kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #62781
[Bug 1295090] Re: CVE-2014-2523
This bug was fixed in the package linux-lts-quantal -
3.5.0-51.76~precise1
---------------
linux-lts-quantal (3.5.0-51.76~precise1) precise; urgency=low
[ Brad Figg ]
* Revert "rtlwifi: Set the link state"
[ Kamal Mostafa ]
* Release Tracking Bug
- re-used previous tracking bug
linux (3.5.0-51.75) quantal; urgency=low
[ Kamal Mostafa ]
* Merged back Ubuntu-3.5.0-49.74 security release
* Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
- LP: #1314762
* Release Tracking Bug
- LP: #1317333
[ Upstream Kernel Changes ]
* ipv6: don't set DST_NOCOUNT for remotely added routes
- LP: #1293726
- CVE-2014-2309
* vhost: fix total length when packets are too short
- LP: #1312984
- CVE-2014-0077
* n_tty: Fix n_tty_write crash when echoing in raw mode
- LP: #1314762
- CVE-2014-0196
* floppy: ignore kernel-only members in FDRAWCMD ioctl input
- LP: #1316729
- CVE-2014-1737
* floppy: don't write kernel-only members to FDRAWCMD ioctl output
- LP: #1316735
- CVE-2014-1738
linux (3.5.0-50.74) quantal; urgency=low
[ Joseph Salisbury ]
* Release Tracking Bug
- LP: #1313852
[ Upstream Kernel Changes ]
* rds: prevent dereference of a NULL device in rds_iw_laddr_check
- LP: #1302222
- CVE-2014-2678
* vhost: validate vhost_get_vq_desc return value
- LP: #1298117
- CVE-2014-0055
* netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
- LP: #1295090
- CVE-2014-2523
* ALSA: oxygen: Xonar DG(X): capture from I2S channel 1, not 2
- LP: #1310783
* ALSA: oxygen: Xonar DG(X): modify DAC routing
- LP: #1310783
* mac80211: fix AP powersave TX vs. wakeup race
- LP: #1310783
* iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when assoc fails
- LP: #1310783
* ath9k: protect tid->sched check
- LP: #1310783
* ath9k: Fix ETSI compliance for AR9462 2.0
- LP: #1310783
* genirq: Remove racy waitqueue_active check
- LP: #1310783
* sched: Fix double normalization of vruntime
- LP: #1310783
* cpuset: fix a race condition in __cpuset_node_allowed_softwall()
- LP: #1310783
* firewire: net: fix use after free
- LP: #1310783
* mwifiex: do not advertise usb autosuspend support
- LP: #1310783
* NFS: Fix a delegation callback race
- LP: #1310783
* can: flexcan: fix shutdown: first disable chip, then all interrupts
- LP: #1310783
* can: flexcan: flexcan_open(): fix error path if flexcan_chip_start()
fails
- LP: #1310783
* tracing: Do not add event files for modules that fail tracepoints
- LP: #1310783
* ocfs2: fix quota file corruption
- LP: #1310783
* rapidio/tsi721: fix tasklet termination in dma channel release
- LP: #1310783
* ALSA: usb-audio: Add quirk for Logitech Webcam C500
- LP: #1310783
* drm/radeon: TTM must be init with cpu-visible VRAM, v2
- LP: #1310783
* drm/radeon/atom: select the proper number of lanes in transmitter setup
- LP: #1310783
* powerpc: Align p_dyn, p_rela and p_st symbols
- LP: #1310783
* libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus
SpinPoint M8 (2BA30001)
- LP: #1310783
* usb: Add device quirk for Logitech HD Pro Webcams C920 and C930e
- LP: #1310783
* usb: Make DELAY_INIT quirk wait 100ms between Get Configuration
requests
- LP: #1310783
* ARM: 7991/1: sa1100: fix compile problem on Collie
- LP: #1310783
* firewire: don't use PREPARE_DELAYED_WORK
- LP: #1310783
* x86: Ignore NMIs that come in during early boot
- LP: #1310783
* x86: fix compile error due to X86_TRAP_NMI use in asm files
- LP: #1310783
* virtio-net: alloc big buffers also when guest can receive UFO
- LP: #1310783
* tg3: Don't check undefined error bits in RXBD
- LP: #1310783
* net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
- LP: #1310783
* usb: dwc3: add support for Merrifield
- LP: #1310783
* mac80211: clear sequence/fragment number in QoS-null frames
- LP: #1310783
* mwifiex: copy AP's HT capability info correctly
- LP: #1310783
* net: unix socket code abuses csum_partial
- LP: #1310783
* ibmveth: Fix endian issues with MAC addresses
- LP: #1310783
* [SCSI] isci: fix reset timeout handling
- LP: #1310783
* [SCSI] isci: correct erroneous for_each_isci_host macro
- LP: #1310783
* [SCSI] qla2xxx: Poll during initialization for ISP25xx and ISP83xx
- LP: #1310783
* ocfs2 syncs the wrong range...
