← Back to team overview

kernel-packages team mailing list archive

[Bug 1335049] Re: Lucid update to 2.6.32.63 stable release

 

This bug was fixed in the package linux - 2.6.32-64.128

---------------
linux (2.6.32-64.128) lucid; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux (2.6.32-64.127) lucid; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-2.6.32-62.126 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338946

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux (2.6.32-63.126) lucid; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1335875

  [ Upstream Kernel Changes ]

  * net: check net.core.somaxconn sysctl values
    - LP: #1321293
  * sysctl net: Keep tcp_syn_retries inside the boundary
    - LP: #1321293
  * ethtool: Report link-down while interface is down
    - LP: #1335049
  * futex: Prevent attaching to kernel threads
    - LP: #1335049
  * auditsc: audit_krule mask accesses need bounds checking
    - LP: #1335049
  * net: fix regression introduced in 2.6.32.62 by sysctl fixes
    - LP: #1335049
  * Linux 2.6.32.63
    - LP: #1335049
  * lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c
    - LP: #1335313
    - CVE-2014-4608
  * lib/lzo: Update LZO compression to current upstream version
    - LP: #1335313
    - CVE-2014-4608
  * lzo: properly check for overruns
    - LP: #1335313
    - CVE-2014-4608
 -- Luis Henriques <luis.henriques@xxxxxxxxxxxxx>   Mon, 14 Jul 2014 16:33:33 +0100

** Changed in: linux (Ubuntu Lucid)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-4608

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-4699

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-4943

** Changed in: linux (Ubuntu Lucid)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1335049

Title:
  Lucid update to 2.6.32.63 stable release

Status in “linux” package in Ubuntu:
  New
Status in “linux” source package in Lucid:
  Fix Released

Bug description:
  SRU Justification

      Impact:
         The upstream process for stable tree updates is quite similar
         in scope to the Ubuntu SRU process, e.g., each patch has to
         demonstrably fix a bug, and each patch is vetted by upstream
         by originating either directly from Linus' tree or in a minimally
         backported form of that patch. The 2.6.32.63 upstream stable
         patch set is now available. It should be included in the Ubuntu
         kernel as well.

         git://git.kernel.org/

      TEST CASE: TBD

         The following patches are in the 2.6.32.63 stable release:

  Linux 2.6.32.63
  net: fix regression introduced in 2.6.32.62 by sysctl fixes
  auditsc: audit_krule mask accesses need bounds checking
  futex: Prevent attaching to kernel threads
  ethtool: Report link-down while interface is down

  The following patches from 2.6.32.63 were not applied as they were
  already present in the Lucid kernel:

  futex: Make lookup_pi_state more robust
  futex: Always cleanup owner tid in unlock_pi
  futex: Validate atomic acquisition in futex_lock_pi_atomic()
  futex-prevent-requeue-pi-on-same-futex.patch futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1)

  The following patch from 2.6.32.63 was dropped as one of futex patches
  in Lucid seem to implement a slightly different security fix that
  prevents it from being applied:

  futex: Add another early deadlock detection check

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1335049/+subscriptions


References