← Back to team overview

kernel-packages team mailing list archive

[Bug 1370046] Re: CVE-2014-6417

 

This bug was fixed in the package linux - 3.13.0-37.64

---------------
linux (3.13.0-37.64) trusty; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1372576

  [ dann frazier ]

  * [Config] CONFIG_HW_RANDOM_XGENE=m on arm64

  [ Edward Lin ]

  * SAUCE: Add use_native_backlight quirk for Dell Inspiron 5721/3521
    - LP: #1354253, #1354313

  [ Tim Gardner ]

  * SAUCE: Fix nfs oops stable regression
    - LP: #1348670
  * [Config] Add mpt3sas to d-i
    - LP: #1368907
  * [Config] CONFIG_X86_16BIT=y
    - LP: #1371601

  [ Timo Aaltonen ]

  * SAUCE: i915_bdw: Rebase to v3.15.8
    - LP: #1359213

  [ Upstream Kernel Changes ]

  * Revert "x86-64, modify_ldt: Make support for 16-bit segments a runtime
    option"
    - LP: #1371601
  * mmc: rtsx: add R1-no-CRC mmc command type handle
    - LP: #1365378
  * rpc_pipe: remove the clntXX dir if creating the pipe fails
    - LP: #1365869
  * sunrpc: add an "info" file for the dummy gssd pipe
    - LP: #1365869
  * rpc_pipe: fix cleanup of dummy gssd directory when notification fails
    - LP: #1365869
  * hwrng: xgene - add support for APM X-Gene SoC RNG support
    - LP: #1365593
  * Documentation: rng: Add X-Gene SoC RNG driver documentation
    - LP: #1365593
  * arm64: dts: add random number generator dts node to APM X-Gene
    platform.
    - LP: #1365593
  * xen/balloon: cancel ballooning if adding new memory failed
    - LP: #1304001
  * x86/xen: resume timer irqs early
    - LP: #1368724
  * xen/manage: Always freeze/thaw processes when suspend/resuming
    - LP: #1368724
  * scsi_transport_sas: move bsg destructor into sas_rphy_remove
    - LP: #1368991
  * drm/i915: Enable 5.4Ghz (HBR2) link rate for Displayport 1.2-capable
    devices
    - LP: #1369633
  * bnx2x: Fix link for KR with swapped polarity lane
    - LP: #1370716
  * drm: add DRM_CAPs for cursor size
    - LP: #1359213
  * drm/dp: Add AUX channel infrastructure
    - LP: #1359213
  * drm/dp: Add drm_dp_dpcd_read_link_status()
    - LP: #1359213
  * drm/dp: Add DisplayPort link helpers
    - LP: #1359213
  * drm/dp: Allow registering AUX channels as I2C busses
    - LP: #1359213
  * drm/dp: let drivers specify the name of the I2C-over-AUX adapter
    - LP: #1359213
  * drm/dp: make aux retries less chatty
    - LP: #1359213
  * Bluetooth: Enable Atheros 0cf3:311e for firmware upload
    - LP: #1371477
  * bnx2x: fix crash during TSO tunneling
    - LP: #1371601
  * inetpeer: get rid of ip_id_count
    - LP: #1371601
  * ip: make IP identifiers less predictable
    - LP: #1371601
  * tcp: Fix integer-overflows in TCP veno
    - LP: #1371601
  * tcp: Fix integer-overflow in TCP vegas
    - LP: #1371601
  * macvlan: Initialize vlan_features to turn on offload support.
    - LP: #1371601
  * net: Correctly set segment mac_len in skb_segment().
    - LP: #1371601
  * iovec: make sure the caller actually wants anything in
    memcpy_fromiovecend
    - LP: #1371601
  * batman-adv: Fix out-of-order fragmentation support
    - LP: #1371601
  * sctp: fix possible seqlock seadlock in sctp_packet_transmit()
    - LP: #1371601
  * sparc64: Fix argument sign extension for compat_sys_futex().
    - LP: #1371601
  * sparc64: Make itc_sync_lock raw
    - LP: #1371601
