← Back to team overview

kernel-packages team mailing list archive

[Bug 1298119] Re: CVE-2014-0131

 

This bug was fixed in the package linux-lts-raring -
3.8.0-44.66~precise1

---------------
linux-lts-raring (3.8.0-44.66~precise1) precise; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux-lts-raring (3.8.0-44.65~precise1) precise; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-lts-3.8.0-42.63 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338579

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux-lts-raring (3.8.0-43.64~precise1) precise; urgency=low

  [ Kamal Mostafa ]

  * Revert "ARM: OMAP3: clock: Back-propagate rate change from
    cam_mclk to dpll4_m5 on all OMAP3 platforms"
  * Release Tracking Bug
    - re-used previous tracking bug

linux-lts-raring (3.8.0-43.63~precise1) precise; urgency=low

  [ Kamal Mostafa ]

  * [Config] add debian/gbp.conf
  * Release Tracking Bug
    - LP: #1335912

  [ Upstream Kernel Changes ]

  * Revert "USB: serial: add usbid for dell wwan card to sierra.c"
    - LP: #1333900
  * Revert "macvlan : fix checksums error when we are in bridge mode"
    - LP: #1333900
  * auditsc: audit_krule mask accesses need bounds checking
    - LP: #1325941
    - CVE-2014-3917
  * fs, userns: Change inode_capable to capable_wrt_inode_uidgid
    - LP: #1329103
    - CVE-2014-4014
  * ACPI / EC: Clear stale EC events on Samsung systems
    - LP: #1333900
  * ACPI / EC: Process rather than discard events in acpi_ec_clear
    - LP: #1333900
  * mac80211: fix software remain-on-channel implementation
    - LP: #1333900
  * mac80211: exclude AP_VLAN interfaces from tx power calculation
    - LP: #1333900
  * parisc: fix epoll_pwait syscall on compat kernel
    - LP: #1333900
  * ALSA: hda/realtek - Add support of ALC288 codec
    - LP: #1333900
  * user namespace: fix incorrect memory barriers
    - LP: #1333900
  * mlx4_en: don't use napi_synchronize inside mlx4_en_netpoll
    - LP: #1333900
  * mei: ignore client writing state during cb completion
    - LP: #1333900
  * staging: r8712u: Fix case where ethtype was never obtained and always
    be checked against 0
    - LP: #1333900
  * USB: serial: ftdi_sio: add id for Brainboxes serial cards
    - LP: #1333900
  * usb: option driver, add support for Telit UE910v2
    - LP: #1333900
  * USB: cp210x: Add 8281 (Nanotec Plug & Drive)
    - LP: #1333900
  * USB: pl2303: add ids for Hewlett-Packard HP POS pole displays
    - LP: #1333900
  * USB: usb_wwan: fix handling of missing bulk endpoints
    - LP: #1333900
  * USB: fix crash during hotplug of PCI USB controller card
    - LP: #1333900
  * USB: cdc-acm: Remove Motorola/Telit H24 serial interfaces from ACM
    driver
    - LP: #1333900
  * drm/radeon: memory leak on bo reservation failure. v2
    - LP: #1333900
  * drm/radeon/si: make sure mc ucode is loaded before checking the size
    - LP: #1333900
  * mm/hugetlb.c: add cond_resched_lock() in return_unused_surplus_pages()
    - LP: #1333900
  * mm: use paravirt friendly ops for NUMA hinting ptes
    - LP: #1333900
  * iio: querying buffer scan_mask should return 0/1
    - LP: #1333900
  * pata_at91: fix ata_host_activate() failure handling
    - LP: #1333900
  * ext4: note the error in ext4_end_bio()
    - LP: #1333900
  * ext4: fix jbd2 warning under heavy xattr load
    - LP: #1333900
  * ext4: use i_size_read in ext4_unaligned_aio()
    - LP: #1333900
  * locks: allow __break_lease to sleep even when break_time is 0
    - LP: #1333900
  * genirq: Allow forcing cpu affinity of interrupts
    - LP: #1333900
  * nfsd: set timeparms.to_maxval in setup_callback_client
    - LP: #1333900
  * libata/ahci: accommodate tag ordered controllers
    - LP: #1333900
  * Input: synaptics - add min/max quirk for ThinkPad T431s, L440, L540, S1
    Yoga and X1
    - LP: #1333900
  * drm/radeon: fix ATPX detection on non-VGA GPUs
    - LP: #1333900
  * mm: make fixup_user_fault() check the vma access rights too
    - LP: #1333900
