← Back to team overview

kernel-packages team mailing list archive

[Bug 1293726] Re: CVE-2014-2309

 

This bug was fixed in the package linux-lts-quantal -
3.5.0-51.76~precise1

---------------
linux-lts-quantal (3.5.0-51.76~precise1) precise; urgency=low

  [ Brad Figg ]

  * Revert "rtlwifi: Set the link state"

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - re-used previous tracking bug

linux (3.5.0-51.75) quantal; urgency=low

  [ Kamal Mostafa ]

  * Merged back Ubuntu-3.5.0-49.74 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1317333

  [ Upstream Kernel Changes ]

  * ipv6: don't set DST_NOCOUNT for remotely added routes
    - LP: #1293726
    - CVE-2014-2309
  * vhost: fix total length when packets are too short
    - LP: #1312984
    - CVE-2014-0077
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

linux (3.5.0-50.74) quantal; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1313852

  [ Upstream Kernel Changes ]

  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * vhost: validate vhost_get_vq_desc return value
    - LP: #1298117
    - CVE-2014-0055
  * netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
    - LP: #1295090
    - CVE-2014-2523
  * ALSA: oxygen: Xonar DG(X): capture from I2S channel 1, not 2
    - LP: #1310783
  * ALSA: oxygen: Xonar DG(X): modify DAC routing
    - LP: #1310783
  * mac80211: fix AP powersave TX vs. wakeup race
    - LP: #1310783
  * iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when assoc fails
    - LP: #1310783
  * ath9k: protect tid->sched check
    - LP: #1310783
  * ath9k: Fix ETSI compliance for AR9462 2.0
    - LP: #1310783
  * genirq: Remove racy waitqueue_active check
    - LP: #1310783
  * sched: Fix double normalization of vruntime
    - LP: #1310783
  * cpuset: fix a race condition in __cpuset_node_allowed_softwall()
    - LP: #1310783
  * firewire: net: fix use after free
    - LP: #1310783
  * mwifiex: do not advertise usb autosuspend support
    - LP: #1310783
  * NFS: Fix a delegation callback race
    - LP: #1310783
  * can: flexcan: fix shutdown: first disable chip, then all interrupts
    - LP: #1310783
  * can: flexcan: flexcan_open(): fix error path if flexcan_chip_start()
    fails
    - LP: #1310783
  * tracing: Do not add event files for modules that fail tracepoints
    - LP: #1310783
  * ocfs2: fix quota file corruption
    - LP: #1310783
  * rapidio/tsi721: fix tasklet termination in dma channel release
    - LP: #1310783
  * ALSA: usb-audio: Add quirk for Logitech Webcam C500
    - LP: #1310783
  * drm/radeon: TTM must be init with cpu-visible VRAM, v2
    - LP: #1310783
  * drm/radeon/atom: select the proper number of lanes in transmitter setup
    - LP: #1310783
  * powerpc: Align p_dyn, p_rela and p_st symbols
    - LP: #1310783
  * libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus
    SpinPoint M8 (2BA30001)
    - LP: #1310783
  * usb: Add device quirk for Logitech HD Pro Webcams C920 and C930e
    - LP: #1310783
  * usb: Make DELAY_INIT quirk wait 100ms between Get Configuration
    requests
    - LP: #1310783
  * ARM: 7991/1: sa1100: fix compile problem on Collie
    - LP: #1310783
  * firewire: don't use PREPARE_DELAYED_WORK
    - LP: #1310783
  * x86: Ignore NMIs that come in during early boot
    - LP: #1310783
  * x86: fix compile error due to X86_TRAP_NMI use in asm files
    - LP: #1310783
  * virtio-net: alloc big buffers also when guest can receive UFO
    - LP: #1310783
  * tg3: Don't check undefined error bits in RXBD
    - LP: #1310783
  * net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
    - LP: #1310783
  * usb: dwc3: add support for Merrifield
    - LP: #1310783
  * mac80211: clear sequence/fragment number in QoS-null frames
    - LP: #1310783
  * mwifiex: copy AP's HT capability info correctly
    - LP: #1310783
  * net: unix socket code abuses csum_partial
    - LP: #1310783
  * ibmveth: Fix endian issues with MAC addresses
    - LP: #1310783
  * [SCSI] isci: fix reset timeout handling
    - LP: #1310783
  * [SCSI] isci: correct erroneous for_each_isci_host macro
    - LP: #1310783
  * [SCSI] qla2xxx: Poll during initialization for ISP25xx and ISP83xx
    - LP: #1310783
  * ocfs2 syncs the wrong range...
    - LP: #1310783
  * fs/proc/base.c: fix GPF in /proc/$PID/map_files
    - LP: #1310783
  * vmxnet3: fix netpoll race condition
    - LP: #1310783
  * [SCSI] storvsc: NULL pointer dereference fix
    - LP: #1310783
  * PCI: Enable INTx in pci_reenable_device() only when MSI/MSI-X not
    enabled
    - LP: #1310783
  * KVM: SVM: fix cr8 intercept window
    - LP: #1310783
  * drm/ttm: don't oops if no invalidate_caches()
    - LP: #1310783
  * vmxnet3: fix building without CONFIG_PCI_MSI
    - LP: #1310783
  * x86/amd/numa: Fix northbridge quirk to assign correct NUMA node
    - LP: #1310783
  * Btrfs: fix data corruption when reading/updating compressed extents
    - LP: #1310783
  * jiffies: Avoid undefined behavior from signed overflow
    - LP: #1310783
  * ALSA: compress: Pass through return value of open ops callback
    - LP: #1310783
  * acpi-cpufreq: set current frequency based on target P-State
    - LP: #1310783
  * hpfs: deadlock and race in directory lseek()
    - LP: #1310783
  * intel_idle: Check cpu_idle_get_driver() for NULL before dereferencing
    it.
    - LP: #1310783
  * ipc/msg: fix race around refcount
    - LP: #1310783
  * Input: synaptics - add manual min/max quirk
    - LP: #1310783
  * Input: synaptics - add manual min/max quirk for ThinkPad X240
    - LP: #1310783
  * x86: fix boot on uniprocessor systems
    - LP: #1310783
  * staging: speakup: Prefix externally-visible symbols
    - LP: #1310783
  * ext4: atomically set inode->i_flags in ext4_set_inode_flags()
    - LP: #1310783
  * deb-pkg: Fix cross-building linux-headers package
    - LP: #1310783
  * x86: bpf_jit: support negative offsets
    - LP: #1310783
  * p54: clamp properly instead of just truncating
    - LP: #1310783
  * ALSA: hda/realtek - Avoid invalid COEFs for ALC271X
    - LP: #1310783
  * of: Fix address decoding on Bimini and js2x machines
    - LP: #1310783
  * of: fix PCI bus match for PCIe slots
    - LP: #1310783
  * libata: disable LPM for some WD SATA-I devices
    - LP: #1310783
  * mmc: sdhci: fix lockdep error in tuning routine
    - LP: #1310783
  * usb: ehci: add freescale imx28 special write register method
    - LP: #1310783
  * USB: pl2303: fix data corruption on termios updates
    - LP: #1310783
  * Linux 3.5.7.33
    - LP: #1310783
  * net: ipv4: current group_info should be put after using.
    - CVE-2014-2851
 -- Kamal Mostafa <kamal@xxxxxxxxxxxxx>   Fri, 16 May 2014 09:12:33 -0700