  * sparc64: Fix executable bit testing in set_pmd_at() paths.
    - LP: #1371601
  * sparc64: Fix huge PMD invalidation.
    - LP: #1371601
  * sparc64: Fix bugs in get_user_pages_fast() wrt. THP.
    - LP: #1371601
  * sparc64: Fix hex values in comment above pte_modify().
    - LP: #1371601
  * sparc64: Don't use _PAGE_PRESENT in pte_modify() mask.
    - LP: #1371601
  * sparc64: Handle 32-bit tasks properly in compute_effective_address().
    - LP: #1371601
  * sparc64: Fix top-level fault handling bugs.
    - LP: #1371601
  * sparc64: Fix range check in kern_addr_valid().
    - LP: #1371601
  * sparc64: Use 'ILOG2_4MB' instead of constant '22'.
    - LP: #1371601
  * sparc64: Add basic validations to {pud,pmd}_bad().
    - LP: #1371601
  * sparc64: Give more detailed information in {pgd,pmd}_ERROR() and kill
    pte_ERROR().
    - LP: #1371601
  * sparc64: Don't bark so loudly about 32-bit tasks generating 64-bit
    fault addresses.
    - LP: #1371601
  * sparc64: Fix huge TSB mapping on pre-UltraSPARC-III cpus.
    - LP: #1371601
  * sparc64: Add membar to Niagara2 memcpy code.
    - LP: #1371601
  * sparc64: Do not insert non-valid PTEs into the TSB hash table.
    - LP: #1371601
  * sparc64: Guard against flushing openfirmware mappings.
    - LP: #1371601
  * bbc-i2c: Fix BBC I2C envctrl on SunBlade 2000
    - LP: #1371601
  * sunsab: Fix detection of BREAK on sunsab serial console
    - LP: #1371601
  * sparc64: ldc_connect() should not return EINVAL when handshake is in
    progress.
    - LP: #1371601
  * arch/sparc/math-emu/math_32.c: drop stray break operator
    - LP: #1371601
  * x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
    - LP: #1371601
  * x86, espfix: Move espfix definitions into a separate header file
    - LP: #1371601
  * x86, espfix: Fix broken header guard
    - LP: #1371601
  * x86, espfix: Make espfix64 a Kconfig option, fix UML
    - LP: #1371601
  * x86, espfix: Make it possible to disable 16-bit support
    - LP: #1371601
  * x86_64/entry/xen: Do not invoke espfix64 on Xen
    - LP: #1371601
  * ALSA: usb-audio: fix BOSS ME-25 MIDI regression
    - LP: #1371601
  * ASoC: wm8994: Prevent double lock of accdet_lock mutex on wm1811
    - LP: #1371601
  * v4l: vsp1: Remove the unneeded vsp1_video_buffer video field
    - LP: #1371601
  * ASoC: max98090: Fix missing free_irq
    - LP: #1371601
  * KVM: x86: Inter-privilege level ret emulation is not implemeneted
    - LP: #1371601
  * au0828: Only alt setting logic when needed
    - LP: #1371601
  * ASoC: pcm: fix dpcm_path_put in dpcm runtime update
    - LP: #1371601
  * crypto: ux500 - make interrupt mode plausible
    - LP: #1371601
  * Bluetooth: btmrvl: wait for HOST_SLEEP_ENABLE event in suspend
    - LP: #1371601
  * ASoC: adau1701: fix adau1701_reg_read()
    - LP: #1371601
  * ASoC: wm_adsp: Add missing MODULE_LICENSE
    - LP: #1371601
  * regulator: arizona-ldo1: remove bypass functionality
    - LP: #1371601
  * ASoC: samsung: Correct I2S DAI suspend/resume ops
    - LP: #1371601
  * drm/tilcdc: panel: fix dangling sysfs connector node
    - LP: #1371601
  * drm/tilcdc: slave: fix dangling sysfs connector node
    - LP: #1371601
  * drm/tilcdc: tfp410: fix dangling sysfs connector node
    - LP: #1371601
  * drm/tilcdc: panel: fix leak when unloading the module
    - LP: #1371601
  * drm/tilcdc: fix release order on exit
    - LP: #1371601
