kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #64701
[Bug 1316268] Re: CVE-2014-3122
This bug was fixed in the package linux-ti-omap4 - 3.2.0-1449.68
---------------
linux-ti-omap4 (3.2.0-1449.68) precise; urgency=low
* Release Tracking Bug
- LP: #1326747
[ Paolo Pisati ]
* rebased on Ubuntu-3.2.0-64.97
[ Ubuntu: 3.2.0-64.97 ]
* futex-prevent-requeue-pi-on-same-futex.patch futex: Forbid uaddr ==
uaddr2 in futex_requeue(..., requeue_pi=1)
- LP: #1326367
- CVE-2014-3153
* futex: Validate atomic acquisition in futex_lock_pi_atomic()
- LP: #1326367
- CVE-2014-3153
* futex: Always cleanup owner tid in unlock_pi
- LP: #1326367
- CVE-2014-3153
* futex: Make lookup_pi_state more robust
- LP: #1326367
- CVE-2014-3153
linux-ti-omap4 (3.2.0-1448.67) precise; urgency=low
* Release Tracking Bug
- LP: #1322135
[ Paolo Pisati ]
* rebased on Ubuntu-3.2.0-64.96
* [Config] BLK_DEV_DM_BUILTIN=y
[ Ubuntu: 3.2.0-64.96 ]
* Release Tracking Bug
- LP: #1321792
* [Config] updateconfigs after Linux v3.2.58 and v3.2.59 updates
* Revert "sparc64: Fix __copy_{to,from}_user_inatomic defines."
- LP: #1319885
* Revert "alpha: fix broken network checksum"
- LP: #1319885
* Revert "isci: fix reset timeout handling"
- LP: #1319885
* Revert "USB: serial: add usbid for dell wwan card to sierra.c"
- LP: #1319885
* mm: try_to_unmap_cluster() should lock_page() before mlocking
- LP: #1316268
- CVE-2014-3122
* net: sctp: fix skb leakage in COOKIE ECHO path of chunk->auth_chunk
- LP: #1319885
* bridge: multicast: add sanity check for query source addresses
- LP: #1319885
* net: unix: non blocking recvmsg() should not return -EINTR
- LP: #1319885
* vlan: Set correct source MAC address with TX VLAN offload enabled
- LP: #1319885
* net: socket: error on a negative msg_namelen
- LP: #1319885
* ipv6: Avoid unnecessary temporary addresses being generated
- LP: #1319885
* ipv6: ip6_append_data_mtu do not handle the mtu of the second fragment
properly
- LP: #1319885
* vhost: validate vhost_get_vq_desc return value
- LP: #1319885
- CVE-2014-0055
* xen-netback: remove pointless clause from if statement
- LP: #1319885
* ipv6: some ipv6 statistic counters failed to disable bh
- LP: #1319885
* netlink: don't compare the nul-termination in nla_strcmp
- LP: #1319885
* isdnloop: Validate NUL-terminated strings from user.
- LP: #1319885
* isdnloop: several buffer overflows
- LP: #1319885
* sparc: PCI: Fix incorrect address calculation of PCI Bridge windows on
Simba-bridges
- LP: #1319885
* sparc32: fix build failure for arch_jump_label_transform
- LP: #1319885
* sparc64: don't treat 64-bit syscall return codes as 32-bit
- LP: #1319885
* drm/i915: inverted brightness quirk for Acer Aspire 4736Z
- LP: #1319885
* drm/i915: quirk invert brightness for Acer Aspire 5336
- LP: #1319885
* w1: fix w1_send_slave dropping a slave id
- LP: #1319885
* ARM: mm: introduce present, faulting entries for PAGE_NONE
- LP: #1319885
* ARM: 7954/1: mm: remove remaining domain support from ARMv6
- LP: #1319885
* matroxfb: restore the registers M_ACCESS and M_PITCH
- LP: #1319885
* framebuffer: fix cfb_copyarea
- LP: #1319885
* mach64: use unaligned access
- LP: #1319885
* mach64: fix cursor when character width is not a multiple of 8 pixels
- LP: #1319885
* tgafb: fix data copying
- LP: #1319885
* hvc: ensure hvc_init is only ever called once in hvc_console.c
- LP: #1319885
* usb: dwc3: fix wrong bit mask in dwc3_event_devt
- LP: #1319885
* media: gspca: sn9c20x: add ID for Genius Look 1320 V2
- LP: #1319885
* tty: Set correct tty name in 'active' sysfs attribute
- LP: #1319885
* uvcvideo: Do not use usb_set_interface on bulk EP
- LP: #1319885
* usb: gadget: atmel_usba: fix crashed during stopping when DEBUG is
enabled
- LP: #1319885
* blktrace: fix accounting of partially completed requests
- LP: #1319885
* rtlwifi: rtl8192se: Fix too long disable of IRQs
- LP: #1319885
* staging:serqt_usb2: Fix sparse warning restricted __le16 degrades to
integer
- LP: #1319885
* Btrfs: skip submitting barrier for missing device
- LP: #1319885
* jffs2: remove from wait queue after schedule()
- LP: #1319885
* jffs2: avoid soft-lockup in jffs2_reserve_space_gc()
- LP: #1319885
* jffs2: Fix segmentation fault found in stress test
- LP: #1319885
* jffs2: Fix crash due to truncation of csize
- LP: #1319885
* iwlwifi: dvm: take mutex when sending SYNC BT config command
- LP: #1319885
* virtio_balloon: don't softlockup on huge balloon changes.
