Committed
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  New
Status in “linux-lts-backport-natty” package in Ubuntu:
  New
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  Fix Released
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  Fix Released
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  New
Status in “linux-lts-backport-natty” source package in Lucid:
  New
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-lts-saucy” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Fix Released
Status in “linux-armadaxp” source package in Precise:
  Fix Released
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  New
Status in “linux-lts-backport-natty” source package in Precise:
  New
Status in “linux-lts-quantal” source package in Precise:
  Fix Released
Status in “linux-lts-raring” source package in Precise:
  Fix Released
Status in “linux-lts-saucy” source package in Precise:
  Fix Released
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  Fix Committed
Status in “linux-lts-backport-maverick” source package in Quantal:
  New
Status in “linux-lts-backport-natty” source package in Quantal:
  New
Status in “linux” source package in Saucy:
  Fix Committed
Status in “linux-armadaxp” source package in Saucy:
  Invalid
Status in “linux-ec2” source package in Saucy:
  Invalid
Status in “linux-fsl-imx51” source package in Saucy:
  Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
  New
Status in “linux-lts-backport-natty” source package in Saucy:
  New
Status in “linux-lts-quantal” source package in Saucy:
  Invalid
Status in “linux-lts-raring” source package in Saucy:
  Invalid
Status in “linux-lts-saucy” source package in Saucy:
  Invalid
Status in “linux-mvl-dove” source package in Saucy:
  Invalid
Status in “linux-ti-omap4” source package in Saucy:
  Fix Committed
Status in “linux” source package in Trusty:
  Fix Committed
Status in “linux-armadaxp” source package in Trusty:
  Invalid
Status in “linux-ec2” source package in Trusty:
  Invalid
Status in “linux-fsl-imx51” source package in Trusty:
  Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
  New
Status in “linux-lts-backport-natty” source package in Trusty:
  New
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid
Status in “linux-mvl-dove” source package in Trusty:
  Invalid
Status in “linux-ti-omap4” source package in Trusty:
  Invalid
Status in “linux” source package in Utopic:
  Fix Committed
Status in “linux-armadaxp” source package in Utopic:
  Invalid
Status in “linux-ec2” source package in Utopic:
  Invalid
Status in “linux-fsl-imx51” source package in Utopic:
  Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
  New
Status in “linux-lts-backport-natty” source package in Utopic:
  New
Status in “linux-lts-quantal” source package in Utopic:
  Invalid
Status in “linux-lts-raring” source package in Utopic:
  Invalid
Status in “linux-lts-saucy” source package in Utopic:
  Invalid
Status in “linux-mvl-dove” source package in Utopic:
  Invalid
Status in “linux-ti-omap4” source package in Utopic:
  Invalid

Bug description:
  The raw_cmd_copyout function in drivers/block/floppy.c in the Linux
  kernel through 3.14.3 does not properly restrict access to certain
  pointers during processing of an FDRAWCMD ioctl call, which allows
  local users to obtain sensitive information from kernel heap memory by
  leveraging write access to a /dev/fd device.

  Break-Fix: - 2145e15e0557a01b9195d1c7199a1b92cb9be81f

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1316735/+subscriptions


References