  * drm/tilcdc: fix double kfree
    - LP: #1371601
  * ACPICA: Utilities: Fix memory leak in acpi_ut_copy_iobject_to_iobject
    - LP: #1371601
  * stable_kernel_rules: Add pointer to netdev-FAQ for network patches
    - LP: #1371601
  * USB: ehci-pci: USB host controller support for Intel Quark X1000
    - LP: #1371601
  * debugfs: Fix corrupted loop in debugfs_remove_recursive
    - LP: #1371601
  * serial: core: Preserve termios c_cflag for console resume
    - LP: #1371601
  * mtd/ftl: fix the double free of the buffers allocated in build_maps()
    - LP: #1371601
  * ext4: Fix block zeroing when punching holes in indirect block files
    - LP: #1371601
  * ext4: fix punch hole on files with indirect mapping
    - LP: #1371601
  * x86: don't exclude low BIOS area when allocating address space for
    non-PCI cards
    - LP: #1371601
  * PCI: Configure ASPM when enabling device
    - LP: #1371601
  * Bluetooth: never linger on process exit
    - LP: #1371601
  * ASoC: blackfin: use samples to set silence
    - LP: #1371601
  * USB: OHCI: fix bugs in debug routines
    - LP: #1371601
  * USB: OHCI: don't lose track of EDs when a controller dies
    - LP: #1371601
  * mei: start disconnect request timer consistently
    - LP: #1371601
  * mei: fix return value on disconnect timeout
    - LP: #1371601
  * USB: Fix persist resume of some SS USB devices
    - LP: #1371601
  * media-device: Remove duplicated memset() in media_enum_entities()
    - LP: #1371601
  * Bluetooth: Avoid use of session socket after the session gets freed
    - LP: #1371601
  * xc5000: Fix get_frequency()
    - LP: #1371601
  * xc4000: Fix get_frequency()
    - LP: #1371601
  * CAPABILITIES: remove undefined caps from all processes
    - LP: #1371601
  * scsi: add a blacklist flag which enables VPD page inquiries
    - LP: #1371601
  * bfa: Fix undefined bit shift on big-endian architectures with 32-bit
    DMA address
    - LP: #1371601
  * hpsa: fix bad -ENOMEM return value in hpsa_big_passthru_ioctl
    - LP: #1371601
  * Drivers: scsi: storvsc: Change the limits to reflect the values on the
    host
    - LP: #1371601
  * Drivers: scsi: storvsc: Set cmd_per_lun to reflect value supported by
    the Host
    - LP: #1371601
  * Drivers: scsi: storvsc: Filter commands based on the storage protocol
    version
    - LP: #1371601
  * Drivers: scsi: storvsc: Fix a bug in handling VMBUS protocol version
    - LP: #1371601
  * Drivers: scsi: storvsc: Implement a eh_timed_out handler
    - LP: #1371601
  * drivers: scsi: storvsc: Set srb_flags in all cases
    - LP: #1371601
  * drivers: scsi: storvsc: Correctly handle TEST_UNIT_READY failure
    - LP: #1371601
  * x86_64/vsyscall: Fix warn_bad_vsyscall log output
    - LP: #1371601
  * KVM: PPC: Book3S PR: Take SRCU read lock around RTAS kvm_read_guest()
    call
    - LP: #1371601
  * spi: orion: fix incorrect handling of cell-index DT property
    - LP: #1371601
  * mfd: omap-usb-host: Fix improper mask use.
    - LP: #1371601
  * tpm: Add missing tpm_do_selftest to ST33 I2C driver
    - LP: #1371601
  * tpm: missing tpm_chip_put in tpm_get_random()
    - LP: #1371601
  * scsi: do not issue SCSI RSOC command to Promise Vtrak E610f
    - LP: #1371601
  * hwmon: (ads1015) Fix off-by-one for valid channel index checking
    - LP: #1371601
  * ALSA: hda - fix an external mic jack problem on a HP machine