- LP: #1319885
* ext4: fix partial cluster handling for bigalloc file systems
- LP: #1319885
* ath9k: fix ready time of the multicast buffer queue
- LP: #1319885
* IB/ipath: Fix potential buffer overrun in sending diag packet routine
- LP: #1319885
* IB/nes: Return an error on ib_copy_from_udata() failure instead of NULL
- LP: #1319885
* mfd: Include all drivers in subsystem menu
- LP: #1319885
* mfd: max8997: Fix possible NULL pointer dereference on i2c_new_dummy
error
- LP: #1319885
* mfd: max8998: Fix possible NULL pointer dereference on i2c_new_dummy
error
- LP: #1319885
* mfd: max8925: Fix possible NULL pointer dereference on i2c_new_dummy
error
- LP: #1319885
* mfd: 88pm860x: Fix possible NULL pointer dereference on i2c_new_dummy
error
- LP: #1319885
* pid: get pid_t ppid of task in init_pid_ns
- LP: #1319885
* audit: convert PPIDs to the inital PID namespace.
- LP: #1319885
* Btrfs: fix deadlock with nested trans handles
- LP: #1319885
* gpio: mxs: Allow for recursive enable_irq_wake() call
- LP: #1319885
* x86, hyperv: Bypass the timer_irq_works() check
- LP: #1319885
* nfsd4: buffer-length check for SUPPATTR_EXCLCREAT
- LP: #1319885
* nfsd4: session needs room for following op to error out
- LP: #1319885
* nfsd: Add fh_{want,drop}_write()
- LP: #1319885
* nfsd: notify_change needs elevated write count
- LP: #1319885
* drm/i915/tv: fix gen4 composite s-video tv-out
- LP: #1319885
* dm thin: fix dangling bio in process_deferred_bios error path
- LP: #1319885
* nfsd4: fix setclientid encode size
- LP: #1319885
* MIPS: Hibernate: Flush TLB entries in swsusp_arch_resume()
- LP: #1319885
* ALSA: hda - Enable beep for ASUS 1015E
- LP: #1319885
* IB/mthca: Return an error on ib_copy_to_udata() failure
- LP: #1319885
* IB/ehca: Returns an error on ib_copy_to_udata() failure
- LP: #1319885
* reiserfs: fix race in readdir
- LP: #1319885
* drm/vmwgfx: correct fb_fix_screeninfo.line_length
- LP: #1319885
* drm/radeon: call drm_edid_to_eld when we update the edid
- LP: #1319885
* sh: fix format string bug in stack tracer
- LP: #1319885
* ocfs2: dlm: fix lock migration crash
- LP: #1319885
* ocfs2: dlm: fix recovery hung
- LP: #1319885
* ocfs2: do not put bh when buffer_uptodate failed
- LP: #1319885
* iscsi-target: Fix ERL=2 ASYNC_EVENT connection pointer bug
- LP: #1319885
* mm: hugetlb: fix softlockup when a large number of hugepages are freed.
