kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #64638
[Bug 1321293] Re: Lucid update to 2.6.32.62 stable release
This bug was fixed in the package linux - 2.6.32-61.124
---------------
linux (2.6.32-61.124) lucid; urgency=low
[ Luis Henriques ]
* Revert "sysctl net: Keep tcp_syn_retries inside the boundary"
- LP: #1326473
* Revert "net: check net.core.somaxconn sysctl values"
- LP: #1326473
[ Upstream Kernel Changes ]
* futex-prevent-requeue-pi-on-same-futex.patch futex: Forbid uaddr ==
uaddr2 in futex_requeue(..., requeue_pi=1)
- LP: #1326367
- CVE-2014-3153
* futex: Validate atomic acquisition in futex_lock_pi_atomic()
- LP: #1326367
- CVE-2014-3153
* futex: Always cleanup owner tid in unlock_pi
- LP: #1326367
- CVE-2014-3153
* futex: Make lookup_pi_state more robust
- LP: #1326367
- CVE-2014-3153
-- Brad Figg <brad.figg@xxxxxxxxxxxxx> Wed, 04 Jun 2014 07:21:55 -0700
** Changed in: linux (Ubuntu Lucid)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3153
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1321293
Title:
Lucid update to 2.6.32.62 stable release
Status in “linux” package in Ubuntu:
Fix Committed
Status in “linux” source package in Lucid:
Fix Released
Bug description:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from Linus' tree or in a minimally
backported form of that patch. The 2.6.32.62 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
git://git.kernel.org/
TEST CASE: TBD
The following patches are in the 2.6.32.62 stable release:
Linux 2.6.32.62
s390: fix kernel crash due to linkage stack instructions
qeth: avoid buffer overflow in snmp ioctl
tcp_cubic: fix the range of delayed_ack
tcp_cubic: limit delayed_ack ratio to prevent divide error
tcp: fix tcp_trim_head() to adjust segment count with skb MSS
powernow-k6: reorder frequencies
powernow-k6: correctly initialize default parameters
powernow-k6: disable cache when changing frequency
powernow-k6: set transition latency value so ondemand governor can be used
gianfar: disable TX vlan based on kernel 2.6.x
x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround
inet: fix possible memory corruption with UDP_CORK and UFO
ipv6: udp packets following an UFO enqueued packet need also be handled by UFO
sctp: unbalanced rcu lock in ip_queue_xmit()
isdnloop: Validate NUL-terminated strings from user.
isdnloop: several buffer overflows
netlink: don't compare the nul-termination in nla_strcmp
net: socket: error on a negative msg_namelen
net: sctp: fix skb leakage in COOKIE ECHO path of chunk->auth_chunk
tg3: Don't check undefined error bits in RXBD
virtio-net: alloc big buffers also when guest can receive UFO
net: sctp: fix sctp_connectx abi for ia32 emulation/compat mode
bonding: 802.3ad: make aggregator_identifier bond-private
tg3: Fix deadlock in tg3_change_mtu()
net: fix 'ip rule' iif/oif device rename
inet_diag: fix inet_diag_dump_icsk() timewait socket state logic
net: llc: fix use after free in llc_ui_recvmsg
drivers/net/hamradio: Integer overflow in hdlcdrv_ioctl()
net: unix: allow bind to fail on mutex lock
net: drop_monitor: fix the value of maxattr
{pktgen, xfrm} Update IPv4 header total len and checksum after tranformation
ipv6: fix possible seqlock deadlock in ip6_finish_output2
inet: fix possible seqlock deadlocks
bridge: flush br's address entry in fdb when remove the bridge dev
net: core: Always propagate flag changes to interfaces
atm: idt77252: fix dev refcnt leak
ipv6: fix leaking uninitialized port number of offender sockaddr
net: clamp ->msg_namelen instead of returning an error
net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage)
ipv4: fix possible seqlock deadlock
isdnloop: use strlcpy() instead of strcpy()
bonding: fix two race conditions in bond_store_updelay/downdelay
random32: fix off-by-one in seeding requirement
ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
net: Fix "ip rule delete table 256"
tipc: fix lockdep warning during bearer initialization
ICMPv6: treat dest unreachable codes 5 and 6 as EACCES, not EPROTO
ipv6: Don't depend on per socket memory for neighbour discovery messages
ipv6: drop packets with multiple fragmentation headers
ipv6: don't stop backtracking in fib6_lookup_1 if subtree does not match
tcp: cubic: fix bug in bictcp_acked()
net: check net.core.somaxconn sysctl values
htb: fix sign extension bug
net_sched: info leak in atm_tc_dump_class()
af_key: more info leaks in pfkey messages
net_sched: Fix stack info leak in cbq_dump_wrr().
