kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #62777
[Bug 1302222] Re: CVE-2014-2678
This bug was fixed in the package linux-lts-saucy -
3.11.0-22.38~precise1
---------------
linux-lts-saucy (3.11.0-22.38~precise1) precise; urgency=low
[ Brad Figg ]
* Revert "rtlwifi: Set the link state"
[ Kamal Mostafa ]
* Release Tracking Bug
- re-used previous tracking bug
linux (3.11.0-22.37) saucy; urgency=low
[ Kamal Mostafa ]
* Merged back Ubuntu-3.11.0-20.35 security release
* Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
- LP: #1314762
* Release Tracking Bug
- LP: #1317369
[ Tim Gardner ]
* [Config] d-i -- add virtio_scsi to virtio-modules
- LP: #1315462
[ Upstream Kernel Changes ]
* n_tty: Fix n_tty_write crash when echoing in raw mode
- LP: #1314762
- CVE-2014-0196
* floppy: ignore kernel-only members in FDRAWCMD ioctl input
- LP: #1316729
- CVE-2014-1737
* floppy: don't write kernel-only members to FDRAWCMD ioctl output
- LP: #1316735
- CVE-2014-1738
linux (3.11.0-21.35) saucy; urgency=low
[ Joseph Salisbury ]
* Release Tracking Bug
- LP: #1313831
[ Upstream Kernel Changes ]
* Revert "sparc64: Fix __copy_{to,from}_user_inatomic defines."
- LP: #1311196
* rds: prevent dereference of a NULL device in rds_iw_laddr_check
- LP: #1302222
- CVE-2014-2678
* ALSA: oxygen: Xonar DG(X): capture from I2S channel 1, not 2
- LP: #1311196
* ALSA: oxygen: Xonar DG(X): modify DAC routing
- LP: #1311196
* jiffies: Avoid undefined behavior from signed overflow
- LP: #1311196
* mac80211: send control port protocol frames to the VO queue
- LP: #1311196
* mac80211: fix AP powersave TX vs. wakeup race
- LP: #1311196
* iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when assoc fails
- LP: #1311196
* mwifiex: clean pcie ring only when device is present
- LP: #1311196
* mwifiex: add NULL check for PCIe Rx skb
- LP: #1311196
* mwifiex: fix cmd and Tx data timeout issue for PCIe cards
- LP: #1311196
* ath9k: protect tid->sched check
- LP: #1311196
* ath9k: Fix ETSI compliance for AR9462 2.0
- LP: #1311196
* mac80211: don't validate unchanged AP bandwidth while tracking
- LP: #1311196
* regulator: core: Replace direct ops->enable usage
- LP: #1311196
* regulator: core: Replace direct ops->disable usage
- LP: #1311196
* iwlwifi: mvm: change of listen interval from 70 to 10
- LP: #1311196
* iwlwifi: fix TX status for aggregated packets
- LP: #1311196
* genirq: Remove racy waitqueue_active check
- LP: #1311196
* sched: Fix double normalization of vruntime
- LP: #1311196
* cpuset: fix a locking issue in cpuset_migrate_mm()
- LP: #1311196
* cpuset: fix a race condition in __cpuset_node_allowed_softwall()
- LP: #1311196
* mac80211: fix association to 20/40 MHz VHT networks
- LP: #1311196
* firewire: net: fix use after free
- LP: #1311196
* mwifiex: do not advertise usb autosuspend support
- LP: #1311196
* ACPI / resources: ignore invalid ACPI device resources
- LP: #1311196
* NFS: Fix a delegation callback race
- LP: #1311196
* spi: spi-ath79: fix initial GPIO CS line setup
- LP: #1311196
* ALSA: hda - Added inverted digital-mic handling for Acer TravelMate
8371
- LP: #1311196
* drm/i915: fix pch pci device enumeration
- LP: #1311196
* can: flexcan: fix shutdown: first disable chip, then all interrupts
- LP: #1311196
* can: flexcan: flexcan_open(): fix error path if flexcan_chip_start()
fails
- LP: #1311196
* can: flexcan: Check the return value from clk_prepare_enable()
- LP: #1311196
* can: flexcan: fix transition from and to low power mode in
chip_{en,dis}able
- LP: #1311196
* can: flexcan: factor out transceiver {en,dis}able into seperate
functions
- LP: #1311196
* can: flexcan: fix transition from and to freeze mode in
