kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #77690
[Bug 1349804] Re: CVE-2014-5077
This bug was fixed in the package linux-ec2 - 2.6.32-369.85
---------------
linux-ec2 (2.6.32-369.85) lucid; urgency=low
[ Stefan Bader ]
* Rebased to Ubuntu-2.6.32-65.129
* Rebased to Ubuntu-2.6.32-65.131
* Release Tracking Bug
- LP: #1357410
[ Upstream Kernel Changes ]
* xen: x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508)
- LP: #1334989
- CVE-2014-4508
* xen: x86_32, entry: Store badsys error code in %eax
- LP: #1334989
- CVE-2014-4508
[ Ubuntu: 2.6.32-65.131 ]
* x86_32, entry: Store badsys error code in %eax
- LP: #1334989
- CVE-2014-4508
[ Ubuntu: 2.6.32-65.129 ]
* fix autofs/afs/etc. magic mountpoint breakage
- CVE-2014-0203
* ALSA: control: Don't access controls outside of protected regions
- LP: #1339297
- CVE-2014-4653
* ALSA: control: Fix replacing user controls
- LP: #1339303, #1339304
- CVE-2014-4655
* ALSA: control: Handle numid overflow
- LP: #1339306
- CVE-2014-4656
* ALSA: control: Make sure that id->index does not overflow
- LP: #1339306
- CVE-2014-4656
* sctp: Fix sk_ack_backlog wrap-around problem
- CVE-2014-4667
* x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508)
- LP: #1334989
- CVE-2014-4508
* ALSA: control: Protect user controls against concurrent access
- LP: #1339294
- CVE-2014-4652
* net: sctp: inherit auth_capable on INIT collisions
- LP: #1349804
- CVE-2014-5077
-- Stefan Bader <stefan.bader@xxxxxxxxxxxxx> Fri, 15 Aug 2014 08:55:05 +0200
** Changed in: linux-ec2 (Ubuntu Lucid)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1349804
Title:
CVE-2014-5077
Status in “linux” package in Ubuntu:
Fix Committed
Status in “linux-armadaxp” package in Ubuntu:
Invalid
Status in “linux-ec2” package in Ubuntu:
Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
New
Status in “linux-lts-backport-natty” package in Ubuntu:
New
Status in “linux-lts-quantal” package in Ubuntu:
Invalid
Status in “linux-lts-raring” package in Ubuntu:
Invalid
Status in “linux-lts-saucy” package in Ubuntu:
Invalid
Status in “linux-mvl-dove” package in Ubuntu:
Invalid
Status in “linux-ti-omap4” package in Ubuntu:
Invalid
Status in “linux” source package in Lucid:
Fix Released
Status in “linux-armadaxp” source package in Lucid:
Invalid
Status in “linux-ec2” source package in Lucid:
Fix Released
Status in “linux-fsl-imx51” source package in Lucid:
Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
New
Status in “linux-lts-backport-natty” source package in Lucid:
New
Status in “linux-lts-quantal” source package in Lucid:
Invalid
Status in “linux-lts-raring” source package in Lucid:
Invalid
Status in “linux-lts-saucy” source package in Lucid:
Invalid
Status in “linux-mvl-dove” source package in Lucid:
Invalid
Status in “linux-ti-omap4” source package in Lucid:
Invalid
Status in “linux” source package in Precise:
Fix Committed
Status in “linux-armadaxp” source package in Precise:
Fix Committed
Status in “linux-ec2” source package in Precise:
Invalid
Status in “linux-fsl-imx51” source package in Precise:
Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
New
Status in “linux-lts-backport-natty” source package in Precise:
New
Status in “linux-lts-quantal” source package in Precise:
Invalid
Status in “linux-lts-raring” source package in Precise:
Invalid
Status in “linux-lts-saucy” source package in Precise:
Invalid
Status in “linux-mvl-dove” source package in Precise:
Invalid
Status in “linux-ti-omap4” source package in Precise:
Fix Committed
Status in “linux” source package in Trusty:
New
Status in “linux-armadaxp” source package in Trusty:
Invalid
Status in “linux-ec2” source package in Trusty:
Invalid
Status in “linux-fsl-imx51” source package in Trusty:
Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
New
Status in “linux-lts-backport-natty” source package in Trusty:
New
Status in “linux-lts-quantal” source package in Trusty:
Invalid
Status in “linux-lts-raring” source package in Trusty:
Invalid
Status in “linux-lts-saucy” source package in Trusty:
Invalid
Status in “linux-mvl-dove” source package in Trusty:
Invalid
Status in “linux-ti-omap4” source package in Trusty:
Invalid
Status in “linux” source package in Utopic:
Fix Committed
Status in “linux-armadaxp” source package in Utopic:
Invalid
Status in “linux-ec2” source package in Utopic:
Invalid
Status in “linux-fsl-imx51” source package in Utopic:
Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
New
Status in “linux-lts-backport-natty” source package in Utopic:
New
Status in “linux-lts-quantal” source package in Utopic:
Invalid
Status in “linux-lts-raring” source package in Utopic:
Invalid
Status in “linux-lts-saucy” source package in Utopic:
Invalid
Status in “linux-mvl-dove” source package in Utopic:
Invalid
Status in “linux-ti-omap4” source package in Utopic:
Invalid
Bug description:
The sctp_assoc_update function in net/sctp/associola.c in the Linux
kernel through 3.15.8, when SCTP authentication is enabled, allows
remote attackers to cause a denial of service (NULL pointer
dereference and OOPS) by starting to establish an association between
two endpoints immediately after an exchange of INIT and INIT ACK
chunks to establish an earlier association between these endpoints in
the opposite direction.
Break-Fix: - 1be9a950c646c9092fb3618197f7b6bfb50e82aa
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1349804/+subscriptions
References