← Back to team overview

kernel-packages team mailing list archive

[Bug 1329103] Re: CVE-2014-4014

 

This bug was fixed in the package linux-lts-raring -
3.8.0-44.66~precise1

---------------
linux-lts-raring (3.8.0-44.66~precise1) precise; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux-lts-raring (3.8.0-44.65~precise1) precise; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-lts-3.8.0-42.63 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338579

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux-lts-raring (3.8.0-43.64~precise1) precise; urgency=low

  [ Kamal Mostafa ]

  * Revert "ARM: OMAP3: clock: Back-propagate rate change from
    cam_mclk to dpll4_m5 on all OMAP3 platforms"
  * Release Tracking Bug
    - re-used previous tracking bug

linux-lts-raring (3.8.0-43.63~precise1) precise; urgency=low

  [ Kamal Mostafa ]

  * [Config] add debian/gbp.conf
  * Release Tracking Bug
    - LP: #1335912

  [ Upstream Kernel Changes ]

  * Revert "USB: serial: add usbid for dell wwan card to sierra.c"
    - LP: #1333900
  * Revert "macvlan : fix checksums error when we are in bridge mode"
    - LP: #1333900
  * auditsc: audit_krule mask accesses need bounds checking
    - LP: #1325941
    - CVE-2014-3917
  * fs, userns: Change inode_capable to capable_wrt_inode_uidgid
    - LP: #1329103
    - CVE-2014-4014
  * ACPI / EC: Clear stale EC events on Samsung systems
    - LP: #1333900
  * ACPI / EC: Process rather than discard events in acpi_ec_clear
    - LP: #1333900
  * mac80211: fix software remain-on-channel implementation
    - LP: #1333900
  * mac80211: exclude AP_VLAN interfaces from tx power calculation
    - LP: #1333900
  * parisc: fix epoll_pwait syscall on compat kernel
    - LP: #1333900
  * ALSA: hda/realtek - Add support of ALC288 codec
    - LP: #1333900
  * user namespace: fix incorrect memory barriers
    - LP: #1333900
  * mlx4_en: don't use napi_synchronize inside mlx4_en_netpoll
    - LP: #1333900
  * mei: ignore client writing state during cb completion
    - LP: #1333900
  * staging: r8712u: Fix case where ethtype was never obtained and always
    be checked against 0
    - LP: #1333900
  * USB: serial: ftdi_sio: add id for Brainboxes serial cards
    - LP: #1333900
  * usb: option driver, add support for Telit UE910v2
    - LP: #1333900
  * USB: cp210x: Add 8281 (Nanotec Plug & Drive)
    - LP: #1333900
  * USB: pl2303: add ids for Hewlett-Packard HP POS pole displays
    - LP: #1333900
  * USB: usb_wwan: fix handling of missing bulk endpoints
    - LP: #1333900
  * USB: fix crash during hotplug of PCI USB controller card
    - LP: #1333900
  * USB: cdc-acm: Remove Motorola/Telit H24 serial interfaces from ACM
    driver
    - LP: #1333900
  * drm/radeon: memory leak on bo reservation failure. v2
    - LP: #1333900
  * drm/radeon/si: make sure mc ucode is loaded before checking the size
    - LP: #1333900
  * mm/hugetlb.c: add cond_resched_lock() in return_unused_surplus_pages()
    - LP: #1333900
  * mm: use paravirt friendly ops for NUMA hinting ptes
    - LP: #1333900
  * iio: querying buffer scan_mask should return 0/1
    - LP: #1333900
  * pata_at91: fix ata_host_activate() failure handling
    - LP: #1333900
  * ext4: note the error in ext4_end_bio()
    - LP: #1333900
  * ext4: fix jbd2 warning under heavy xattr load
    - LP: #1333900
  * ext4: use i_size_read in ext4_unaligned_aio()
    - LP: #1333900
  * locks: allow __break_lease to sleep even when break_time is 0
    - LP: #1333900
  * genirq: Allow forcing cpu affinity of interrupts
    - LP: #1333900
  * nfsd: set timeparms.to_maxval in setup_callback_client
    - LP: #1333900
  * libata/ahci: accommodate tag ordered controllers
    - LP: #1333900
  * Input: synaptics - add min/max quirk for ThinkPad T431s, L440, L540, S1
    Yoga and X1
    - LP: #1333900
  * drm/radeon: fix ATPX detection on non-VGA GPUs
    - LP: #1333900
  * mm: make fixup_user_fault() check the vma access rights too
    - LP: #1333900
