← Back to team overview

kernel-packages team mailing list archive

[Bug 1316735] Re: CVE-2014-1738

 

This bug was fixed in the package linux - 3.13.0-27.50

---------------
linux (3.13.0-27.50) trusty; urgency=low

  [ Brad Figg ]

  * Revert "rtlwifi: Set the link state"

linux (3.13.0-27.49) trusty; urgency=low

  [ Brad Figg ]

  * Revert "SAUCE: (no-up) HID: rmi: do not stop the device at the end of
    probe"
  * Revert "SAUCE: (no-up) HID: rmi: introduce RMI driver for Synaptics
    touchpads"
  * Revert "[Config] CONFIG_HID_RMI=m"

linux (3.13.0-26.48) trusty; urgency=low

  [ Benjamin Tissoires ]

  * SAUCE: (no-up) HID: rmi: introduce RMI driver for Synaptics touchpads
    - LP: #1305522
  * SAUCE: (no-up) HID: rmi: do not stop the device at the end of probe
    - LP: #1305522

  [ Kamal Mostafa ]

  * Merged back Ubuntu-3.13.0-24.47 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1316835

  [ Tim Gardner ]

  * [Config] CONFIG_HID_RMI=m
    - LP: #1305522
  * [Config] CONFIG_CRYPTO_DEV_NX=n for ppc64el
    - LP: #1314625
  * [Config] CONFIG_ZSWAP=y
    - LP: #1315203
  * Add rpcsec_gss_krb5 to generic inclusion list
    - LP: #769527

  [ Upstream Kernel Changes ]

  * HID: hidraw: make comment more accurate and nicer
    - LP: #1305522
  * HID: remove hid_get_raw_report in struct hid_device
    - LP: #1305522
  * HID: i2c-hid: implement ll_driver transport-layer callbacks
    - LP: #1305522
  * HID: add inliners for ll_driver transport-layer callbacks
    - LP: #1305522
  * HID: Add transport-driver callbacks to the hid_ll_driver struct
    - LP: #1305522
  * drm/nouveau: fail runtime pm properly.
    - LP: #1313986
  * drm/nouveau: don't suspend/resume display on runtime s/r
    - LP: #1313986
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

linux (3.13.0-25.47) trusty; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1313868

  [ Adam Lee ]

  * [Config] CONFIG_RTL8723BE=m, CONFIG_RTL8723_COMMON=m
    - LP: #1240940

  [ Alex Hung ]

  * SAUCE: (no-up) dell-led: add mic mute led interface
    - LP: #1308297

  [ Andy Whitcroft ]

  * SAUCE: (no-up) powerpc: Increase COMMAND_LINE_SIZE to 2048 from 512.
    - LP: #1306677

  [ Ben Collins ]

  * [Config] Disable PAMU on Freescale kernels
    - LP: #1311738

  [ Tim Gardner ]

  * Revert "SAUCE: x86, hyperv: bypass the timer_irq_works() check"
    - LP: #1311683
  * SAUCE: (no-up) ALSA: usb-audio: Suppress repetitive debug messages from
    retire_playback_urb()
    - LP: #1305133
  * SAUCE: (no-up) 'BUG:' message unnecessarily triggers kerneloops
    - LP: #1305480
  * [Config] CONFIG_POWERNV_CPUFREQ=m
    - LP: #1309576
  * [Config] CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND=y for ppc64el
    - LP: #1309576
  * [Config] CONFIG_TRANSPARENT_HUGEPAGE=n for arm64
    - LP: #1309221
  * [Config] CONFIG_MEMCG_KMEM=y
    - LP: #1309586
  * [Config] CONFIG_CRASH_DUMP=y for ppc64el
    - LP: #1312783

  [ Upstream Kernel Changes ]