  * ARM: 8027/1: fix do_div() bug in big-endian systems
    - LP: #1333900
  * ARM: 8030/1: ARM : kdump : add arch_crash_save_vmcoreinfo
    - LP: #1333900
  * USB: serial: fix sysfs-attribute removal deadlock
    - LP: #1333900
  * Btrfs: fix inode caching vs tree log
    - LP: #1333900
  * xhci: Switch Intel Lynx Point ports to EHCI on shutdown.
    - LP: #1333900
  * USB: io_ti: fix firmware download on big-endian machines
    - LP: #1333900
  * usb: qcserial: add Sierra Wireless EM7355
    - LP: #1333900
  * usb: qcserial: add Sierra Wireless MC73xx
    - LP: #1333900
  * usb: qcserial: add Sierra Wireless MC7305/MC7355
    - LP: #1333900
  * usb: option: add Olivetti Olicard 500
    - LP: #1333900
  * usb: option: add Alcatel L800MA
    - LP: #1333900
  * usb: option: add and update a number of CMOTech devices
    - LP: #1333900
  * list: introduce list_next_entry() and list_prev_entry()
    - LP: #1333900
  * net: sctp: wake up all assocs if sndbuf policy is per socket
    - LP: #1333900
  * net: sctp: test if association is dead in sctp_wake_up_waiters
    - LP: #1333900
  * l2tp: take PMTU from tunnel UDP socket
    - LP: #1333900
  * net: core: don't account for udp header size when computing seglen
    - LP: #1333900
  * bonding: Remove debug_fs files when module init fails
    - LP: #1333900
  * ipv6: Limit mtu to 65575 bytes
    - LP: #1333900
  * ipv4: return valid RTA_IIF on ip route get
    - LP: #1333900
  * filter: prevent nla extensions to peek beyond the end of the message
    - LP: #1333900
  * ip6_gre: don't allow to remove the fb_tunnel_dev
    - LP: #1333900
  * vlan: Fix lockdep warning when vlan dev handle notification
    - LP: #1333900
  * tg3: update rx_jumbo_pending ring param only when jumbo frames are
    enabled
    - LP: #1333900
  * net: sctp: cache auth_enable per endpoint
    - LP: #1333900
  * rtnetlink: Warn when interface's information won't fit in our packet
    - LP: #1333900
  * rtnetlink: Only supply IFLA_VF_PORTS information when RTEXT_FILTER_VF
    is set
    - LP: #1333900
  * ipv6: fib: fix fib dump restart
    - LP: #1333900
  * bridge: Handle IFLA_ADDRESS correctly when creating bridge device
    - LP: #1333900
  * sctp: reset flowi4_oif parameter on route lookup
    - LP: #1333900
  * tcp_cubic: fix the range of delayed_ack
    - LP: #1333900
  * net: ipv4: ip_forward: fix inverted local_df test
    - LP: #1333900
  * netfilter: ipv4: defrag: set local_df flag on defragmented skb
    - LP: #1333900
  * net: ipv6: send pkttoobig immediately if orig frag size > mtu
    - LP: #1333900
  * ipv4: fib_semantics: increment fib_info_cnt after fib_info allocation
    - LP: #1333900
  * net: cdc_mbim: handle unaccelerated VLAN tagged frames
    - LP: #1333900
  * macvlan: Don't propagate IFF_ALLMULTI changes on down interfaces.
    - LP: #1333900
  * ip6_tunnel: fix potential NULL pointer dereference
    - LP: #1333900
  * ipv4: initialise the itag variable in __mkroute_input
    - LP: #1333900
  * net-gro: reset skb->truesize in napi_reuse_skb()
    - LP: #1333900
  * net: qmi_wwan: fixup Sierra Wireless MC8305 entry
    - LP: #1333900
  * net: qmi_wwan: add Option GTM681W
    - LP: #1333900
  * net: qmi_wwan: add TP-LINK MA260
    - LP: #1333900
  * qmi_wwan: add ONDA MT689DC device ID (fwd)
    - LP: #1333900
  * net: qmi_wwan: add Telit LE920 newer firmware support
    - LP: #1333900
  * net: qmi_wwan: fix Cinterion PLXX product ID
    - LP: #1333900
  * net: qmi_wwan: Olivetti Olicard 200 support
    - LP: #1333900
  * net: qmi_wwan: add ZTE MF667
    - LP: #1333900
  * net: qmi_wwan: add support for Cinterion PXS8 and PHS8
    - LP: #1333900
  * net: qmi_wwan: add Sierra Wireless EM7355
    - LP: #1333900
  * net: qmi_wwan: add Sierra Wireless MC73xx
    - LP: #1333900
  * net: qmi_wwan: add Sierra Wireless MC7305/MC7355
    - LP: #1333900
  * net: qmi_wwan: add Olivetti Olicard 500
    - LP: #1333900
  * net: qmi_wwan: add Alcatel L800MA
    - LP: #1333900