    - LP: #1350148, #1371601
  * MIPS: tlbex: Fix a missing statement for HUGETLB
    - LP: #1371601
  * MIPS: Prevent user from setting FCSR cause bits
    - LP: #1371601
  * KVM: x86: always exit on EOIs for interrupts listed in the IOAPIC redir
    table
    - LP: #1371601
  * MIPS: Remove BUG_ON(!is_fpu_owner()) in do_ade()
    - LP: #1371601
  * MIPS: ptrace: Test correct task's flags in task_user_regset_view()
    - LP: #1371601
  * MIPS: asm/reg.h: Make 32- and 64-bit definitions available at the same
    time
    - LP: #1371601
  * MIPS: ptrace: Change GP regset to use correct core dump register layout
    - LP: #1371601
  * md/raid1,raid10: always abort recover on write error.
    - LP: #1371601
  * ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa
    struct
    - LP: #1371601
  * hwmon: (lm85) Fix various errors on attribute writes
    - LP: #1371601
  * hwmon: (lm78) Fix overflow problems seen when writing large temperature
    limits
    - LP: #1371601
  * hwmon: (amc6821) Fix possible race condition bug
    - LP: #1371601
  * MIPS: GIC: Prevent array overrun
    - LP: #1371601
  * mnt: Add tests for unprivileged remount cases that have found to be
    faulty
    - LP: #1371601
  * ARM: OMAP3: Fix choice of omap3_restore_es function in OMAP34XX
    rev3.1.2 case.
    - LP: #1371601
  * netlabel: fix a problem when setting bits below the previously lowest
    bit
    - LP: #1371601
  * netlabel: fix the horribly broken catmap functions
    - LP: #1371601
  * netlabel: fix the catmap walking functions
    - LP: #1371601
  * drivers/i2c/busses: use correct type for dma_map/unmap
    - LP: #1371601
  * NFSD: Decrease nfsd_users in nfsd_startup_generic fail
    - LP: #1371601
  * MIPS: O32/32-bit: Fix bug which can cause incorrect system call
    restarts
    - LP: #1371601
  * IB/srp: Fix deadlock between host removal and multipathd
    - LP: #1371601
  * USB: serial: ftdi_sio: Annotate the current Xsens PID assignments
    - LP: #1371601
  * USB: serial: ftdi_sio: Add support for new Xsens devices
    - LP: #1371601
  * USB: devio: fix issue with log flooding
    - LP: #1371601
  * CIFS: Fix async reading on reconnects
    - LP: #1371601
  * CIFS: Fix STATUS_CANNOT_DELETE error mapping for SMB2
    - LP: #1371601
  * xfs: ensure verifiers are attached to recovered buffers
    - LP: #1371601
  * drm/tegra: add MODULE_DEVICE_TABLEs
    - LP: #1371601
  * ALSA: virtuoso: add Xonar Essence STX II support
    - LP: #1371601
  * hwmon: (gpio-fan) Prevent overflow problem when writing large limits
    - LP: #1371601
  * hwmon: (sis5595) Prevent overflow problem when writing large limits
    - LP: #1371601
  * NFS: Fix /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes
    - LP: #1371601
  * drm/ttm: Fix possible division by 0 in ttm_dma_pool_shrink_scan().
    - LP: #1371601
  * drm/ttm: Choose a pool to shrink correctly in
    ttm_dma_pool_shrink_scan().
    - LP: #1371601
  * drm/ttm: Use mutex_trylock() to avoid deadlock inside shrinker
    functions.
    - LP: #1371601
  * drm/ttm: Fix possible stack overflow by recursive shrinker calls.
    - LP: #1371601
  * drm/ttm: Pass GFP flags in order to avoid deadlock.
    - LP: #1371601
  * powerpc/mm/numa: Fix break placement
    - LP: #1371601
  * powerpc/pci: Reorder pci bus/bridge unregistration during PHB removal