  * Revert "rtlwifi: rtl8188ee: enable MSI interrupts mode"
    - LP: #1310512
  * mac80211: add length check in ieee80211_is_robust_mgmt_frame()
    - LP: #1240940
  * rtlwifi: rtl8723ae: rtl8723-common: Create new driver for common code
    - LP: #1240940
  * rtlwifi: rtl8723ae: rtl8723-common: Copy common firmware code
    - LP: #1240940
  * rtlwifi: rtl8723ae: rtl8723-common: Copy common dynamic power
    management code
    - LP: #1240940
  * rtlwifi: rtl8723be: Add new driver
    - LP: #1240940
  * selinux: correctly label /proc inodes in use before the policy is
    loaded
    - LP: #1309007
  * net: sctp: fix skb leakage in COOKIE ECHO path of chunk->auth_chunk
    - LP: #1309007
  * bridge: multicast: add sanity check for query source addresses
    - LP: #1309007
  * tipc: allow connection shutdown callback to be invoked in advance
    - LP: #1309007
  * tipc: fix connection refcount leak
    - LP: #1309007
  * tipc: drop subscriber connection id invalidation
    - LP: #1309007
  * tipc: fix memory leak during module removal
    - LP: #1309007
  * tipc: don't log disabled tasklet handler errors
    - LP: #1309007
  * inet: frag: make sure forced eviction removes all frags
    - LP: #1309007
  * net: unix: non blocking recvmsg() should not return -EINTR
    - LP: #1309007
  * ipv6: Fix exthdrs offload registration.
    - LP: #1309007
  * bnx2: Fix shutdown sequence
    - LP: #1309007
  * pkt_sched: fq: do not hold qdisc lock while allocating memory
    - LP: #1309007
  * Xen-netback: Fix issue caused by using gso_type wrongly
    - LP: #1309007
  * vlan: Set correct source MAC address with TX VLAN offload enabled
    - LP: #1309007
  * tcp: tcp_release_cb() should release socket ownership
    - LP: #1309007
  * bridge: multicast: add sanity check for general query destination
    - LP: #1309007
  * bridge: multicast: enable snooping on general queries only
    - LP: #1309007
  * net: socket: error on a negative msg_namelen
    - LP: #1309007
  * bonding: set correct vlan id for alb xmit path
    - LP: #1309007
  * eth: fec: Fix lost promiscuous mode after reconnecting cable
    - LP: #1309007
  * ipv6: Avoid unnecessary temporary addresses being generated
    - LP: #1309007
  * ipv6: ip6_append_data_mtu do not handle the mtu of the second fragment
    properly
    - LP: #1309007
  * net: cdc_ncm: fix control message ordering
    - LP: #1309007
  * vxlan: fix potential NULL dereference in arp_reduce()
    - LP: #1309007
  * vxlan: fix nonfunctional neigh_reduce()
    - LP: #1309007
  * tcp: syncookies: do not use getnstimeofday()
    - LP: #1309007
  * rtnetlink: fix fdb notification flags
    - LP: #1309007
  * ipmr: fix mfc notification flags
    - LP: #1309007
  * ip6mr: fix mfc notification flags
    - LP: #1309007
  * net: micrel : ks8851-ml: add vdd-supply support
    - LP: #1309007
  * netpoll: fix the skb check in pkt_is_ns
    - LP: #1309007
  * tipc: fix spinlock recursion bug for failed subscriptions
    - LP: #1309007
  * ip_tunnel: Fix dst ref-count.
    - LP: #1309007
  * tg3: Do not include vlan acceleration features in vlan_features
    - LP: #1309007
  * virtio-net: correct error handling of virtqueue_kick()
    - LP: #1309007
  * usbnet: include wait queue head in device structure
    - LP: #1309007
  * vlan: Set hard_header_len according to available acceleration
    - LP: #1309007
  * vhost: fix total length when packets are too short
    - LP: #1309007
    - CVE-2014-0077
  * tcp: fix get_timewait4_sock() delay computation on 64bit
    - LP: #1309007
  * xen-netback: remove pointless clause from if statement
    - LP: #1309007
  * ipv6: some ipv6 statistic counters failed to disable bh
    - LP: #1309007
  * netlink: don't compare the nul-termination in nla_strcmp
    - LP: #1309007
  * xen-netback: disable rogue vif in kthread context
    - LP: #1309007
  * Call efx_set_channels() before efx->type->dimension_resources()
    - LP: #1309007
  * net: vxlan: fix crash when interface is created with no group
    - LP: #1309007