  * net: qmi_wwan: add a number of CMOTech devices
    - LP: #1333900
  * net: qmi_wwan: add a number of Dell devices
    - LP: #1333900
  * xhci: For streams the css flag most be read from the stream-ctx on ep
    stop
    - LP: #1333900
  * usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb
    - LP: #1333900
  * skbuff: skb_segment: orphan frags before copying
    - LP: #1298119, #1333900
    - CVE-2014-0131
  * drm/vmwgfx: Make sure user-space can't DMA across buffer object
    boundaries v2
    - LP: #1333900
  * s390/bpf,jit: initialize A register if 1st insn is BPF_S_LDX_B_MSH
    - LP: #1333900
  * ftrace/module: Hardcode ftrace_module_init() call into load_module()
    - LP: #1333900
  * [SCSI] mpt2sas: Don't disable device twice at suspend.
    - LP: #1333900
  * drivercore: deferral race condition fix
    - LP: #1333900
  * hrtimer: Prevent all reprogramming if hang detected
    - LP: #1333900
  * hrtimer: Prevent remote enqueue of leftmost timers
    - LP: #1333900
  * timer: Prevent overflow in apply_slack
    - LP: #1333900
  * rt2x00: fix beaconing on USB
    - LP: #1333900
  * Input: synaptics - add min/max quirk for ThinkPad Edge E431
    - LP: #1333900
  * Bluetooth: Fix triggering BR/EDR L2CAP Connect too early
    - LP: #1333900
  * Bluetooth: Add support for Lite-on [04ca:3007]
    - LP: #1333900
  * drm/i915: Break encoder->crtc link separately in intel_sanitize_crtc()
    - LP: #1333900
  * rtl8192cu: Fix unbalanced irq enable in error path of rtl92cu_hw_init()
    - LP: #1333900
  * drm/nouveau/acpi: allow non-optimus setups to load vbios from acpi
    - LP: #1333900
  * ALSA: usb-audio: work around corrupted TEAC UD-H01 feedback data
    - LP: #1333900
  * usb: qcserial: add a number of Dell devices
    - LP: #1333900
  * usb: storage: shuttle_usbat: fix discs being detected twice
    - LP: #1333900
  * fsl-usb: do not test for PHY_CLK_VALID bit on controller version 1.6
    - LP: #1333900
  * drivers/tty/hvc: don't free hvc_console_setup after init
    - LP: #1333900
  * USB: Nokia 305 should be treated as unusual dev
    - LP: #1333900
  * USB: Nokia 5300 should be treated as unusual dev
    - LP: #1333900
  * HID: add NO_INIT_REPORTS quirk for Synaptics Touch Pad V 103S
    - LP: #1333900
  * Input: elantech - fix touchpad initialization on Gigabyte U2442
    - LP: #1333900
  * posix_acl: handle NULL ACL in posix_acl_equiv_mode
    - LP: #1333900
  * mm/compaction: make isolate_freepages start at pageblock boundary
    - LP: #1333900
  * Linux 3.8.13.24
    - LP: #1333900
  * lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c
    - CVE-2014-4608
  * lib/lzo: Update LZO compression to current upstream version
    - CVE-2014-4608
  * lzo: properly check for overruns
    - CVE-2014-4608
  * percpu: make pcpu_alloc_chunk() use pcpu_mem_free() instead of kfree()
    - LP: #1335893
  * [media] fc2580: fix tuning failure on 32-bit arch
    - LP: #1335893
  * crypto: caam - add allocation failure handling in SPRINTFCAT macro
    - LP: #1335893
  * [media] media-device: fix infoleak in ioctl media_enum_entities()
    - LP: #1335893
  * md: avoid possible spinning md thread at shutdown.
    - LP: #1335893
  * NFSd: call rpc_destroy_wait_queue() from free_client()
    - LP: #1335893
  * genirq: Provide irq_force_affinity fallback for non-SMP
    - LP: #1335893
  * ACPI / blacklist: Add dmi_enable_osi_linux quirk for Asus EEE PC 1015PX
    - LP: #1335893
  * NFSD: Call ->set_acl with a NULL ACL structure if no entries
    - LP: #1335893
  * ARM: dts: i.MX53: Fix ipu register space size
    - LP: #1335893
  * mm, thp: close race between mremap() and split_huge_page()
    - LP: #1335893
  * hrtimer: Set expiry time before switch_hrtimer_base()
    - LP: #1335893
  * hwmon: (emc1403) fix inverted store_hyst()
    - LP: #1335893
  * hwmon: (emc1403) Support full range of known chip revision numbers
    - LP: #1335893
  * iommu/amd: Fix interrupt remapping for aliased devices
    - LP: #1335893
