← Back to team overview

kernel-packages team mailing list archive

[Bug 1302222] Re: CVE-2014-2678

 

This bug was fixed in the package linux-lts-saucy -
3.11.0-22.38~precise1

---------------
linux-lts-saucy (3.11.0-22.38~precise1) precise; urgency=low

  [ Brad Figg ]

  * Revert "rtlwifi: Set the link state"

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - re-used previous tracking bug

linux (3.11.0-22.37) saucy; urgency=low

  [ Kamal Mostafa ]

  * Merged back Ubuntu-3.11.0-20.35 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1317369

  [ Tim Gardner ]

  * [Config] d-i -- add virtio_scsi to virtio-modules
    - LP: #1315462

  [ Upstream Kernel Changes ]

  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

linux (3.11.0-21.35) saucy; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1313831

  [ Upstream Kernel Changes ]

  * Revert "sparc64: Fix __copy_{to,from}_user_inatomic defines."
    - LP: #1311196
  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * ALSA: oxygen: Xonar DG(X): capture from I2S channel 1, not 2
    - LP: #1311196
  * ALSA: oxygen: Xonar DG(X): modify DAC routing
    - LP: #1311196
  * jiffies: Avoid undefined behavior from signed overflow
    - LP: #1311196
  * mac80211: send control port protocol frames to the VO queue
    - LP: #1311196
  * mac80211: fix AP powersave TX vs. wakeup race
    - LP: #1311196
  * iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when assoc fails
    - LP: #1311196
  * mwifiex: clean pcie ring only when device is present
    - LP: #1311196
  * mwifiex: add NULL check for PCIe Rx skb
    - LP: #1311196
  * mwifiex: fix cmd and Tx data timeout issue for PCIe cards
    - LP: #1311196
  * ath9k: protect tid->sched check
    - LP: #1311196
  * ath9k: Fix ETSI compliance for AR9462 2.0
    - LP: #1311196
  * mac80211: don't validate unchanged AP bandwidth while tracking
    - LP: #1311196
  * regulator: core: Replace direct ops->enable usage
    - LP: #1311196
  * regulator: core: Replace direct ops->disable usage
    - LP: #1311196
  * iwlwifi: mvm: change of listen interval from 70 to 10
    - LP: #1311196
  * iwlwifi: fix TX status for aggregated packets
    - LP: #1311196
  * genirq: Remove racy waitqueue_active check
    - LP: #1311196
  * sched: Fix double normalization of vruntime
    - LP: #1311196
  * cpuset: fix a locking issue in cpuset_migrate_mm()
    - LP: #1311196
  * cpuset: fix a race condition in __cpuset_node_allowed_softwall()
    - LP: #1311196
  * mac80211: fix association to 20/40 MHz VHT networks
    - LP: #1311196
  * firewire: net: fix use after free
    - LP: #1311196
  * mwifiex: do not advertise usb autosuspend support
    - LP: #1311196
  * ACPI / resources: ignore invalid ACPI device resources
    - LP: #1311196
  * NFS: Fix a delegation callback race
    - LP: #1311196
  * spi: spi-ath79: fix initial GPIO CS line setup
    - LP: #1311196
  * ALSA: hda - Added inverted digital-mic handling for Acer TravelMate
    8371
    - LP: #1311196
  * drm/i915: fix pch pci device enumeration
    - LP: #1311196
  * can: flexcan: fix shutdown: first disable chip, then all interrupts
    - LP: #1311196
  * can: flexcan: flexcan_open(): fix error path if flexcan_chip_start()
    fails
    - LP: #1311196
  * can: flexcan: Check the return value from clk_prepare_enable()
    - LP: #1311196
  * can: flexcan: fix transition from and to low power mode in
    chip_{en,dis}able
    - LP: #1311196
  * can: flexcan: factor out transceiver {en,dis}able into seperate
    functions
    - LP: #1311196
  * can: flexcan: fix transition from and to freeze mode in
    chip_{,un}freeze
    - LP: #1311196
  * drm/i915: vlv: reserve GT power context early
    - LP: #1311196
  * drm/i915: Reject >165MHz modes w/ DVI monitors
    - LP: #1311196
  * tracing: Do not add event files for modules that fail tracepoints
    - LP: #1311196
  * mm: include VM_MIXEDMAP flag in the VM_SPECIAL list to avoid
    m(un)locking