  * ARM: 8027/1: fix do_div() bug in big-endian systems
    - LP: #1333900
  * ARM: 8030/1: ARM : kdump : add arch_crash_save_vmcoreinfo
    - LP: #1333900
  * USB: serial: fix sysfs-attribute removal deadlock
    - LP: #1333900
  * Btrfs: fix inode caching vs tree log
    - LP: #1333900
  * xhci: Switch Intel Lynx Point ports to EHCI on shutdown.
    - LP: #1333900
  * USB: io_ti: fix firmware download on big-endian machines
    - LP: #1333900
  * usb: qcserial: add Sierra Wireless EM7355
    - LP: #1333900
  * usb: qcserial: add Sierra Wireless MC73xx
    - LP: #1333900
  * usb: qcserial: add Sierra Wireless MC7305/MC7355
    - LP: #1333900
  * usb: option: add Olivetti Olicard 500
    - LP: #1333900
  * usb: option: add Alcatel L800MA
    - LP: #1333900
  * usb: option: add and update a number of CMOTech devices
    - LP: #1333900
  * list: introduce list_next_entry() and list_prev_entry()
    - LP: #1333900
  * net: sctp: wake up all assocs if sndbuf policy is per socket
    - LP: #1333900
  * net: sctp: test if association is dead in sctp_wake_up_waiters
    - LP: #1333900
  * l2tp: take PMTU from tunnel UDP socket
    - LP: #1333900
  * net: core: don't account for udp header size when computing seglen
    - LP: #1333900
  * bonding: Remove debug_fs files when module init fails
    - LP: #1333900
  * ipv6: Limit mtu to 65575 bytes
    - LP: #1333900
  * ipv4: return valid RTA_IIF on ip route get
    - LP: #1333900
  * filter: prevent nla extensions to peek beyond the end of the message
    - LP: #1333900
  * ip6_gre: don't allow to remove the fb_tunnel_dev
    - LP: #1333900
  * vlan: Fix lockdep warning when vlan dev handle notification
    - LP: #1333900
  * tg3: update rx_jumbo_pending ring param only when jumbo frames are
    enabled
    - LP: #1333900
  * net: sctp: cache auth_enable per endpoint
    - LP: #1333900
  * rtnetlink: Warn when interface's information won't fit in our packet
    - LP: #1333900
  * rtnetlink: Only supply IFLA_VF_PORTS information when RTEXT_FILTER_VF
    is set
    - LP: #1333900
  * ipv6: fib: fix fib dump restart
    - LP: #1333900
  * bridge: Handle IFLA_ADDRESS correctly when creating bridge device
    - LP: #1333900
  * sctp: reset flowi4_oif parameter on route lookup
    - LP: #1333900
  * tcp_cubic: fix the range of delayed_ack
    - LP: #1333900
  * net: ipv4: ip_forward: fix inverted local_df test
    - LP: #1333900
  * netfilter: ipv4: defrag: set local_df flag on defragmented skb
    - LP: #1333900
  * net: ipv6: send pkttoobig immediately if orig frag size > mtu
    - LP: #1333900
  * ipv4: fib_semantics: increment fib_info_cnt after fib_info allocation
    - LP: #1333900
  * net: cdc_mbim: handle unaccelerated VLAN tagged frames
    - LP: #1333900
  * macvlan: Don't propagate IFF_ALLMULTI changes on down interfaces.
    - LP: #1333900
  * ip6_tunnel: fix potential NULL pointer dereference
    - LP: #1333900
  * ipv4: initialise the itag variable in __mkroute_input
    - LP: #1333900
  * net-gro: reset skb->truesize in napi_reuse_skb()
    - LP: #1333900
  * net: qmi_wwan: fixup Sierra Wireless MC8305 entry
    - LP: #1333900
  * net: qmi_wwan: add Option GTM681W
    - LP: #1333900
  * net: qmi_wwan: add TP-LINK MA260
    - LP: #1333900
  * qmi_wwan: add ONDA MT689DC device ID (fwd)
    - LP: #1333900
  * net: qmi_wwan: add Telit LE920 newer firmware support
    - LP: #1333900
  * net: qmi_wwan: fix Cinterion PLXX product ID
    - LP: #1333900
  * net: qmi_wwan: Olivetti Olicard 200 support
    - LP: #1333900
  * net: qmi_wwan: add ZTE MF667
    - LP: #1333900
  * net: qmi_wwan: add support for Cinterion PXS8 and PHS8
    - LP: #1333900
  * net: qmi_wwan: add Sierra Wireless EM7355
    - LP: #1333900
  * net: qmi_wwan: add Sierra Wireless MC73xx
    - LP: #1333900
  * net: qmi_wwan: add Sierra Wireless MC7305/MC7355
    - LP: #1333900
  * net: qmi_wwan: add Olivetti Olicard 500
    - LP: #1333900
  * net: qmi_wwan: add Alcatel L800MA
    - LP: #1333900