  * ASoC: wm8962: Update register CLASS_D_CONTROL_1 to be non-volatile
    - LP: #1335893
  * [media] V4L2: ov7670: fix a wrong index, potentially Oopsing the kernel
    from user-space
    - LP: #1335893
  * [media] V4L2: fix VIDIOC_CREATE_BUFS in 64- / 32-bit compatibility mode
    - LP: #1335893
  * x86, mm, hugetlb: Add missing TLB page invalidation for hugetlb_cow()
    - LP: #1335893
  * i2c: designware: Mask all interrupts during i2c controller enable
    - LP: #1335893
  * i2c: s3c2410: resume race fix
    - LP: #1335893
  * i2c: rcar: bail out on zero length transfers
    - LP: #1335893
  * dm crypt: fix cpu hotplug crash by removing per-cpu structure
    - LP: #1335893
  * x86-64, modify_ldt: Make support for 16-bit segments a runtime option
    - LP: #1335893
  * PCI: shpchp: Check bridge's secondary (not primary) bus speed
    - LP: #1335893
  * libceph: fix corruption when using page_count 0 page in rbd
    - LP: #1335893
  * sched: Sanitize irq accounting madness
    - LP: #1335893
  * sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri check
    - LP: #1335893
  * net: cpsw: fix null dereference at probe
    - LP: #1335893
  * perf: Limit perf_event_attr::sample_period to 63 bits
    - LP: #1335893
  * perf: Prevent false warning in perf_swevent_add
    - LP: #1335893
  * drm/radeon: also try GART for CPU accessed buffers
    - LP: #1335893
  * drm/radeon: handle non-VGA class pci devices with ATRM
    - LP: #1335893
  * drm/radeon: avoid segfault on device open when accel is not working.
    - LP: #1335893
  * can: peak_pci: prevent use after free at netdev removal
    - LP: #1335893
  * nfsd4: remove lockowner when removing lock stateid
    - LP: #1335893
  * nfsd4: warn on finding lockowner without stateid's
    - LP: #1335893
  * dma: mv_xor: Flush descriptors before activating a channel
    - LP: #1335893
  * hwpoison, hugetlb: lock_page/unlock_page does not match for handling a
    free hugepage
    - LP: #1335893
  * mm/memory-failure.c: fix memory leak by race between poison and
    unpoison
    - LP: #1335893
  * ARM: OMAP3: clock: Back-propagate rate change from cam_mclk to dpll4_m5
    on all OMAP3 platforms
    - LP: #1335893
  * Input: synaptics - add min/max quirk for the ThinkPad W540
    - LP: #1335893
  * futex: Add another early deadlock detection check
    - LP: #1335893
  * futex: Prevent attaching to kernel threads
    - LP: #1335893
  * ARM: imx: fix error handling in ipu device registration
    - LP: #1335893
  * sched/deadline: Change sched_getparam() behaviour vs SCHED_DEADLINE
    - LP: #1335893
  * ALSA: hda - Fix onboard audio on Intel H97/Z97 chipsets
    - LP: #1335893
  * ARM: 8051/1: put_user: fix possible data corruption in put_user
    - LP: #1335893
  * Input: synaptics - T540p - unify with other LEN0034 models
    - LP: #1335893
  * powerpc: Fix 64 bit builds with binutils 2.24
    - LP: #1335893
  * Staging: speakup: Move pasting into a work item
    - LP: #1335893
  * USB: Avoid runtime suspend loops for HCDs that can't handle
    suspend/resume
    - LP: #1335893
  * USB: io_ti: fix firmware download on big-endian machines (part 2)
    - LP: #1335893
  * USB: ftdi_sio: add NovaTech OrionLXm product ID
    - LP: #1335893
  * USB: serial: option: add support for Novatel E371 PCIe card
    - LP: #1335893
  * md: always set MD_RECOVERY_INTR when aborting a reshape or other
    "resync".
    - LP: #1335893
  * xhci: delete endpoints from bandwidth list before freeing whole device
    - LP: #1335893
  * ALSA: hda/realtek - Correction of fixup codes for PB V7900 laptop
    - LP: #1335893
  * ALSA: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup
    - LP: #1335893
  * target: Fix alua_access_state attribute OOPs for un-configured devices
    - LP: #1335893
  * mm: rmap: fix use-after-free in __put_anon_vma
    - LP: #1335893
  * Linux 3.8.13.25
    - LP: #1335893
 -- Luis Henriques <luis.henriques@xxxxxxxxxxxxx>   Mon, 14 Jul 2014 14:52:11 +0100

