kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #71432
[Bug 1335313] Re: CVE-2014-4608
This bug was fixed in the package linux-ec2 - 2.6.32-368.84
---------------
linux-ec2 (2.6.32-368.84) lucid; urgency=low
[ Andy Whitcroft ]
* pull in missing CVE changelog
* Ubuntu-2.6.32-368.84
[ Ubuntu: 2.6.32-64.128 ]
* l2tp: Privilege escalation in ppp over l2tp sockets
- LP: #1341472
- CVE-2014-4943
linux-ec2 (2.6.32-368.83) lucid; urgency=low
[ Stefan Bader ]
* Rebased to Ubuntu-2.6.32-64.127
* Release Tracking Bug
- LP: #1339215
[ Ubuntu: 2.6.32-64.127 ]
* Merged back Ubuntu-2.6.32-62.126 security release
* Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
- LP: #1337339
* ptrace,x86: force IRET path after a ptrace_stop()
- LP: #1337339
- CVE-2014-4699
linux-ec2 (2.6.32-367.82) lucid; urgency=low
[ Stefan Bader ]
* Rebased to Ubuntu-2.6.32-63.126
* Release Tracking Bug
- LP: #1336142
[ Ubuntu: 2.6.32-63.126 ]
* net: check net.core.somaxconn sysctl values
- LP: #1321293
* sysctl net: Keep tcp_syn_retries inside the boundary
- LP: #1321293
* ethtool: Report link-down while interface is down
- LP: #1335049
* futex: Prevent attaching to kernel threads
- LP: #1335049
* auditsc: audit_krule mask accesses need bounds checking
- LP: #1335049
* net: fix regression introduced in 2.6.32.62 by sysctl fixes
- LP: #1335049
* Linux 2.6.32.63
- LP: #1335049
* lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c
- LP: #1335313
- CVE-2014-4608
* lib/lzo: Update LZO compression to current upstream version
- LP: #1335313
- CVE-2014-4608
* lzo: properly check for overruns
- LP: #1335313
- CVE-2014-4608
-- Andy Whitcroft <apw@xxxxxxxxxxxxx> Mon, 14 Jul 2014 17:31:51 +0100
** Changed in: linux-ec2 (Ubuntu Lucid)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1335313
Title:
CVE-2014-4608
Status in “linux” package in Ubuntu:
Fix Committed
Status in “linux-armadaxp” package in Ubuntu:
Invalid
Status in “linux-ec2” package in Ubuntu:
Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
New
Status in “linux-lts-backport-natty” package in Ubuntu:
New
Status in “linux-lts-quantal” package in Ubuntu:
Invalid
Status in “linux-lts-raring” package in Ubuntu:
Invalid
Status in “linux-lts-saucy” package in Ubuntu:
Invalid
Status in “linux-mvl-dove” package in Ubuntu:
Invalid
Status in “linux-ti-omap4” package in Ubuntu:
Invalid
Status in “linux” source package in Lucid:
Fix Released
Status in “linux-armadaxp” source package in Lucid:
Invalid
Status in “linux-ec2” source package in Lucid:
Fix Released
Status in “linux-fsl-imx51” source package in Lucid:
Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
New
Status in “linux-lts-backport-natty” source package in Lucid:
New
Status in “linux-lts-quantal” source package in Lucid:
Invalid
Status in “linux-lts-raring” source package in Lucid:
Invalid
Status in “linux-lts-saucy” source package in Lucid:
Invalid
Status in “linux-mvl-dove” source package in Lucid:
Invalid
Status in “linux-ti-omap4” source package in Lucid:
Invalid
Status in “linux” source package in Precise:
Fix Committed
Status in “linux-armadaxp” source package in Precise:
Fix Committed
Status in “linux-ec2” source package in Precise:
Invalid
Status in “linux-fsl-imx51” source package in Precise:
Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
New
Status in “linux-lts-backport-natty” source package in Precise:
New
Status in “linux-lts-quantal” source package in Precise:
Fix Committed
Status in “linux-lts-raring” source package in Precise:
Fix Committed
Status in “linux-lts-saucy” source package in Precise:
Fix Released
Status in “linux-mvl-dove” source package in Precise:
Invalid
Status in “linux-ti-omap4” source package in Precise:
New
Status in “linux” source package in Saucy:
Fix Committed
Status in “linux-armadaxp” source package in Saucy:
Invalid
Status in “linux-ec2” source package in Saucy:
Invalid
Status in “linux-fsl-imx51” source package in Saucy:
Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
New
Status in “linux-lts-backport-natty” source package in Saucy:
New
Status in “linux-lts-quantal” source package in Saucy:
Invalid
Status in “linux-lts-raring” source package in Saucy:
Invalid
Status in “linux-lts-saucy” source package in Saucy:
Invalid
Status in “linux-mvl-dove” source package in Saucy:
Invalid
Status in “linux-ti-omap4” source package in Saucy:
New
Status in “linux” source package in Trusty:
Fix Committed
Status in “linux-armadaxp” source package in Trusty:
Invalid
Status in “linux-ec2” source package in Trusty:
Invalid
Status in “linux-fsl-imx51” source package in Trusty:
Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
New
Status in “linux-lts-backport-natty” source package in Trusty:
New
Status in “linux-lts-quantal” source package in Trusty:
Invalid
Status in “linux-lts-raring” source package in Trusty:
Invalid
Status in “linux-lts-saucy” source package in Trusty:
Invalid
Status in “linux-mvl-dove” source package in Trusty:
Invalid
Status in “linux-ti-omap4” source package in Trusty:
Invalid
Status in “linux” source package in Utopic:
Fix Committed
Status in “linux-armadaxp” source package in Utopic:
Invalid
Status in “linux-ec2” source package in Utopic:
Invalid
Status in “linux-fsl-imx51” source package in Utopic:
Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
New
Status in “linux-lts-backport-natty” source package in Utopic:
New
Status in “linux-lts-quantal” source package in Utopic:
Invalid
Status in “linux-lts-raring” source package in Utopic:
Invalid
Status in “linux-lts-saucy” source package in Utopic:
Invalid
Status in “linux-mvl-dove” source package in Utopic:
Invalid
Status in “linux-ti-omap4” source package in Utopic:
Invalid
Bug description:
** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe
function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in
the Linux kernel before 3.15.2 allow context-dependent attackers to
cause a denial of service (memory corruption) via a crafted Literal
Run. NOTE: the author of the LZO algorithms says "the Linux kernel is
*not* affected; media hype."
Break-Fix: 64c70b1cf43de158282bc1675918d503e5b15cc1
206a81c18401c0cde6e579164f752c4b147324ce
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1335313/+subscriptions
References