  * net: qmi_wwan: add a number of CMOTech devices
    - LP: #1333900
  * net: qmi_wwan: add a number of Dell devices
    - LP: #1333900
  * xhci: For streams the css flag most be read from the stream-ctx on ep
    stop
    - LP: #1333900
  * usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb
    - LP: #1333900
  * skbuff: skb_segment: orphan frags before copying
    - LP: #1298119, #1333900
    - CVE-2014-0131
  * drm/vmwgfx: Make sure user-space can't DMA across buffer object
    boundaries v2
    - LP: #1333900
  * s390/bpf,jit: initialize A register if 1st insn is BPF_S_LDX_B_MSH
    - LP: #1333900
  * ftrace/module: Hardcode ftrace_module_init() call into load_module()
    - LP: #1333900
  * [SCSI] mpt2sas: Don't disable device twice at suspend.
    - LP: #1333900
  * drivercore: deferral race condition fix
    - LP: #1333900
  * hrtimer: Prevent all reprogramming if hang detected
    - LP: #1333900
  * hrtimer: Prevent remote enqueue of leftmost timers
    - LP: #1333900
  * timer: Prevent overflow in apply_slack
    - LP: #1333900
  * rt2x00: fix beaconing on USB
    - LP: #1333900
  * Input: synaptics - add min/max quirk for ThinkPad Edge E431
    - LP: #1333900
  * Bluetooth: Fix triggering BR/EDR L2CAP Connect too early
    - LP: #1333900
  * Bluetooth: Add support for Lite-on [04ca:3007]
    - LP: #1333900
  * drm/i915: Break encoder->crtc link separately in intel_sanitize_crtc()
    - LP: #1333900
  * rtl8192cu: Fix unbalanced irq enable in error path of rtl92cu_hw_init()
    - LP: #1333900
  * drm/nouveau/acpi: allow non-optimus setups to load vbios from acpi
    - LP: #1333900
  * ALSA: usb-audio: work around corrupted TEAC UD-H01 feedback data
    - LP: #1333900
  * usb: qcserial: add a number of Dell devices
    - LP: #1333900
  * usb: storage: shuttle_usbat: fix discs being detected twice
    - LP: #1333900
  * fsl-usb: do not test for PHY_CLK_VALID bit on controller version 1.6
    - LP: #1333900
  * drivers/tty/hvc: don't free hvc_console_setup after init
    - LP: #1333900
  * USB: Nokia 305 should be treated as unusual dev
    - LP: #1333900
  * USB: Nokia 5300 should be treated as unusual dev
    - LP: #1333900
  * HID: add NO_INIT_REPORTS quirk for Synaptics Touch Pad V 103S
    - LP: #1333900
  * Input: elantech - fix touchpad initialization on Gigabyte U2442
    - LP: #1333900
  * posix_acl: handle NULL ACL in posix_acl_equiv_mode
    - LP: #1333900
  * mm/compaction: make isolate_freepages start at pageblock boundary
    - LP: #1333900
  * Linux 3.8.13.24
    - LP: #1333900
  * lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c
    - CVE-2014-4608
  * lib/lzo: Update LZO compression to current upstream version
    - CVE-2014-4608
  * lzo: properly check for overruns
    - CVE-2014-4608
  * percpu: make pcpu_alloc_chunk() use pcpu_mem_free() instead of kfree()
    - LP: #1335893
  * [media] fc2580: fix tuning failure on 32-bit arch
    - LP: #1335893
  * crypto: caam - add allocation failure handling in SPRINTFCAT macro
    - LP: #1335893
  * [media] media-device: fix infoleak in ioctl media_enum_entities()
    - LP: #1335893
  * md: avoid possible spinning md thread at shutdown.
    - LP: #1335893
  * NFSd: call rpc_destroy_wait_queue() from free_client()
    - LP: #1335893
  * genirq: Provide irq_force_affinity fallback for non-SMP
    - LP: #1335893
  * ACPI / blacklist: Add dmi_enable_osi_linux quirk for Asus EEE PC 1015PX
    - LP: #1335893
  * NFSD: Call ->set_acl with a NULL ACL structure if no entries
    - LP: #1335893
  * ARM: dts: i.MX53: Fix ipu register space size
    - LP: #1335893
  * mm, thp: close race between mremap() and split_huge_page()
    - LP: #1335893
  * hrtimer: Set expiry time before switch_hrtimer_base()
    - LP: #1335893
  * hwmon: (emc1403) fix inverted store_hyst()
    - LP: #1335893
  * hwmon: (emc1403) Support full range of known chip revision numbers
    - LP: #1335893
  * iommu/amd: Fix interrupt remapping for aliased devices
    - LP: #1335893