  * isdnloop: Validate NUL-terminated strings from user.
    - LP: #1309007
  * isdnloop: several buffer overflows
    - LP: #1309007
  * powernow-k6: disable cache when changing frequency
    - LP: #1309007
  * powernow-k6: correctly initialize default parameters
    - LP: #1309007
  * powernow-k6: reorder frequencies
    - LP: #1309007
  * ARC: [nsimosci] Change .dts to use generic 8250 UART
    - LP: #1309007
  * ARC: [nsimosci] Unbork console
    - LP: #1309007
  * futex: Allow architectures to skip futex_atomic_cmpxchg_inatomic() test
    - LP: #1309007
  * m68k: Skip futex_atomic_cmpxchg_inatomic() test
    - LP: #1309007
  * crypto: ghash-clmulni-intel - use C implementation for setkey()
    - LP: #1309007
  * Linux 3.13.10
    - LP: #1309007
  * cpufreq: powernv: cpufreq driver for powernv platform
    - LP: #1309576
  * cpufreq: powernv: Use cpufreq_frequency_table.driver_data to store
    pstate ids
    - LP: #1309576
  * cpufreq: powernv: Select CPUFreq related Kconfig options for powernv
    - LP: #1309576
  * support Thinkpad X1 Carbon 2nd generation's adaptive keyboard
    - LP: #1309609
  * save and restore adaptive keyboard mode for suspend and,resume
    - LP: #1309609
  * user namespace: fix incorrect memory barriers
    - LP: #1311683
  * Char: ipmi_bt_sm, fix infinite loop
    - LP: #1311683
  * x86, hyperv: Bypass the timer_irq_works() check
    - LP: #1311683
  * x86: Adjust irq remapping quirk for older revisions of 5500/5520
    chipsets
    - LP: #1311683
  * PCI: designware: Fix RC BAR to be single 64-bit non-prefetchable memory
    BAR
    - LP: #1311683
  * PCI: designware: Fix iATU programming for cfg1, io and mem viewport
    - LP: #1311683
  * ACPI / button: Add ACPI Button event via netlink routine
    - LP: #1311683
  * PCI: Enable INTx in pci_reenable_device() only when MSI/MSI-X not
    enabled
    - LP: #1311683
  * staging: comedi: 8255_pci: initialize MITE data window
    - LP: #1311683
  * tty: Set correct tty name in 'active' sysfs attribute
    - LP: #1311683
  * tty: Fix low_latency BUG
    - LP: #1311683
  * SCSI: sd: don't fail if the device doesn't recognize SYNCHRONIZE CACHE
    - LP: #1311683
  * pid_namespace: pidns_get() should check task_active_pid_ns() != NULL
    - LP: #1311683
  * Bluetooth: Fix removing Long Term Key
    - LP: #1311683
  * ima: restore the original behavior for sending data with ima template
    - LP: #1311683
  * backing_dev: fix hung task on sync
    - LP: #1311683
  * bdi: avoid oops on device removal
    - LP: #1311683
  * xfs: fix directory hash ordering bug
    - LP: #1311683
  * Btrfs: skip submitting barrier for missing device
    - LP: #1311683
  * Btrfs: fix deadlock with nested trans handles
    - LP: #1311683
  * ext4: fix error return from ext4_ext_handle_uninitialized_extents()
    - LP: #1311683
  * ext4: fix partial cluster handling for bigalloc file systems
    - LP: #1311683
  * ext4: fix premature freeing of partial clusters split across leaf
    blocks
    - LP: #1311683
  * jffs2: Fix segmentation fault found in stress test
    - LP: #1311683
  * jffs2: Fix crash due to truncation of csize
    - LP: #1311683
  * jffs2: avoid soft-lockup in jffs2_reserve_space_gc()
    - LP: #1311683
  * jffs2: remove from wait queue after schedule()
    - LP: #1311683
  * sparc32: fix build failure for arch_jump_label_transform
    - LP: #1311683
  * sparc64: don't treat 64-bit syscall return codes as 32-bit
    - LP: #1311683
  * sparc64: Make sure %pil interrupts are enabled during hypervisor yield.
    - LP: #1311683
  * wait: fix reparent_leader() vs EXIT_DEAD->EXIT_ZOMBIE race
    - LP: #1311683
  * exit: call disassociate_ctty() before exit_task_namespaces()
    - LP: #1311683
  * Linux 3.13.11
    - LP: #1311683
  * powerpc/le: Enable RTAS events support
    - LP: #1312230
  * net: ipv4: current group_info should be put after using.
    - CVE-2014-2851
  * powerpc/relocate fix relocate processing in LE mode
    - LP: #1312783
 -- Brad Figg <brad.figg@xxxxxxxxxxxxx>   Thu, 15 May 2014 10:21:43 -0700