** Changed in: linux-lts-quantal (Ubuntu Precise)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0055

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-2523

** Changed in: linux-lts-quantal (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1293726

Title:
  CVE-2014-2309

Status in “linux” package in Ubuntu:
  Invalid
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  Won't Fix
Status in “linux-lts-backport-natty” package in Ubuntu:
  Won't Fix
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  Invalid
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  Invalid
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Lucid:
  Won't Fix
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-lts-saucy” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Fix Released
Status in “linux-armadaxp” source package in Precise:
  Fix Released
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Precise:
  Won't Fix
Status in “linux-lts-quantal” source package in Precise:
  Fix Released
Status in “linux-lts-raring” source package in Precise:
  Won't Fix
Status in “linux-lts-saucy” source package in Precise:
  Fix Committed
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  Fix Committed
Status in “linux-lts-backport-maverick” source package in Quantal:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Quantal:
  Won't Fix
Status in “linux” source package in Saucy:
  Fix Committed
Status in “linux-armadaxp” source package in Saucy:
  Invalid
Status in “linux-ec2” source package in Saucy:
  Invalid
Status in “linux-fsl-imx51” source package in Saucy:
  Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Saucy:
  Won't Fix
Status in “linux-lts-quantal” source package in Saucy:
  Invalid
Status in “linux-lts-raring” source package in Saucy:
  Invalid
Status in “linux-lts-saucy” source package in Saucy:
  Invalid
Status in “linux-mvl-dove” source package in Saucy:
  Invalid
Status in “linux-ti-omap4” source package in Saucy:
  Fix Committed
Status in “linux” source package in Trusty:
  Invalid
Status in “linux-armadaxp” source package in Trusty:
  Invalid
Status in “linux-ec2” source package in Trusty:
  Invalid
Status in “linux-fsl-imx51” source package in Trusty:
  Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Trusty:
  Won't Fix
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid
Status in “linux-mvl-dove” source package in Trusty:
  Invalid
Status in “linux-ti-omap4” source package in Trusty:
  Invalid
Status in “linux” source package in Utopic:
  Invalid
Status in “linux-armadaxp” source package in Utopic:
  Invalid
Status in “linux-ec2” source package in Utopic:
  Invalid
Status in “linux-fsl-imx51” source package in Utopic:
  Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Utopic:
  Won't Fix
Status in “linux-lts-quantal” source package in Utopic:
  Invalid
Status in “linux-lts-raring” source package in Utopic:
  Invalid
Status in “linux-lts-saucy” source package in Utopic:
  Invalid
Status in “linux-mvl-dove” source package in Utopic:
  Invalid
Status in “linux-ti-omap4” source package in Utopic:
  Invalid

Bug description:
  The ip6_route_add function in net/ipv6/route.c in the Linux kernel
  through 3.13.6 does not properly count the addition of routes, which
  allows remote attackers to cause a denial of service (memory
  consumption) via a flood of ICMPv6 Router Advertisement packets.

  Break-Fix: 957c665f37007de93ccbe45902a23143724170d0
  c88507fbad8055297c1d1e21e599f46960cbee39

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1293726/+subscriptions


References