    - LP: #1311196
  * ocfs2: fix quota file corruption
    - LP: #1311196
  * zram: avoid null access when fail to alloc meta
    - LP: #1311196
  * rapidio/tsi721: fix tasklet termination in dma channel release
    - LP: #1311196
  * iscsi-target: Fix iscsit_get_tpg_from_np tpg_state bug
    - LP: #1311196
  * iscsi-target: Perform release of acknowledged tags from RX context
    - LP: #1311196
  * iscsi/iser-target: Use list_del_init for ->i_conn_node
    - LP: #1311196
  * pinctrl: sunxi: use chained_irq_{enter, exit} for GIC compatibility
    - LP: #1311196
  * ALSA: hda - Add missing loopback merge path for AD1884/1984 codecs
    - LP: #1311196
  * ALSA: usb-audio: Add quirk for Logitech Webcam C500
    - LP: #1311196
  * NFSv4: nfs4_stateid_is_current should return 'true' for an invalid
    stateid
    - LP: #1311196
  * ACPI / EC: Fix incorrect placement of __initdata
    - LP: #1311196
  * firewire: ohci: beautify some macro definitions
    - LP: #1311196
  * firewire: ohci: fix probe failure with Agere/LSI controllers
    - LP: #1311196
  * drm/radeon: TTM must be init with cpu-visible VRAM, v2
    - LP: #1311196
  * drm/radeon/dpm: fix typo in EVERGREEN_SMC_FIRMWARE_HEADER_softRegisters
    - LP: #1311196
  * drm/radeon/atom: select the proper number of lanes in transmitter setup
    - LP: #1311196
  * powerpc/tm: Fix crash when forking inside a transaction
    - LP: #1311196
  * powerpc: Align p_dyn, p_rela and p_st symbols
    - LP: #1311196
  * firewire: don't use PREPARE_DELAYED_WORK
    - LP: #1311196
  * libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus
    SpinPoint M8 (2BA30001)
    - LP: #1311196
  * usb: Add device quirk for Logitech HD Pro Webcams C920 and C930e
    - LP: #1311196
  * usb: Make DELAY_INIT quirk wait 100ms between Get Configuration
    requests
    - LP: #1311196
  * ARM: fix noMMU kallsyms symbol filtering
    - LP: #1311196
  * ARM: 7991/1: sa1100: fix compile problem on Collie
    - LP: #1311196
  * x86: Ignore NMIs that come in during early boot
    - LP: #1311196
  * x86: fix compile error due to X86_TRAP_NMI use in asm files
    - LP: #1311196
  * drm/radeon: re-order firmware loading in preparation for dpm rework
    - LP: #1311196
  * net-tcp: fastopen: fix high order allocations
    - LP: #1311196
  * neigh: recompute reachabletime before returning from
    neigh_periodic_work()
    - LP: #1311196
  * virtio-net: alloc big buffers also when guest can receive UFO
    - LP: #1311196
  * ipv6: reuse ip6_frag_id from ip6_ufo_append_data
    - LP: #1311196
  * sfc: check for NULL efx->ptp_data in efx_ptp_event
    - LP: #1311196
  * ipv6: ipv6_find_hdr restore prev functionality
    - LP: #1311196
  * tg3: Don't check undefined error bits in RXBD
    - LP: #1311196
  * net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
    - LP: #1311196
  * s390/dasd: hold request queue sysfs lock when calling elevator_init()
    - LP: #1311196
  * iwlwifi: mvm: don't WARN when statistics are handled late
    - LP: #1311196
  * mac80211: clear sequence/fragment number in QoS-null frames
    - LP: #1311196
  * mwifiex: copy AP's HT capability info correctly
    - LP: #1311196
  * mwifiex: save and copy AP's VHT capability info correctly
    - LP: #1311196
  * net: unix socket code abuses csum_partial
    - LP: #1311196
  * ibmveth: Fix endian issues with MAC addresses
    - LP: #1311196
  * [SCSI] isci: fix reset timeout handling
    - LP: #1311196
  * [SCSI] isci: correct erroneous for_each_isci_host macro
    - LP: #1311196
  * [SCSI] qla2xxx: Poll during initialization for ISP25xx and ISP83xx
    - LP: #1311196
  * ocfs2 syncs the wrong range...
    - LP: #1311196
  * mm/compaction: break out of loop on !PageBuddy in
    isolate_freepages_block
    - LP: #1311196
  * fs/proc/base.c: fix GPF in /proc/$PID/map_files
    - LP: #1311196
  * vmxnet3: fix netpoll race condition
    - LP: #1311196
  * [SCSI] storvsc: NULL pointer dereference fix