sctp: fully initialize sctp_outq in sctp_outq_init
sysctl net: Keep tcp_syn_retries inside the boundary
arcnet: cleanup sizeof parameter
vlan: fix a race in egress prio management
ifb: fix oops when loading the ifb failed
dummy: fix oops when loading the dummy failed
ifb: fix rcu_sched self-detected stalls
sunvnet: vnet_port_remove must call unregister_netdev
net: Swap ver and type in pppoe_hdr
neighbour: fix a race in neigh_destroy()
packet: packet_getname_spkt: make sure string is always 0-terminated
net: sctp: fix NULL pointer dereference in socket destruction
ip_tunnel: fix kernel panic with icmp_dest_unreach
ipv6: fix possible crashes in ip6_cork_release()
tcp: fix tcp_md5_hash_skb_data()
ll_temac: Reset dma descriptors indexes on ndo_open
bonding: Fix broken promiscuity reference counting issue
dm9601: fix IFF_ALLMULTI handling
ipv4 igmp: use in_dev_put in timer handlers instead of __in_dev_put
ipv6 mcast: use in6_dev_put in timer handlers instead of __in6_dev_put
resubmit bridge: fix message_age_timer calculation
davinci_emac.c: Fix IFF_ALLMULTI setup
sctp: Perform software checksum if packet has to be fragmented.
sctp: Use software crc32 checksum when xfrm transform will happen.
net: dst: provide accessor function to dst->xfrm
connector: use nlmsg_len() to check message length
net: vlan: fix nlmsg size calculation in vlan_get_size()
can: dev: fix nlmsg size calculation in can_get_size()
proc connector: fix info leaks
net: heap overflow in __audit_sockaddr()
net: do not call sock_put() on TIMEWAIT sockets
tcp: must unclone packets before mangling them
ipv6: tcp: fix panic in SYN processing
crypto: api - Fix race condition in larval lookup
HID: check for NULL field when setting values
kernel/kmod.c: check for NULL in call_usermodehelper_exec()
staging: comedi: ni_65xx: (bug fix) confine insn_bits to one subdevice
intel-iommu: Flush unmaps at domain_exit
ipvs: fix CHECKSUM_PARTIAL for TCP, UDP
x86, ptrace: fix build breakage with gcc 4.7 (second try)
Fix lockup related to stop_machine being stuck in __do_softirq.
scsi: fix missing include linux/types.h in scsi_netlink.h
The following patches from 2.6.32.62 stable release were not applied
as they were already present in Lucid kernel:
Revert "x86, ptrace: fix build breakage with gcc 4.7"
cciss: fix info leak in cciss_ioctl32_passthru()
cpqarray: fix info leak in ida_locked_ioctl()
drivers/cdrom/cdrom.c: use kzalloc() for failing hardware
sctp: deal with multiple COOKIE_ECHO chunks
sctp: Use correct sideffect command in duplicate cookie handling
ipv6: ip6_sk_dst_check() must not assume ipv6 dst
af_key: fix info leaks in notify messages
af_key: initialize satype in key_notify_policy_flush()
block: do not pass disk names as format strings
b43: stop format string leaking into error msgs
HID: validate HID report id size
HID: zeroplus: validate output report details
HID: pantherlord: validate output report details
HID: LG: validate HID output report details
HID: provide a helper for validating hid reports
farsync: fix info leak in ioctl
wanxl: fix info leak in ioctl
ipv6: remove max_addresses check from ipv6_create_tempaddr
inet: prevent leakage of uninitialized memory to user in recv syscalls
net: rework recvmsg handler msg_name and msg_namelen logic
inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions
hamradio/yam: fix info leak in ioctl
rds: prevent dereference of a NULL device
net: rose: restore old recvmsg behavior
net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
rds: prevent dereference of a NULL device in rds_iw_laddr_check
aacraid: prevent invalid pointer dereference
vm: add vm_iomap_memory() helper function
Fix a few incorrectly checked [io_]remap_pfn_range() calls
libertas: potential oops in debugfs
n_tty: Fix n_tty_write crash when echoing in raw mode
exec/ptrace: fix get_dumpable() incorrect tests
ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data
dm snapshot: fix data corruption
crypto: ansi_cprng - Fix off by one error in non-block size request
uml: check length in exitcode_proc_write()
KVM: Improve create VCPU parameter (CVE-2013-4587)
KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
xfs: underflow bug in xfs_attrlist_by_handle()
aacraid: missing capable() check in compat ioctl
SELinux: Fix kernel BUG on empty security contexts.
netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
floppy: don't write kernel-only members to FDRAWCMD ioctl output
floppy: ignore kernel-only members in FDRAWCMD ioctl input
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1321293/+subscriptions
References