- LP: #1310783
* fs/proc/base.c: fix GPF in /proc/$PID/map_files
- LP: #1310783
* vmxnet3: fix netpoll race condition
- LP: #1310783
* [SCSI] storvsc: NULL pointer dereference fix
- LP: #1310783
* PCI: Enable INTx in pci_reenable_device() only when MSI/MSI-X not
enabled
- LP: #1310783
* KVM: SVM: fix cr8 intercept window
- LP: #1310783
* drm/ttm: don't oops if no invalidate_caches()
- LP: #1310783
* vmxnet3: fix building without CONFIG_PCI_MSI
- LP: #1310783
* x86/amd/numa: Fix northbridge quirk to assign correct NUMA node
- LP: #1310783
* Btrfs: fix data corruption when reading/updating compressed extents
- LP: #1310783
* jiffies: Avoid undefined behavior from signed overflow
- LP: #1310783
* ALSA: compress: Pass through return value of open ops callback
- LP: #1310783
* acpi-cpufreq: set current frequency based on target P-State
- LP: #1310783
* hpfs: deadlock and race in directory lseek()
- LP: #1310783
* intel_idle: Check cpu_idle_get_driver() for NULL before dereferencing
it.
- LP: #1310783
* ipc/msg: fix race around refcount
- LP: #1310783
* Input: synaptics - add manual min/max quirk
- LP: #1310783
* Input: synaptics - add manual min/max quirk for ThinkPad X240
- LP: #1310783
* x86: fix boot on uniprocessor systems
- LP: #1310783
* staging: speakup: Prefix externally-visible symbols
- LP: #1310783
* ext4: atomically set inode->i_flags in ext4_set_inode_flags()
- LP: #1310783
* deb-pkg: Fix cross-building linux-headers package
- LP: #1310783
* x86: bpf_jit: support negative offsets
- LP: #1310783
* p54: clamp properly instead of just truncating
- LP: #1310783
* ALSA: hda/realtek - Avoid invalid COEFs for ALC271X
- LP: #1310783
* of: Fix address decoding on Bimini and js2x machines
- LP: #1310783
* of: fix PCI bus match for PCIe slots
- LP: #1310783
* libata: disable LPM for some WD SATA-I devices
- LP: #1310783
* mmc: sdhci: fix lockdep error in tuning routine
- LP: #1310783
* usb: ehci: add freescale imx28 special write register method
- LP: #1310783
* USB: pl2303: fix data corruption on termios updates
- LP: #1310783
* Linux 3.5.7.33
- LP: #1310783
* net: ipv4: current group_info should be put after using.