** Changed in: linux-lts-raring (Ubuntu Precise)
       Status: Won't Fix => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1298119

Title:
  CVE-2014-0131

Status in “linux” package in Ubuntu:
  Invalid
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  Won't Fix
Status in “linux-lts-backport-natty” package in Ubuntu:
  Won't Fix
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  Invalid
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  Invalid
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Lucid:
  Won't Fix
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-lts-saucy” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Fix Committed
Status in “linux-armadaxp” source package in Precise:
  Fix Released
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Precise:
  Won't Fix
Status in “linux-lts-quantal” source package in Precise:
  Fix Released
Status in “linux-lts-raring” source package in Precise:
  Fix Released
Status in “linux-lts-saucy” source package in Precise:
  Fix Committed
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  New
Status in “linux-lts-backport-maverick” source package in Quantal:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Quantal:
  Won't Fix
Status in “linux” source package in Saucy:
  Fix Committed
Status in “linux-armadaxp” source package in Saucy:
  Invalid
Status in “linux-ec2” source package in Saucy:
  Invalid
Status in “linux-fsl-imx51” source package in Saucy:
  Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Saucy:
  Won't Fix
Status in “linux-lts-quantal” source package in Saucy:
  Invalid
Status in “linux-lts-raring” source package in Saucy:
  Invalid
Status in “linux-lts-saucy” source package in Saucy:
  Invalid
Status in “linux-mvl-dove” source package in Saucy:
  Invalid
Status in “linux-ti-omap4” source package in Saucy:
  New
Status in “linux” source package in Trusty:
  Invalid
Status in “linux-armadaxp” source package in Trusty:
  Invalid
Status in “linux-ec2” source package in Trusty:
  Invalid
Status in “linux-fsl-imx51” source package in Trusty:
  Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Trusty:
  Won't Fix
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid
Status in “linux-mvl-dove” source package in Trusty:
  Invalid
Status in “linux-ti-omap4” source package in Trusty:
  Invalid
Status in “linux” source package in Utopic:
  Invalid
Status in “linux-armadaxp” source package in Utopic:
  Invalid
Status in “linux-ec2” source package in Utopic:
  Invalid
Status in “linux-fsl-imx51” source package in Utopic:
  Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Utopic:
  Won't Fix
Status in “linux-lts-quantal” source package in Utopic:
  Invalid
Status in “linux-lts-raring” source package in Utopic:
  Invalid
Status in “linux-lts-saucy” source package in Utopic:
  Invalid
Status in “linux-mvl-dove” source package in Utopic:
  Invalid
Status in “linux-ti-omap4” source package in Utopic:
  Invalid

Bug description:
  Use-after-free vulnerability in the skb_segment function in
  net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers
  to obtain sensitive information from kernel memory by leveraging the
  absence of a certain orphaning operation.

  Break-Fix: a6686f2f382b13f8a7253401a66690c3633b6a74
  1fd819ecb90cc9b822cd84d3056ddba315d3340f

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1298119/+subscriptions


References