chip_{,un}freeze
- LP: #1311196
* drm/i915: vlv: reserve GT power context early
- LP: #1311196
* drm/i915: Reject >165MHz modes w/ DVI monitors
- LP: #1311196
* tracing: Do not add event files for modules that fail tracepoints
- LP: #1311196
* mm: include VM_MIXEDMAP flag in the VM_SPECIAL list to avoid
m(un)locking
- LP: #1311196
* ocfs2: fix quota file corruption
- LP: #1311196
* zram: avoid null access when fail to alloc meta
- LP: #1311196
* rapidio/tsi721: fix tasklet termination in dma channel release
- LP: #1311196
* iscsi-target: Fix iscsit_get_tpg_from_np tpg_state bug
- LP: #1311196
* iscsi-target: Perform release of acknowledged tags from RX context
- LP: #1311196
* iscsi/iser-target: Use list_del_init for ->i_conn_node
- LP: #1311196
* pinctrl: sunxi: use chained_irq_{enter, exit} for GIC compatibility
- LP: #1311196
* ALSA: hda - Add missing loopback merge path for AD1884/1984 codecs
- LP: #1311196
* ALSA: usb-audio: Add quirk for Logitech Webcam C500
- LP: #1311196
* NFSv4: nfs4_stateid_is_current should return 'true' for an invalid
stateid
- LP: #1311196
* ACPI / EC: Fix incorrect placement of __initdata
- LP: #1311196
* firewire: ohci: beautify some macro definitions
- LP: #1311196
* firewire: ohci: fix probe failure with Agere/LSI controllers
- LP: #1311196
* drm/radeon: TTM must be init with cpu-visible VRAM, v2
- LP: #1311196
* drm/radeon/dpm: fix typo in EVERGREEN_SMC_FIRMWARE_HEADER_softRegisters
- LP: #1311196
* drm/radeon/atom: select the proper number of lanes in transmitter setup
- LP: #1311196
* powerpc/tm: Fix crash when forking inside a transaction
- LP: #1311196
* powerpc: Align p_dyn, p_rela and p_st symbols
- LP: #1311196
* firewire: don't use PREPARE_DELAYED_WORK
- LP: #1311196
* libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus
SpinPoint M8 (2BA30001)
- LP: #1311196
* usb: Add device quirk for Logitech HD Pro Webcams C920 and C930e
- LP: #1311196
* usb: Make DELAY_INIT quirk wait 100ms between Get Configuration
requests
- LP: #1311196
* ARM: fix noMMU kallsyms symbol filtering
- LP: #1311196
* ARM: 7991/1: sa1100: fix compile problem on Collie
- LP: #1311196
* x86: Ignore NMIs that come in during early boot
- LP: #1311196
* x86: fix compile error due to X86_TRAP_NMI use in asm files
- LP: #1311196
* drm/radeon: re-order firmware loading in preparation for dpm rework
- LP: #1311196
* net-tcp: fastopen: fix high order allocations
- LP: #1311196
* neigh: recompute reachabletime before returning from
neigh_periodic_work()
- LP: #1311196
* virtio-net: alloc big buffers also when guest can receive UFO
- LP: #1311196
* ipv6: reuse ip6_frag_id from ip6_ufo_append_data
- LP: #1311196
* sfc: check for NULL efx->ptp_data in efx_ptp_event
- LP: #1311196
* ipv6: ipv6_find_hdr restore prev functionality
- LP: #1311196
* tg3: Don't check undefined error bits in RXBD
- LP: #1311196
* net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
- LP: #1311196
* s390/dasd: hold request queue sysfs lock when calling elevator_init()
- LP: #1311196
* iwlwifi: mvm: don't WARN when statistics are handled late
- LP: #1311196
* mac80211: clear sequence/fragment number in QoS-null frames
- LP: #1311196
* mwifiex: copy AP's HT capability info correctly
- LP: #1311196
* mwifiex: save and copy AP's VHT capability info correctly
- LP: #1311196
* net: unix socket code abuses csum_partial
- LP: #1311196
* ibmveth: Fix endian issues with MAC addresses
- LP: #1311196
* [SCSI] isci: fix reset timeout handling
- LP: #1311196
* [SCSI] isci: correct erroneous for_each_isci_host macro
- LP: #1311196
* [SCSI] qla2xxx: Poll during initialization for ISP25xx and ISP83xx
- LP: #1311196
* ocfs2 syncs the wrong range...