    - LP: #1371601
  * drm/radeon: load the lm63 driver for an lm64 thermal chip.
    - LP: #1371601
  * drm/radeon: set VM base addr using the PFP v2
    - LP: #1371601
  * drm/radeon/atom: add new voltage fetch function for hawaii
    - LP: #1371601
  * drm/radeon/dpm: handle voltage info fetching on hawaii
    - LP: #1371601
  * drm/radeon: re-enable dpm by default on cayman
    - LP: #1371601
  * drm/radeon: re-enable dpm by default on BTC
    - LP: #1371601
  * drm/radeon: use packet2 for nop on hawaii with old firmware
    - LP: #1371601
  * drm/radeon: tweak ACCEL_WORKING2 query for hawaii
    - LP: #1371601
  * KVM: nVMX: fix "acknowledge interrupt on exit" when APICv is in use
    - LP: #1371601
  * RDMA/iwcm: Use a default listen backlog if needed
    - LP: #1371601
  * x86/efi: Enforce CONFIG_RELOCATABLE for EFI boot stub
    - LP: #1371601
  * net: sun4i-emac: fix memory leak on bad packet
    - LP: #1371601
  * hwmon: (ads1015) Fix out-of-bounds array access
    - LP: #1371601
  * hwmon: (dme1737) Prevent overflow problem when writing large limits
    - LP: #1371601
  * s390/locking: Reenable optimistic spinning
    - LP: #1371601
  * ring-buffer: Up rb_iter_peek() loop count to 3
    - LP: #1371601
  * ring-buffer: Always reset iterator to reader page
    - LP: #1371601
  * kernel/smp.c:on_each_cpu_cond(): fix warning in fallback path
    - LP: #1371601
  * drm/i915: read HEAD register back in init_ring_common() to enforce
    ordering
    - LP: #1371601
  * vm_is_stack: use for_each_thread() rather then buggy
    while_each_thread()
    - LP: #1371601
  * libceph: set last_piece in ceph_msg_data_pages_cursor_init() correctly
    - LP: #1371601
  * drm/nouveau: Bump version from 1.1.1 to 1.1.2
    - LP: #1371601
  * ALSA: usb-audio: fix BOSS ME-25 MIDI regression
    - LP: #1371601
  * ALSA: hda/ca0132 - Don't try loading firmware at resume when already
    failed
    - LP: #1371601
  * carl9170: fix sending URBs with wrong type when using full-speed
    - LP: #1371601
  * powerpc/pseries: Failure on removing device node
    - LP: #1371601
  * Btrfs: Fix memory corruption by ulist_add_merge() on 32bit arch
    - LP: #1371601
  * Btrfs: fix csum tree corruption, duplicate and outdated checksums
    - LP: #1371601
  * ext4: fix BUG_ON in mb_free_blocks()
    - LP: #1371601
  * x86/espfix/xen: Fix allocation of pages for paravirt page tables
    - LP: #1371601
  * Linux 3.13.11.7
    - LP: #1371601
  * HID: magicmouse: sanity check report size in raw_event() callback
    - LP: #1370025
    - CVE-2014-3181
  * HID: fix a couple of off-by-ones
    - LP: #1370035
    - CVE-2014-3184
  * USB: whiteheat: Added bounds checking for bulk command response
    - LP: #1370036
    - CVE-2014-3185
  * HID: picolcd: sanity check report size in raw_event() callback
    - LP: #1370038
    - CVE-2014-3186
  * KEYS: Fix termination condition in assoc array garbage collection
    - LP: #1370041
    - CVE-2014-3631
  * udf: Fold udf_fill_inode() into __udf_read_inode()
    - LP: #1370042
    - CVE-2014-6410
  * udf: Avoid infinite loop when processing indirect ICBs
    - LP: #1370042
    - CVE-2014-6410
  * libceph: add process_one_ticket() helper
    - LP: #1370044, #1370046, #1370047
    - CVE-2014-6418
  * libceph: do not hard code max auth ticket len
    - LP: #1370044, #1370046, #1370047
    - CVE-2014-6418