  * ASoC: wm8962: Update register CLASS_D_CONTROL_1 to be non-volatile
    - LP: #1335893
  * [media] V4L2: ov7670: fix a wrong index, potentially Oopsing the kernel
    from user-space
    - LP: #1335893
  * [media] V4L2: fix VIDIOC_CREATE_BUFS in 64- / 32-bit compatibility mode
    - LP: #1335893
  * x86, mm, hugetlb: Add missing TLB page invalidation for hugetlb_cow()
    - LP: #1335893
  * i2c: designware: Mask all interrupts during i2c controller enable
    - LP: #1335893
  * i2c: s3c2410: resume race fix
    - LP: #1335893
  * i2c: rcar: bail out on zero length transfers
    - LP: #1335893
  * dm crypt: fix cpu hotplug crash by removing per-cpu structure
    - LP: #1335893
  * x86-64, modify_ldt: Make support for 16-bit segments a runtime option
    - LP: #1335893
  * PCI: shpchp: Check bridge's secondary (not primary) bus speed
    - LP: #1335893
  * libceph: fix corruption when using page_count 0 page in rbd
    - LP: #1335893
  * sched: Sanitize irq accounting madness
    - LP: #1335893
  * sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri check
    - LP: #1335893
  * net: cpsw: fix null dereference at probe
    - LP: #1335893
  * perf: Limit perf_event_attr::sample_period to 63 bits
    - LP: #1335893
  * perf: Prevent false warning in perf_swevent_add
    - LP: #1335893
  * drm/radeon: also try GART for CPU accessed buffers
    - LP: #1335893
  * drm/radeon: handle non-VGA class pci devices with ATRM
    - LP: #1335893
  * drm/radeon: avoid segfault on device open when accel is not working.
    - LP: #1335893
  * can: peak_pci: prevent use after free at netdev removal
    - LP: #1335893
  * nfsd4: remove lockowner when removing lock stateid
    - LP: #1335893
  * nfsd4: warn on finding lockowner without stateid's
    - LP: #1335893
  * dma: mv_xor: Flush descriptors before activating a channel
    - LP: #1335893
  * hwpoison, hugetlb: lock_page/unlock_page does not match for handling a
    free hugepage
    - LP: #1335893
  * mm/memory-failure.c: fix memory leak by race between poison and
    unpoison
    - LP: #1335893
  * ARM: OMAP3: clock: Back-propagate rate change from cam_mclk to dpll4_m5
    on all OMAP3 platforms
    - LP: #1335893
  * Input: synaptics - add min/max quirk for the ThinkPad W540
    - LP: #1335893
  * futex: Add another early deadlock detection check
    - LP: #1335893
  * futex: Prevent attaching to kernel threads
    - LP: #1335893
  * ARM: imx: fix error handling in ipu device registration
    - LP: #1335893
  * sched/deadline: Change sched_getparam() behaviour vs SCHED_DEADLINE
    - LP: #1335893
  * ALSA: hda - Fix onboard audio on Intel H97/Z97 chipsets
    - LP: #1335893
  * ARM: 8051/1: put_user: fix possible data corruption in put_user
    - LP: #1335893
  * Input: synaptics - T540p - unify with other LEN0034 models
    - LP: #1335893
  * powerpc: Fix 64 bit builds with binutils 2.24
    - LP: #1335893
  * Staging: speakup: Move pasting into a work item
    - LP: #1335893
  * USB: Avoid runtime suspend loops for HCDs that can't handle
    suspend/resume
    - LP: #1335893
  * USB: io_ti: fix firmware download on big-endian machines (part 2)
    - LP: #1335893
  * USB: ftdi_sio: add NovaTech OrionLXm product ID
    - LP: #1335893
  * USB: serial: option: add support for Novatel E371 PCIe card
    - LP: #1335893
  * md: always set MD_RECOVERY_INTR when aborting a reshape or other
    "resync".
    - LP: #1335893
  * xhci: delete endpoints from bandwidth list before freeing whole device
    - LP: #1335893
  * ALSA: hda/realtek - Correction of fixup codes for PB V7900 laptop
    - LP: #1335893
  * ALSA: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup
    - LP: #1335893
  * target: Fix alua_access_state attribute OOPs for un-configured devices
    - LP: #1335893
  * mm: rmap: fix use-after-free in __put_anon_vma
    - LP: #1335893
  * Linux 3.8.13.25
    - LP: #1335893
 -- Luis Henriques <luis.henriques@xxxxxxxxxxxxx>   Mon, 14 Jul 2014 14:52:11 +0100

