kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #81152
[Bug 1283101] Re: CVE-2014-0069: CIFS -- add hardening patch
This bug was fixed in the package linux - 3.13.0-36.63
---------------
linux (3.13.0-36.63) trusty; urgency=low
[ Joseph Salisbury ]
* Release Tracking Bug
- LP: #1365052
[ Feng Kan ]
* SAUCE: (no-up) irqchip:gic: change access of gicc_ctrl register to read
modify write.
- LP: #1357527
* SAUCE: (no-up) arm64: optimized copy_to_user and copy_from_user
assembly code
- LP: #1358949
[ Ming Lei ]
* SAUCE: (no-up) Drop APM X-Gene SoC Ethernet driver
- LP: #1360140
* [Config] Drop XGENE entries
- LP: #1360140
* [Config] CONFIG_NET_XGENE=m for arm64
- LP: #1360140
[ Stefan Bader ]
* SAUCE: Add compat macro for skb_get_hash
- LP: #1358162
* SAUCE: bcache: prevent crash on changing writeback_running
- LP: #1357295
[ Suman Tripathi ]
* SAUCE: (no-up) arm64: Fix the csr-mask for APM X-Gene SoC AHCI SATA PHY
clock DTS node.
- LP: #1359489
* SAUCE: (no-up) ahci_xgene: Skip the PHY and clock initialization if
already configured by the firmware.
- LP: #1359501
* SAUCE: (no-up) ahci_xgene: Fix the link down in first attempt for the
APM X-Gene SoC AHCI SATA host controller driver.
- LP: #1359507
[ Tuan Phan ]
* SAUCE: (no-up) pci-xgene-msi: fixed deadlock in irq_set_affinity
- LP: #1359514
[ Upstream Kernel Changes ]
* iwlwifi: mvm: Add a missed beacons threshold
- LP: #1349572
* mac80211: reset probe_send_count also in HW_CONNECTION_MONITOR case
- LP: #1349572
* genirq: Add an accessor for IRQ_PER_CPU flag
- LP: #1357527
* arm64: perf: add support for percpu pmu interrupt
- LP: #1357527
* cifs: sanity check length of data to send before sending
- LP: #1283101
* KVM: nVMX: Pass vmexit parameters to nested_vmx_vmexit
- LP: #1329434
* KVM: nVMX: Rework interception of IRQs and NMIs
- LP: #1329434
* KVM: vmx: disable APIC virtualization in nested guests
- LP: #1329434
* HID: Add transport-driver functions to the USB HID interface.
- LP: #1353021
* ahci_xgene: Removing NCQ support from the APM X-Gene SoC AHCI SATA Host
Controller driver.
- LP: #1358498
* fold d_kill() and d_free()
- LP: #1354234
* fold try_prune_one_dentry()
- LP: #1354234
* new helper: dentry_free()
- LP: #1354234
* expand the call of dentry_lru_del() in dentry_kill()
- LP: #1354234
* dentry_kill(): don't try to remove from shrink list
- LP: #1354234
* don't remove from shrink list in select_collect()
- LP: #1354234
* more graceful recovery in umount_collect()
- LP: #1354234
* dcache: don't need rcu in shrink_dentry_list()
- LP: #1354234
* lift the "already marked killed" case into shrink_dentry_list()
* split dentry_kill()
- LP: #1354234
* expand dentry_kill(dentry, 0) in shrink_dentry_list()
- LP: #1354234
* shrink_dentry_list(): take parent's ->d_lock earlier
- LP: #1354234
* dealing with the rest of shrink_dentry_list() livelock
- LP: #1354234
* dentry_kill() doesn't need the second argument now
- LP: #1354234
* dcache: add missing lockdep annotation
- LP: #1354234
* fs: convert use of typedef ctl_table to struct ctl_table
- LP: #1354234
* lock_parent: don't step on stale ->d_parent of all-but-freed one
- LP: #1354234
* tools/testing/selftests/ptrace/peeksiginfo.c: add PAGE_SIZE definition
- LP: #1358855
* x86, irq, pic: Probe for legacy PIC and set legacy_pic appropriately
- LP: #1317697
* bnx2x: Fix kernel crash and data miscompare after EEH recovery
- LP: #1353105
* bnx2x: Adapter not recovery from EEH error injection
- LP: #1353105
* Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE
- LP: #1359670
* bcache: fix crash on shutdown in passthrough mode
- LP: #1357295
* bcache: fix uninterruptible sleep in writeback thread
- LP: #1357295
* namespaces: Use task_lock and not rcu to protect nsproxy
- LP: #1328088
* MAINTAINERS: Add entry for APM X-Gene SoC ethernet driver
- LP: #1360140
* Documentation: dts: Add bindings for APM X-Gene SoC ethernet driver
- LP: #1360140
* dts: Add bindings for APM X-Gene SoC ethernet driver
- LP: #1360140
* drivers: net: Add APM X-Gene SoC ethernet driver support.