- LP: #1311196
* mm/compaction: break out of loop on !PageBuddy in
isolate_freepages_block
- LP: #1311196
* fs/proc/base.c: fix GPF in /proc/$PID/map_files
- LP: #1311196
* vmxnet3: fix netpoll race condition
- LP: #1311196
* [SCSI] storvsc: NULL pointer dereference fix
- LP: #1311196
* PCI: Enable INTx in pci_reenable_device() only when MSI/MSI-X not
enabled
- LP: #1311196
* KVM: SVM: fix cr8 intercept window
- LP: #1311196
* dm cache: fix truncation bug when copying a block to/from >2TB fast
device
- LP: #1311196
* dm cache: fix access beyond end of origin device
- LP: #1311196
* drm/ttm: don't oops if no invalidate_caches()
- LP: #1311196
* drm/radeon/cik: properly set sdma ring status on disable
- LP: #1311196
* drm/radeon/cik: stop the sdma engines in the enable() function
- LP: #1311196
* drm/radeon/cik: properly set compute ring status on disable
- LP: #1311196
* vmxnet3: fix building without CONFIG_PCI_MSI
- LP: #1311196
* ACPI / sleep: Add extra checks for HW Reduced ACPI mode sleep states
- LP: #1311196
* i2c: Remove usage of orphaned symbol OF_I2C
- LP: #1311196
* x86/amd/numa: Fix northbridge quirk to assign correct NUMA node
- LP: #1311196
* ipc: Fix 2 bugs in msgrcv() MSG_COPY implementation
- LP: #1311196
* MIPS: include linux/types.h
- LP: #1311196
* iwlwifi: disable TX AMPDU by default for iwldvm
- LP: #1311196
* ARM: 7864/1: Handle 64-bit memory in case of 32-bit phys_addr_t
- LP: #1311196
* ARM: ignore memory below PHYS_OFFSET
- LP: #1311196
* iscsi/iser-target: Fix isert_conn->state hung shutdown issues
- LP: #1311196
* iser-target: Fix post_send_buf_count for RDMA READ/WRITE
- LP: #1311196
* memcg: reparent charges of children before processing parent
- LP: #1311196
* PNP / ACPI: proper handling of ACPI IO/Memory resource parsing failures
- LP: #1311196
* Btrfs: fix data corruption when reading/updating compressed extents
- LP: #1311196
* x86, fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU
- LP: #1311196
* Fix mountpoint reference leakage in linkat
- LP: #1311196
* clocksource: vf_pit_timer: use complement for sched_clock reading
- LP: #1311196
* drm/i915: Disable stolen memory when DMAR is active
- LP: #1311196
* ALSA: compress: Pass through return value of open ops callback
- LP: #1311196
* tracing: Fix array size mismatch in format string
- LP: #1311196
* net: davinci_emac: Replace devm_request_irq with request_irq
- LP: #1311196
* printk: fix syslog() overflowing user buffer
- LP: #1311196
* i2c: cpm: Fix build by adding of_address.h and of_irq.h
- LP: #1311196
* net: mvneta: rename MVNETA_GMAC2_PSC_ENABLE to MVNETA_GMAC2_PCS_ENABLE
- LP: #1311196
* net: mvneta: fix usage as a module on RGMII configurations
- LP: #1311196
* Input: synaptics - add manual min/max quirk
- LP: #1311196
* Input: synaptics - add manual min/max quirk for ThinkPad X240
- LP: #1311196
* x86: fix boot on uniprocessor systems
- LP: #1311196
* Input: mousedev - fix race when creating mixed device
- LP: #1311196
* ext4: atomically set inode->i_flags in ext4_set_inode_flags()
- LP: #1311196
* libceph: rename ceph_msg::front_max to front_alloc_len
- LP: #1311196
* libceph: rename front to front_len in get_reply()
- LP: #1311196
* libceph: fix preallocation check in get_reply()
- LP: #1311196
* ASoC: max98090: make REVISION_ID readable
- LP: #1311196
* libceph: block I/O when PAUSE or FULL osd map flags are set
- LP: #1311196
* libceph: resend all writes after the osdmap loses the full flag
- LP: #1311196
* [media] cxusb: unlock on error in cxusb_i2c_xfer()
- LP: #1311196
* [media] cx18: check for allocation failure in cx18_read_eeprom()
- LP: #1311196
* [media] dw2102: some missing unlocks on error
- LP: #1311196
* deb-pkg: Fix cross-building linux-headers package
- LP: #1311196
* p54: clamp properly instead of just truncating
- LP: #1311196
* x86: bpf_jit: support negative offsets
- LP: #1311196
* KVM: x86: handle invalid root_hpa everywhere
- LP: #1311196
* can: flexcan: flexcan_remove(): add missing netif_napi_del()
- LP: #1311196
* mmc: sdhci: fix lockdep error in tuning routine
- LP: #1311196
* HID:hid-lg4ff: Initialize device properties before we touch
autocentering.