    - LP: #1311196
  * PCI: Enable INTx in pci_reenable_device() only when MSI/MSI-X not
    enabled
    - LP: #1311196
  * KVM: SVM: fix cr8 intercept window
    - LP: #1311196
  * dm cache: fix truncation bug when copying a block to/from >2TB fast
    device
    - LP: #1311196
  * dm cache: fix access beyond end of origin device
    - LP: #1311196
  * drm/ttm: don't oops if no invalidate_caches()
    - LP: #1311196
  * drm/radeon/cik: properly set sdma ring status on disable
    - LP: #1311196
  * drm/radeon/cik: stop the sdma engines in the enable() function
    - LP: #1311196
  * drm/radeon/cik: properly set compute ring status on disable
    - LP: #1311196
  * vmxnet3: fix building without CONFIG_PCI_MSI
    - LP: #1311196
  * ACPI / sleep: Add extra checks for HW Reduced ACPI mode sleep states
    - LP: #1311196
  * i2c: Remove usage of orphaned symbol OF_I2C
    - LP: #1311196
  * x86/amd/numa: Fix northbridge quirk to assign correct NUMA node
    - LP: #1311196
  * ipc: Fix 2 bugs in msgrcv() MSG_COPY implementation
    - LP: #1311196
  * MIPS: include linux/types.h
    - LP: #1311196
  * iwlwifi: disable TX AMPDU by default for iwldvm
    - LP: #1311196
  * ARM: 7864/1: Handle 64-bit memory in case of 32-bit phys_addr_t
    - LP: #1311196
  * ARM: ignore memory below PHYS_OFFSET
    - LP: #1311196
  * iscsi/iser-target: Fix isert_conn->state hung shutdown issues
    - LP: #1311196
  * iser-target: Fix post_send_buf_count for RDMA READ/WRITE
    - LP: #1311196
  * memcg: reparent charges of children before processing parent
    - LP: #1311196
  * PNP / ACPI: proper handling of ACPI IO/Memory resource parsing failures
    - LP: #1311196
  * Btrfs: fix data corruption when reading/updating compressed extents
    - LP: #1311196
  * x86, fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU
    - LP: #1311196
  * Fix mountpoint reference leakage in linkat
    - LP: #1311196
  * clocksource: vf_pit_timer: use complement for sched_clock reading
    - LP: #1311196
  * drm/i915: Disable stolen memory when DMAR is active
    - LP: #1311196
  * ALSA: compress: Pass through return value of open ops callback
    - LP: #1311196
  * tracing: Fix array size mismatch in format string
    - LP: #1311196
  * net: davinci_emac: Replace devm_request_irq with request_irq
    - LP: #1311196
  * printk: fix syslog() overflowing user buffer
    - LP: #1311196
  * i2c: cpm: Fix build by adding of_address.h and of_irq.h
    - LP: #1311196
  * net: mvneta: rename MVNETA_GMAC2_PSC_ENABLE to MVNETA_GMAC2_PCS_ENABLE
    - LP: #1311196
  * net: mvneta: fix usage as a module on RGMII configurations
    - LP: #1311196
  * Input: synaptics - add manual min/max quirk
    - LP: #1311196
  * Input: synaptics - add manual min/max quirk for ThinkPad X240
    - LP: #1311196
  * x86: fix boot on uniprocessor systems
    - LP: #1311196
  * Input: mousedev - fix race when creating mixed device
    - LP: #1311196
  * ext4: atomically set inode->i_flags in ext4_set_inode_flags()
    - LP: #1311196
  * libceph: rename ceph_msg::front_max to front_alloc_len
    - LP: #1311196
  * libceph: rename front to front_len in get_reply()
    - LP: #1311196
  * libceph: fix preallocation check in get_reply()
    - LP: #1311196
  * ASoC: max98090: make REVISION_ID readable
    - LP: #1311196
  * libceph: block I/O when PAUSE or FULL osd map flags are set
    - LP: #1311196
  * libceph: resend all writes after the osdmap loses the full flag
    - LP: #1311196
  * [media] cxusb: unlock on error in cxusb_i2c_xfer()
    - LP: #1311196
  * [media] cx18: check for allocation failure in cx18_read_eeprom()
    - LP: #1311196
  * [media] dw2102: some missing unlocks on error
    - LP: #1311196
  * deb-pkg: Fix cross-building linux-headers package
    - LP: #1311196
  * p54: clamp properly instead of just truncating
    - LP: #1311196
  * x86: bpf_jit: support negative offsets
    - LP: #1311196
  * KVM: x86: handle invalid root_hpa everywhere