** Changed in: linux-lts-raring (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1329103

Title:
  CVE-2014-4014

Status in “linux” package in Ubuntu:
  Fix Committed
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  New
Status in “linux-lts-backport-natty” package in Ubuntu:
  New
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  New
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  New
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Lucid:
  Won't Fix
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-lts-saucy” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  New
Status in “linux-armadaxp” source package in Precise:
  New
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Precise:
  Won't Fix
Status in “linux-lts-quantal” source package in Precise:
  Fix Released
Status in “linux-lts-raring” source package in Precise:
  Fix Released
Status in “linux-lts-saucy” source package in Precise:
  Fix Committed
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  New
Status in “linux” source package in Saucy:
  Fix Committed
Status in “linux-armadaxp” source package in Saucy:
  Invalid
Status in “linux-ec2” source package in Saucy:
  Invalid
Status in “linux-fsl-imx51” source package in Saucy:
  Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Saucy:
  Won't Fix
Status in “linux-lts-quantal” source package in Saucy:
  Invalid
Status in “linux-lts-raring” source package in Saucy:
  Invalid
Status in “linux-lts-saucy” source package in Saucy:
  Invalid
Status in “linux-mvl-dove” source package in Saucy:
  Invalid
Status in “linux-ti-omap4” source package in Saucy:
  New
Status in “linux” source package in Trusty:
  New
Status in “linux-armadaxp” source package in Trusty:
  Invalid
Status in “linux-ec2” source package in Trusty:
  Invalid
Status in “linux-fsl-imx51” source package in Trusty:
  Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Trusty:
  Won't Fix
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid
Status in “linux-mvl-dove” source package in Trusty:
  Invalid
Status in “linux-ti-omap4” source package in Trusty:
  Invalid
Status in “linux” source package in Utopic:
  Fix Committed
Status in “linux-armadaxp” source package in Utopic:
  Invalid
Status in “linux-ec2” source package in Utopic:
  Invalid
Status in “linux-fsl-imx51” source package in Utopic:
  Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Utopic:
  Won't Fix
Status in “linux-lts-quantal” source package in Utopic:
  Invalid
Status in “linux-lts-raring” source package in Utopic:
  Invalid
Status in “linux-lts-saucy” source package in Utopic:
  Invalid
Status in “linux-mvl-dove” source package in Utopic:
  Invalid
Status in “linux-ti-omap4” source package in Utopic:
  Invalid

Bug description:
  The capabilities implementation in the Linux kernel before 3.14.8 does
  not properly consider that namespaces are inapplicable to inodes,
  which allows local users to bypass intended chmod restrictions by
  first creating a user namespace, as demonstrated by setting the setgid
  bit on a file with group ownership of root.

  Break-Fix: - 23adbe12ef7d3d4195e80800ab36b37bee28cd03

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1329103/+subscriptions


References