- LP: #1360140
* powerpc/mm: Add new "set" flag argument to pte/pmd update function
- LP: #1357014
* powerpc/thp: Add write barrier after updating the valid bit
- LP: #1357014
* powerpc/thp: Don't recompute vsid and ssize in loop on invalidate
- LP: #1357014
* powerpc/thp: Invalidate old 64K based hash page mapping before insert
of 4k pte
- LP: #1357014
* powerpc/thp: Handle combo pages in invalidate
- LP: #1357014
* powerpc/thp: Invalidate with vpn in loop
- LP: #1357014
* powerpc/thp: Use ACCESS_ONCE when loading pmdp
- LP: #1357014
* powerpc/mm: Use read barrier when creating real_pte
- LP: #1357014
* powerpc/thp: Add tracepoints to track hugepage invalidate
- LP: #1357014
* powerpc: subpage_protect: Increase the array size to take care of 64TB
- LP: #1357014
* mfd: rtsx: Add set pull control macro and simplify rtl8411
- LP: #1361086
* mfd: rtsx: Add support for card reader rtl8402
- LP: #1361086
* kvm: iommu: fix the third parameter of kvm_iommu_put_pages
(CVE-2014-3601)
- LP: #1362443
- CVE-2014-3601
* isofs: Fix unbounded recursion when processing relocated directories
- LP: #1362447, #1362448
- CVE-2014-5472
* net: sctp: inherit auth_capable on INIT collisions
- LP: #1349804
- CVE-2014-5077
* blk-mq: fix initializing request's start time
- LP: #1297522
[ Vinayak Kale ]
* SAUCE: (no-up) dt-bindings: Add Potenza PMU binding
- LP: #1357527
* SAUCE: (no-up) arm64: dts: Add PMU node for APM X-Gene Storm SOC
- LP: #1357527
-- Joseph Salisbury <joseph.salisbury@xxxxxxxxxxxxx> Wed, 03 Sep 2014 12:13:43 -0400
** Changed in: linux (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3601
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-5077
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-5472
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1283101
Title:
CVE-2014-0069: CIFS -- add hardening patch
Status in “linux” package in Ubuntu:
Fix Released
Status in “linux-armadaxp” package in Ubuntu:
Invalid
Status in “linux-ec2” package in Ubuntu:
Invalid
Status in “linux-lts-quantal” package in Ubuntu:
Invalid
Status in “linux-lts-raring” package in Ubuntu:
Invalid
Status in “linux-lts-saucy” package in Ubuntu:
Invalid
Status in “linux-ti-omap4” package in Ubuntu:
Invalid
Status in “linux” source package in Lucid:
Won't Fix
Status in “linux-armadaxp” source package in Lucid:
Invalid
Status in “linux-ec2” source package in Lucid:
Won't Fix
Status in “linux-lts-quantal” source package in Lucid:
Invalid
Status in “linux-lts-raring” source package in Lucid:
Invalid
Status in “linux-lts-saucy” source package in Lucid:
Invalid
Status in “linux-ti-omap4” source package in Lucid:
Invalid
Status in “linux” source package in Precise:
Confirmed
Status in “linux-armadaxp” source package in Precise:
Confirmed
Status in “linux-ec2” source package in Precise:
Invalid
Status in “linux-lts-quantal” source package in Precise:
Won't Fix
Status in “linux-lts-raring” source package in Precise:
Won't Fix
Status in “linux-lts-saucy” source package in Precise:
Won't Fix
Status in “linux-ti-omap4” source package in Precise:
Confirmed
Status in “linux” source package in Quantal:
Won't Fix
Status in “linux-armadaxp” source package in Quantal:
Won't Fix
Status in “linux-ec2” source package in Quantal:
Invalid
Status in “linux-lts-quantal” source package in Quantal:
Invalid
Status in “linux-lts-raring” source package in Quantal:
Invalid
Status in “linux-lts-saucy” source package in Quantal:
Invalid
Status in “linux-ti-omap4” source package in Quantal:
Won't Fix
Status in “linux” source package in Saucy:
Won't Fix
Status in “linux-armadaxp” source package in Saucy:
Invalid
Status in “linux-ec2” source package in Saucy:
Invalid
Status in “linux-lts-quantal” source package in Saucy:
Invalid
Status in “linux-lts-raring” source package in Saucy:
Invalid
Status in “linux-lts-saucy” source package in Saucy:
Invalid
Status in “linux-ti-omap4” source package in Saucy:
Won't Fix
Status in “linux” source package in Trusty:
Fix Released
Status in “linux-armadaxp” source package in Trusty:
Invalid
Status in “linux-ec2” source package in Trusty:
Invalid
Status in “linux-lts-quantal” source package in Trusty:
Invalid
Status in “linux-lts-raring” source package in Trusty:
Invalid
Status in “linux-lts-saucy” source package in Trusty:
Invalid
Status in “linux-ti-omap4” source package in Trusty:
Invalid
Bug description:
This CVE was fixed under 5d81de8e8667da7135d3a32a964087c0faf5483f but
there is a second fix which will make this much safer going forward
against other bugs:
http://article.gmane.org/gmane.linux.kernel.cifs/9402
Makes sense to put this into any release which needs it.
# As applied to linus' tree
Break-fix: - a26054d184763969a411e3939fe243516715ff59
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1283101/+subscriptions
References