- LP: #1319885
* wait: fix reparent_leader() vs EXIT_DEAD->EXIT_ZOMBIE race
- LP: #1319885
* ALSA: ice1712: Fix boundary checks in PCM pointer ops
- LP: #1319885
* lib/percpu_counter.c: fix bad percpu counter state during suspend
- LP: #1319885
* b43: Fix machine check error due to improper access of
B43_MMIO_PSM_PHY_HDR
- LP: #1319885
* x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
- LP: #1319885
* target/tcm_fc: Fix use-after-free of ft_tpg
- LP: #1319885
* drivers: hv: additional switch to use mb() instead of smp_mb()
- LP: #1319885
* Char: ipmi_bt_sm, fix infinite loop
- LP: #1319885
* selinux: correctly label /proc inodes in use before the policy is
loaded
- LP: #1319885
* powernow-k6: disable cache when changing frequency
- LP: #1319885
* powernow-k6: correctly initialize default parameters
- LP: #1319885
* powernow-k6: reorder frequencies
- LP: #1319885
* Linux 3.2.58
- LP: #1319885
* ext4: FIBMAP ioctl causes BUG_ON due to handle EXT_MAX_BLOCKS
- LP: #1319885
* ext4: note the error in ext4_end_bio()
- LP: #1319885
* ext4: use i_size_read in ext4_unaligned_aio()
- LP: #1319885
* parisc: fix epoll_pwait syscall on compat kernel
- LP: #1319885
* locks: allow __break_lease to sleep even when break_time is 0
- LP: #1319885
* mlx4_en: don't use napi_synchronize inside mlx4_en_netpoll
- LP: #1319885
* staging: r8712u: Fix case where ethtype was never obtained and always
be checked against 0
- LP: #1319885
* USB: serial: ftdi_sio: add id for Brainboxes serial cards
- LP: #1319885
* usb: option driver, add support for Telit UE910v2
- LP: #1319885
* USB: cp210x: Add 8281 (Nanotec Plug & Drive)
- LP: #1319885
* USB: pl2303: add ids for Hewlett-Packard HP POS pole displays
- LP: #1319885
* USB: cdc-acm: Remove Motorola/Telit H24 serial interfaces from ACM
driver
- LP: #1319885
* nfsd: set timeparms.to_maxval in setup_callback_client
- LP: #1319885
* libata/ahci: accommodate tag ordered controllers
- LP: #1319885
* mm/hugetlb.c: add cond_resched_lock() in return_unused_surplus_pages()
- LP: #1319885
* dmi: add support for exact DMI matches in addition to substring
matching
- LP: #1319885
* Input: synaptics - add min/max quirk for ThinkPad T431s, L440, L540, S1
Yoga and X1
- LP: #1319885
* mm: make fixup_user_fault() check the vma access rights too
- LP: #1319885
* ARM: 8027/1: fix do_div() bug in big-endian systems
- LP: #1319885
* USB: serial: fix sysfs-attribute removal deadlock
- LP: #1319885
* Btrfs: Don't allocate inode that is already in use
- LP: #1319885
* Btrfs: fix inode caching vs tree log
- LP: #1319885
* xhci: For streams the css flag most be read from the stream-ctx on ep
stop
- LP: #1319885
* usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb
- LP: #1319885
* usb/xhci: fix compilation warning when !CONFIG_PCI && !CONFIG_PM
- LP: #1319885
* USB: io_ti: fix firmware download on big-endian machines
- LP: #1319885
* usb: option: add Olivetti Olicard 500
- LP: #1319885
* usb: option: add Alcatel L800MA
- LP: #1319885
* usb: option: add and update a number of CMOTech devices
- LP: #1319885
* rtl8192ce: Fix null dereference in watchdog
- LP: #1319885
* Linux 3.2.59
- LP: #1319885
linux-ti-omap4 (3.2.0-1447.66) precise; urgency=low
* Release Tracking Bug
- LP: #1320043
[ Paolo Pisati ]
* rebased on Ubuntu-3.2.0-63.95
[ Ubuntu: 3.2.0-63.95 ]
* Revert "rtlwifi: Set the link state"
- LP: #1319735
* Release Tracking Bug
- re-used previous tracking bug
-- Paolo Pisati <paolo.pisati@xxxxxxxxxxxxx> Thu, 05 Jun 2014 13:33:19 +0200
** Changed in: linux-ti-omap4 (Ubuntu Precise)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-0055
** Changed in: linux-ti-omap4 (Ubuntu Precise)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1316268
Title:
CVE-2014-3122
Status in “linux” package in Ubuntu:
Fix Committed
Status in “linux-armadaxp” package in Ubuntu:
Invalid
Status in “linux-ec2” package in Ubuntu:
Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
New
Status in “linux-lts-backport-natty” package in Ubuntu:
New
Status in “linux-lts-quantal” package in Ubuntu:
Invalid
Status in “linux-lts-raring” package in Ubuntu:
Invalid