    - LP: #1311196
  * can: flexcan: flexcan_remove(): add missing netif_napi_del()
    - LP: #1311196
  * mmc: sdhci: fix lockdep error in tuning routine
    - LP: #1311196
  * HID:hid-lg4ff: Initialize device properties before we touch
    autocentering.
    - LP: #1311196
  * Linux 3.11.10.7
    - LP: #1311196
  * Input: cypress_ps2 - don't report as a button pads
    - LP: #1311196
  * netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
    - LP: #1311196
  * cpufreq: Fix timer/workqueue corruption due to double queueing
    - LP: #1311196
  * futex: Allow architectures to skip futex_atomic_cmpxchg_inatomic() test
    - LP: #1311196
  * m68k: Skip futex_atomic_cmpxchg_inatomic() test
    - LP: #1311196
  * powernow-k6: disable cache when changing frequency
    - LP: #1311196
  * powernow-k6: correctly initialize default parameters
    - LP: #1311196
  * powernow-k6: reorder frequencies
    - LP: #1311196
  * selinux: correctly label /proc inodes in use before the policy is
    loaded
    - LP: #1311196
  * net: fix for a race condition in the inet frag code
    - LP: #1311196
  * net: sctp: fix skb leakage in COOKIE ECHO path of chunk->auth_chunk
    - LP: #1311196
  * bridge: multicast: add sanity check for query source addresses
    - LP: #1311196
  * inet: frag: make sure forced eviction removes all frags
    - LP: #1311196
  * net: unix: non blocking recvmsg() should not return -EINTR
    - LP: #1311196
  * ipv6: Fix exthdrs offload registration.
    - LP: #1311196
  * ipv6: don't set DST_NOCOUNT for remotely added routes
    - LP: #1311196
  * vlan: Set correct source MAC address with TX VLAN offload enabled
    - LP: #1311196
  * tcp: tcp_release_cb() should release socket ownership
    - LP: #1311196
  * net: socket: error on a negative msg_namelen
    - LP: #1311196
  * ipv6: Avoid unnecessary temporary addresses being generated
    - LP: #1311196
  * ipv6: ip6_append_data_mtu do not handle the mtu of the second fragment
    properly
    - LP: #1311196
  * vxlan: fix potential NULL dereference in arp_reduce()
    - LP: #1311196
  * rtnetlink: fix fdb notification flags
    - LP: #1311196
  * ipmr: fix mfc notification flags
    - LP: #1311196
  * ip6mr: fix mfc notification flags
    - LP: #1311196
  * netpoll: fix the skb check in pkt_is_ns
    - LP: #1311196
  * tg3: Do not include vlan acceleration features in vlan_features
    - LP: #1311196
  * usbnet: include wait queue head in device structure
    - LP: #1311196
  * vlan: Set hard_header_len according to available acceleration
    - LP: #1311196
  * vhost: fix total length when packets are too short
    - LP: #1311196
    - CVE-2014-0077
  * vhost: validate vhost_get_vq_desc return value
    - LP: #1311196
    - CVE-2014-0055
  * xen-netback: remove pointless clause from if statement
    - LP: #1311196
  * ipv6: some ipv6 statistic counters failed to disable bh
    - LP: #1311196
  * netlink: don't compare the nul-termination in nla_strcmp
    - LP: #1311196
  * isdnloop: Validate NUL-terminated strings from user.
    - LP: #1311196
  * isdnloop: several buffer overflows
    - LP: #1311196
  * cpuidle: Check the result of cpuidle_get_driver() against NULL
    - LP: #1311196
  * sparc: PCI: Fix incorrect address calculation of PCI Bridge windows on
    Simba-bridges
    - LP: #1311196
  * sparc32: fix build failure for arch_jump_label_transform
    - LP: #1311196
  * sparc64: don't treat 64-bit syscall return codes as 32-bit
    - LP: #1311196
  * sparc64: Make sure %pil interrupts are enabled during hypervisor yield.
    - LP: #1311196
  * netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len
    - LP: #1311196
  * netfilter: Can't fail and free after table replacement
    - LP: #1311196
  * crypto: ghash-clmulni-intel - use C implementation for setkey()
    - LP: #1311196
  * Linux 3.11.10.8
    - LP: #1311196
  * net: ipv4: current group_info should be put after using.
    - CVE-2014-2851