- LP: #1311196
* Linux 3.11.10.7
- LP: #1311196
* Input: cypress_ps2 - don't report as a button pads
- LP: #1311196
* netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
- LP: #1311196
* cpufreq: Fix timer/workqueue corruption due to double queueing
- LP: #1311196
* futex: Allow architectures to skip futex_atomic_cmpxchg_inatomic() test
- LP: #1311196
* m68k: Skip futex_atomic_cmpxchg_inatomic() test
- LP: #1311196
* powernow-k6: disable cache when changing frequency
- LP: #1311196
* powernow-k6: correctly initialize default parameters
- LP: #1311196
* powernow-k6: reorder frequencies
- LP: #1311196
* selinux: correctly label /proc inodes in use before the policy is
loaded
- LP: #1311196
* net: fix for a race condition in the inet frag code
- LP: #1311196
* net: sctp: fix skb leakage in COOKIE ECHO path of chunk->auth_chunk
- LP: #1311196
* bridge: multicast: add sanity check for query source addresses
- LP: #1311196
* inet: frag: make sure forced eviction removes all frags
- LP: #1311196
* net: unix: non blocking recvmsg() should not return -EINTR
- LP: #1311196
* ipv6: Fix exthdrs offload registration.
- LP: #1311196
* ipv6: don't set DST_NOCOUNT for remotely added routes
- LP: #1311196
* vlan: Set correct source MAC address with TX VLAN offload enabled
- LP: #1311196
* tcp: tcp_release_cb() should release socket ownership
- LP: #1311196
* net: socket: error on a negative msg_namelen
- LP: #1311196
* ipv6: Avoid unnecessary temporary addresses being generated
- LP: #1311196
* ipv6: ip6_append_data_mtu do not handle the mtu of the second fragment
properly
- LP: #1311196
* vxlan: fix potential NULL dereference in arp_reduce()
- LP: #1311196
* rtnetlink: fix fdb notification flags
- LP: #1311196
* ipmr: fix mfc notification flags
- LP: #1311196
* ip6mr: fix mfc notification flags
- LP: #1311196
* netpoll: fix the skb check in pkt_is_ns
- LP: #1311196
* tg3: Do not include vlan acceleration features in vlan_features
- LP: #1311196
* usbnet: include wait queue head in device structure
- LP: #1311196
* vlan: Set hard_header_len according to available acceleration
- LP: #1311196
* vhost: fix total length when packets are too short
- LP: #1311196
- CVE-2014-0077
* vhost: validate vhost_get_vq_desc return value
- LP: #1311196
- CVE-2014-0055
* xen-netback: remove pointless clause from if statement
- LP: #1311196
* ipv6: some ipv6 statistic counters failed to disable bh
- LP: #1311196
* netlink: don't compare the nul-termination in nla_strcmp
- LP: #1311196
* isdnloop: Validate NUL-terminated strings from user.
- LP: #1311196
* isdnloop: several buffer overflows
- LP: #1311196
* cpuidle: Check the result of cpuidle_get_driver() against NULL
- LP: #1311196
* sparc: PCI: Fix incorrect address calculation of PCI Bridge windows on
Simba-bridges
- LP: #1311196
* sparc32: fix build failure for arch_jump_label_transform
- LP: #1311196
* sparc64: don't treat 64-bit syscall return codes as 32-bit
- LP: #1311196
* sparc64: Make sure %pil interrupts are enabled during hypervisor yield.
- LP: #1311196
* netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len
- LP: #1311196
* netfilter: Can't fail and free after table replacement
- LP: #1311196
* crypto: ghash-clmulni-intel - use C implementation for setkey()
- LP: #1311196
* Linux 3.11.10.8
- LP: #1311196
* net: ipv4: current group_info should be put after using.