- CVE-2014-2851
-- Kamal Mostafa <kamal@xxxxxxxxxxxxx> Fri, 16 May 2014 09:12:33 -0700
** Changed in: linux-lts-quantal (Ubuntu Precise)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0055
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0077
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0196
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1737
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1738
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-2309
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-2678
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-2851
** Changed in: linux-lts-raring (Ubuntu Precise)
Status: Won't Fix => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1295090
Title:
CVE-2014-2523
Status in “linux” package in Ubuntu:
Fix Committed
Status in “linux-armadaxp” package in Ubuntu:
Invalid
Status in “linux-ec2” package in Ubuntu:
Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
Won't Fix
Status in “linux-lts-backport-natty” package in Ubuntu:
Won't Fix
Status in “linux-lts-quantal” package in Ubuntu:
Invalid
Status in “linux-lts-raring” package in Ubuntu:
Invalid
Status in “linux-lts-saucy” package in Ubuntu:
Invalid
Status in “linux-mvl-dove” package in Ubuntu:
Invalid
Status in “linux-ti-omap4” package in Ubuntu:
Invalid
Status in “linux” source package in Lucid:
Fix Released
Status in “linux-armadaxp” source package in Lucid:
Invalid
Status in “linux-ec2” source package in Lucid:
Fix Released
Status in “linux-fsl-imx51” source package in Lucid:
Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
Won't Fix
Status in “linux-lts-backport-natty” source package in Lucid:
Won't Fix
Status in “linux-lts-quantal” source package in Lucid:
Invalid
Status in “linux-lts-raring” source package in Lucid:
Invalid
Status in “linux-lts-saucy” source package in Lucid:
Invalid
Status in “linux-mvl-dove” source package in Lucid:
Invalid
Status in “linux-ti-omap4” source package in Lucid:
Invalid
Status in “linux” source package in Precise:
Fix Committed
Status in “linux-armadaxp” source package in Precise:
Fix Committed
Status in “linux-ec2” source package in Precise:
Invalid
Status in “linux-fsl-imx51” source package in Precise:
Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
Won't Fix
Status in “linux-lts-backport-natty” source package in Precise:
Won't Fix
Status in “linux-lts-quantal” source package in Precise:
Fix Released
Status in “linux-lts-raring” source package in Precise:
Fix Released
Status in “linux-lts-saucy” source package in Precise:
Fix Committed
Status in “linux-mvl-dove” source package in Precise:
Invalid
Status in “linux-ti-omap4” source package in Precise:
Fix Committed
Status in “linux-lts-backport-maverick” source package in Quantal:
Won't Fix
Status in “linux-lts-backport-natty” source package in Quantal:
Won't Fix
Status in “linux” source package in Saucy:
Fix Committed
Status in “linux-armadaxp” source package in Saucy:
Invalid
Status in “linux-ec2” source package in Saucy:
Invalid
Status in “linux-fsl-imx51” source package in Saucy:
Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
Won't Fix
Status in “linux-lts-backport-natty” source package in Saucy:
Won't Fix
Status in “linux-lts-quantal” source package in Saucy:
Invalid
Status in “linux-lts-raring” source package in Saucy:
Invalid
Status in “linux-lts-saucy” source package in Saucy:
Invalid
Status in “linux-mvl-dove” source package in Saucy:
Invalid
Status in “linux-ti-omap4” source package in Saucy:
Fix Committed
Status in “linux” source package in Trusty:
Fix Committed
Status in “linux-armadaxp” source package in Trusty:
Invalid
Status in “linux-ec2” source package in Trusty:
Invalid
Status in “linux-fsl-imx51” source package in Trusty:
Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
Won't Fix
Status in “linux-lts-backport-natty” source package in Trusty:
Won't Fix
Status in “linux-lts-quantal” source package in Trusty:
Invalid
Status in “linux-lts-raring” source package in Trusty:
Invalid
Status in “linux-lts-saucy” source package in Trusty:
Invalid
Status in “linux-mvl-dove” source package in Trusty:
Invalid
Status in “linux-ti-omap4” source package in Trusty:
Invalid
Status in “linux” source package in Utopic:
Fix Committed
Status in “linux-armadaxp” source package in Utopic:
Invalid
Status in “linux-ec2” source package in Utopic:
Invalid
Status in “linux-fsl-imx51” source package in Utopic:
Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
Won't Fix
Status in “linux-lts-backport-natty” source package in Utopic:
Won't Fix
Status in “linux-lts-quantal” source package in Utopic:
Invalid
Status in “linux-lts-raring” source package in Utopic:
Invalid
Status in “linux-lts-saucy” source package in Utopic:
Invalid
Status in “linux-mvl-dove” source package in Utopic:
Invalid
Status in “linux-ti-omap4” source package in Utopic:
Invalid
Bug description:
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through
3.13.6 uses a DCCP header pointer incorrectly, which allows remote
attackers to cause a denial of service (system crash) or possibly
execute arbitrary code via a DCCP packet that triggers a call to the
(1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
Break-Fix: - b22f5126a24b3b2f15448c3f2a254fc10cbc2b92
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1295090/+subscriptions
References