** Changed in: linux (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1316735

Title:
  CVE-2014-1738

Status in “linux” package in Ubuntu:
  Fix Committed
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  New
Status in “linux-lts-backport-natty” package in Ubuntu:
  New
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  Fix Released
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  Fix Released
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  New
Status in “linux-lts-backport-natty” source package in Lucid:
  New
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-lts-saucy” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Fix Released
Status in “linux-armadaxp” source package in Precise:
  Fix Released
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  New
Status in “linux-lts-backport-natty” source package in Precise:
  New
Status in “linux-lts-quantal” source package in Precise:
  Fix Released
Status in “linux-lts-raring” source package in Precise:
  Fix Released
Status in “linux-lts-saucy” source package in Precise:
  Fix Released
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  Fix Committed
Status in “linux-lts-backport-maverick” source package in Quantal:
  New
Status in “linux-lts-backport-natty” source package in Quantal:
  New
Status in “linux” source package in Saucy:
  Fix Committed
Status in “linux-armadaxp” source package in Saucy:
  Invalid
Status in “linux-ec2” source package in Saucy:
  Invalid
Status in “linux-fsl-imx51” source package in Saucy:
  Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
  New
Status in “linux-lts-backport-natty” source package in Saucy:
  New
Status in “linux-lts-quantal” source package in Saucy:
  Invalid
Status in “linux-lts-raring” source package in Saucy:
  Invalid
Status in “linux-lts-saucy” source package in Saucy:
  Invalid
Status in “linux-mvl-dove” source package in Saucy:
  Invalid
Status in “linux-ti-omap4” source package in Saucy:
  Fix Committed
Status in “linux” source package in Trusty:
  Fix Released
Status in “linux-armadaxp” source package in Trusty:
  Invalid
Status in “linux-ec2” source package in Trusty:
  Invalid
Status in “linux-fsl-imx51” source package in Trusty:
  Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
  New
Status in “linux-lts-backport-natty” source package in Trusty:
  New
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid
Status in “linux-mvl-dove” source package in Trusty:
  Invalid
Status in “linux-ti-omap4” source package in Trusty:
  Invalid
Status in “linux” source package in Utopic:
  Fix Committed
Status in “linux-armadaxp” source package in Utopic:
  Invalid
Status in “linux-ec2” source package in Utopic:
  Invalid
Status in “linux-fsl-imx51” source package in Utopic:
  Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
  New
Status in “linux-lts-backport-natty” source package in Utopic:
  New
Status in “linux-lts-quantal” source package in Utopic:
  Invalid
Status in “linux-lts-raring” source package in Utopic:
  Invalid
Status in “linux-lts-saucy” source package in Utopic:
  Invalid
Status in “linux-mvl-dove” source package in Utopic:
  Invalid
Status in “linux-ti-omap4” source package in Utopic:
  Invalid

Bug description:
  The raw_cmd_copyout function in drivers/block/floppy.c in the Linux
  kernel through 3.14.3 does not properly restrict access to certain
  pointers during processing of an FDRAWCMD ioctl call, which allows
  local users to obtain sensitive information from kernel heap memory by
  leveraging write access to a /dev/fd device.

  Break-Fix: - 2145e15e0557a01b9195d1c7199a1b92cb9be81f

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1316735/+subscriptions


References