  [ Wen-chien Jesse Sung ]

  * SAUCE: Bluetooth: Give restart command more time to complete its job
    - LP: #1301908
 -- Kamal Mostafa <kamal@xxxxxxxxxxxxx>   Fri, 16 May 2014 12:58:30 -0700

** Changed in: linux-lts-saucy (Ubuntu Precise)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0055

** Changed in: linux-lts-quantal (Ubuntu Precise)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-2523

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1302222

Title:
  CVE-2014-2678

Status in “linux” package in Ubuntu:
  Fix Released
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  Won't Fix
Status in “linux-lts-backport-natty” package in Ubuntu:
  Won't Fix
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  Fix Released
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  Fix Released
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Lucid:
  Won't Fix
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-lts-saucy” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Fix Released
Status in “linux-armadaxp” source package in Precise:
  Fix Released
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Precise:
  Won't Fix
Status in “linux-lts-quantal” source package in Precise:
  Fix Released
Status in “linux-lts-raring” source package in Precise:
  Fix Released
Status in “linux-lts-saucy” source package in Precise:
  Fix Released
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  Fix Committed
Status in “linux-lts-backport-maverick” source package in Quantal:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Quantal:
  Won't Fix
Status in “linux” source package in Saucy:
  Fix Committed
Status in “linux-armadaxp” source package in Saucy:
  Invalid
Status in “linux-ec2” source package in Saucy:
  Invalid
Status in “linux-fsl-imx51” source package in Saucy:
  Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Saucy:
  Won't Fix
Status in “linux-lts-quantal” source package in Saucy:
  Invalid
Status in “linux-lts-raring” source package in Saucy:
  Invalid
Status in “linux-lts-saucy” source package in Saucy:
  Invalid
Status in “linux-mvl-dove” source package in Saucy:
  Invalid
Status in “linux-ti-omap4” source package in Saucy:
  Fix Committed
Status in “linux” source package in Trusty:
  Fix Released
Status in “linux-armadaxp” source package in Trusty:
  Invalid
Status in “linux-ec2” source package in Trusty:
  Invalid
Status in “linux-fsl-imx51” source package in Trusty:
  Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Trusty:
  Won't Fix
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid
Status in “linux-mvl-dove” source package in Trusty:
  Invalid
Status in “linux-ti-omap4” source package in Trusty:
  Invalid
Status in “linux” source package in Utopic:
  Fix Released
Status in “linux-armadaxp” source package in Utopic:
  Invalid
Status in “linux-ec2” source package in Utopic:
  Invalid
Status in “linux-fsl-imx51” source package in Utopic:
  Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Utopic:
  Won't Fix
Status in “linux-lts-quantal” source package in Utopic:
  Invalid
Status in “linux-lts-raring” source package in Utopic:
  Invalid
Status in “linux-lts-saucy” source package in Utopic:
  Invalid
Status in “linux-mvl-dove” source package in Utopic:
  Invalid
Status in “linux-ti-omap4” source package in Utopic:
  Invalid

Bug description:
  The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel
  through 3.14 allows local users to cause a denial of service (NULL
  pointer dereference and system crash) or possibly have unspecified
  other impact via a bind system call for an RDS socket on a system that
  lacks RDS transports.

  Break-Fix: - bf39b4247b8799935ea91d90db250ab608a58e50

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1302222/+subscriptions


References