Status in “linux-lts-saucy” package in Ubuntu:
Invalid
Status in “linux-mvl-dove” package in Ubuntu:
Invalid
Status in “linux-ti-omap4” package in Ubuntu:
Invalid
Status in “linux” source package in Lucid:
Fix Released
Status in “linux-armadaxp” source package in Lucid:
Invalid
Status in “linux-ec2” source package in Lucid:
Fix Released
Status in “linux-fsl-imx51” source package in Lucid:
Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
New
Status in “linux-lts-backport-natty” source package in Lucid:
New
Status in “linux-lts-quantal” source package in Lucid:
Invalid
Status in “linux-lts-raring” source package in Lucid:
Invalid
Status in “linux-lts-saucy” source package in Lucid:
Invalid
Status in “linux-mvl-dove” source package in Lucid:
Invalid
Status in “linux-ti-omap4” source package in Lucid:
Invalid
Status in “linux” source package in Precise:
Fix Released
Status in “linux-armadaxp” source package in Precise:
Fix Released
Status in “linux-ec2” source package in Precise:
Invalid
Status in “linux-fsl-imx51” source package in Precise:
Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
New
Status in “linux-lts-backport-natty” source package in Precise:
New
Status in “linux-lts-quantal” source package in Precise:
Fix Released
Status in “linux-lts-raring” source package in Precise:
Fix Released
Status in “linux-lts-saucy” source package in Precise:
Fix Committed
Status in “linux-mvl-dove” source package in Precise:
Invalid
Status in “linux-ti-omap4” source package in Precise:
Fix Released
Status in “linux-lts-backport-maverick” source package in Quantal:
New
Status in “linux-lts-backport-natty” source package in Quantal:
New
Status in “linux” source package in Saucy:
Fix Committed
Status in “linux-armadaxp” source package in Saucy:
Invalid
Status in “linux-ec2” source package in Saucy:
Invalid
Status in “linux-fsl-imx51” source package in Saucy:
Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
New
Status in “linux-lts-backport-natty” source package in Saucy:
New
Status in “linux-lts-quantal” source package in Saucy:
Invalid
Status in “linux-lts-raring” source package in Saucy:
Invalid
Status in “linux-lts-saucy” source package in Saucy:
Invalid
Status in “linux-mvl-dove” source package in Saucy:
Invalid
Status in “linux-ti-omap4” source package in Saucy:
Fix Committed
Status in “linux” source package in Trusty:
Fix Committed
Status in “linux-armadaxp” source package in Trusty:
Invalid
Status in “linux-ec2” source package in Trusty:
Invalid
Status in “linux-fsl-imx51” source package in Trusty:
Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
New
Status in “linux-lts-backport-natty” source package in Trusty:
New
Status in “linux-lts-quantal” source package in Trusty:
Invalid
Status in “linux-lts-raring” source package in Trusty:
Invalid
Status in “linux-lts-saucy” source package in Trusty:
Invalid
Status in “linux-mvl-dove” source package in Trusty:
Invalid
Status in “linux-ti-omap4” source package in Trusty:
Invalid
Status in “linux” source package in Utopic:
Fix Committed
Status in “linux-armadaxp” source package in Utopic:
Invalid
Status in “linux-ec2” source package in Utopic:
Invalid
Status in “linux-fsl-imx51” source package in Utopic:
Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
New
Status in “linux-lts-backport-natty” source package in Utopic:
New
Status in “linux-lts-quantal” source package in Utopic:
Invalid
Status in “linux-lts-raring” source package in Utopic:
Invalid
Status in “linux-lts-saucy” source package in Utopic:
Invalid
Status in “linux-mvl-dove” source package in Utopic:
Invalid
Status in “linux-ti-omap4” source package in Utopic:
Invalid
Bug description:
The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel
before 3.14.3 does not properly consider which pages must be locked,
which allows local users to cause a denial of service (system crash)
by triggering a memory-usage pattern that requires removal of page-
table mappings.
Break-Fix: b291f000393f5a0b679012b39d79fbc85c018233
57e68e9cd65b4b8eb4045a1e0d0746458502554c
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1316268/+subscriptions
References