- CVE-2014-2851
[ Wen-chien Jesse Sung ]
* SAUCE: Bluetooth: Give restart command more time to complete its job
- LP: #1301908
-- Kamal Mostafa <kamal@xxxxxxxxxxxxx> Fri, 16 May 2014 12:58:30 -0700
** Changed in: linux-lts-saucy (Ubuntu Precise)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0055
** Changed in: linux-lts-quantal (Ubuntu Precise)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-2523
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1302222
Title:
CVE-2014-2678
Status in “linux” package in Ubuntu:
Fix Released
Status in “linux-armadaxp” package in Ubuntu:
Invalid
Status in “linux-ec2” package in Ubuntu:
Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
Won't Fix
Status in “linux-lts-backport-natty” package in Ubuntu:
Won't Fix
Status in “linux-lts-quantal” package in Ubuntu:
Invalid
Status in “linux-lts-raring” package in Ubuntu:
Invalid
Status in “linux-lts-saucy” package in Ubuntu:
Invalid
Status in “linux-mvl-dove” package in Ubuntu:
Invalid
Status in “linux-ti-omap4” package in Ubuntu:
Invalid
Status in “linux” source package in Lucid:
Fix Released
Status in “linux-armadaxp” source package in Lucid:
Invalid
Status in “linux-ec2” source package in Lucid:
Fix Released
Status in “linux-fsl-imx51” source package in Lucid:
Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
Won't Fix
Status in “linux-lts-backport-natty” source package in Lucid:
Won't Fix
Status in “linux-lts-quantal” source package in Lucid:
Invalid
Status in “linux-lts-raring” source package in Lucid:
Invalid
Status in “linux-lts-saucy” source package in Lucid:
Invalid
Status in “linux-mvl-dove” source package in Lucid:
Invalid
Status in “linux-ti-omap4” source package in Lucid:
Invalid
Status in “linux” source package in Precise:
Fix Released
Status in “linux-armadaxp” source package in Precise:
Fix Released
Status in “linux-ec2” source package in Precise:
Invalid
Status in “linux-fsl-imx51” source package in Precise:
Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
Won't Fix
Status in “linux-lts-backport-natty” source package in Precise:
Won't Fix
Status in “linux-lts-quantal” source package in Precise:
Fix Released
Status in “linux-lts-raring” source package in Precise:
Fix Released
Status in “linux-lts-saucy” source package in Precise:
Fix Released
Status in “linux-mvl-dove” source package in Precise:
Invalid
Status in “linux-ti-omap4” source package in Precise:
Fix Committed
Status in “linux-lts-backport-maverick” source package in Quantal:
Won't Fix
Status in “linux-lts-backport-natty” source package in Quantal:
Won't Fix
Status in “linux” source package in Saucy:
Fix Committed
Status in “linux-armadaxp” source package in Saucy:
Invalid
Status in “linux-ec2” source package in Saucy:
Invalid
Status in “linux-fsl-imx51” source package in Saucy:
Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
Won't Fix
Status in “linux-lts-backport-natty” source package in Saucy:
Won't Fix
Status in “linux-lts-quantal” source package in Saucy:
Invalid
Status in “linux-lts-raring” source package in Saucy:
Invalid
Status in “linux-lts-saucy” source package in Saucy:
Invalid
Status in “linux-mvl-dove” source package in Saucy:
Invalid
Status in “linux-ti-omap4” source package in Saucy:
Fix Committed
Status in “linux” source package in Trusty:
Fix Released
Status in “linux-armadaxp” source package in Trusty:
Invalid
Status in “linux-ec2” source package in Trusty:
Invalid
Status in “linux-fsl-imx51” source package in Trusty:
Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
Won't Fix
Status in “linux-lts-backport-natty” source package in Trusty:
Won't Fix
Status in “linux-lts-quantal” source package in Trusty:
Invalid
Status in “linux-lts-raring” source package in Trusty:
Invalid
Status in “linux-lts-saucy” source package in Trusty:
Invalid
Status in “linux-mvl-dove” source package in Trusty:
Invalid
Status in “linux-ti-omap4” source package in Trusty:
Invalid
Status in “linux” source package in Utopic:
Fix Released
Status in “linux-armadaxp” source package in Utopic:
Invalid
Status in “linux-ec2” source package in Utopic:
Invalid
Status in “linux-fsl-imx51” source package in Utopic:
Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
Won't Fix
Status in “linux-lts-backport-natty” source package in Utopic:
Won't Fix
Status in “linux-lts-quantal” source package in Utopic:
Invalid
Status in “linux-lts-raring” source package in Utopic:
Invalid
Status in “linux-lts-saucy” source package in Utopic:
Invalid
Status in “linux-mvl-dove” source package in Utopic:
Invalid
Status in “linux-ti-omap4” source package in Utopic:
Invalid
Bug description:
The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel
through 3.14 allows local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified
other impact via a bind system call for an RDS socket on a system that
lacks RDS transports.
Break-Fix: - bf39b4247b8799935ea91d90db250ab608a58e50
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1302222/+subscriptions
References