linux (3.13.0-36.63) trusty; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1365052

  [ Feng Kan ]

  * SAUCE: (no-up) irqchip:gic: change access of gicc_ctrl register to read
    modify write.
    - LP: #1357527
  * SAUCE: (no-up) arm64: optimized copy_to_user and copy_from_user
    assembly code
    - LP: #1358949

  [ Ming Lei ]

  * SAUCE: (no-up) Drop APM X-Gene SoC Ethernet driver
    - LP: #1360140
  * [Config] Drop XGENE entries
    - LP: #1360140
  * [Config] CONFIG_NET_XGENE=m for arm64
    - LP: #1360140

  [ Stefan Bader ]

  * SAUCE: Add compat macro for skb_get_hash
    - LP: #1358162
  * SAUCE: bcache: prevent crash on changing writeback_running
    - LP: #1357295

  [ Suman Tripathi ]

  * SAUCE: (no-up) arm64: Fix the csr-mask for APM X-Gene SoC AHCI SATA PHY
    clock DTS node.
    - LP: #1359489
  * SAUCE: (no-up) ahci_xgene: Skip the PHY and clock initialization if
    already configured by the firmware.
    - LP: #1359501
  * SAUCE: (no-up) ahci_xgene: Fix the link down in first attempt for the
    APM X-Gene SoC AHCI SATA host controller driver.
    - LP: #1359507

  [ Tuan Phan ]

  * SAUCE: (no-up) pci-xgene-msi: fixed deadlock in irq_set_affinity
    - LP: #1359514

  [ Upstream Kernel Changes ]

  * iwlwifi: mvm: Add a missed beacons threshold
    - LP: #1349572
  * mac80211: reset probe_send_count also in HW_CONNECTION_MONITOR case
    - LP: #1349572
  * genirq: Add an accessor for IRQ_PER_CPU flag
    - LP: #1357527
  * arm64: perf: add support for percpu pmu interrupt
    - LP: #1357527
  * cifs: sanity check length of data to send before sending
    - LP: #1283101
  * KVM: nVMX: Pass vmexit parameters to nested_vmx_vmexit
    - LP: #1329434
  * KVM: nVMX: Rework interception of IRQs and NMIs
    - LP: #1329434
  * KVM: vmx: disable APIC virtualization in nested guests
    - LP: #1329434
  * HID: Add transport-driver functions to the USB HID interface.
    - LP: #1353021
  * ahci_xgene: Removing NCQ support from the APM X-Gene SoC AHCI SATA Host
    Controller driver.
    - LP: #1358498
  * fold d_kill() and d_free()
    - LP: #1354234
  * fold try_prune_one_dentry()
    - LP: #1354234
  * new helper: dentry_free()
    - LP: #1354234
  * expand the call of dentry_lru_del() in dentry_kill()
    - LP: #1354234
  * dentry_kill(): don't try to remove from shrink list
    - LP: #1354234
  * don't remove from shrink list in select_collect()
    - LP: #1354234
  * more graceful recovery in umount_collect()
    - LP: #1354234
  * dcache: don't need rcu in shrink_dentry_list()
    - LP: #1354234
  * lift the "already marked killed" case into shrink_dentry_list()
  * split dentry_kill()
    - LP: #1354234
  * expand dentry_kill(dentry, 0) in shrink_dentry_list()
    - LP: #1354234
  * shrink_dentry_list(): take parent's ->d_lock earlier
    - LP: #1354234
  * dealing with the rest of shrink_dentry_list() livelock
    - LP: #1354234
  * dentry_kill() doesn't need the second argument now
    - LP: #1354234
  * dcache: add missing lockdep annotation
    - LP: #1354234
  * fs: convert use of typedef ctl_table to struct ctl_table
    - LP: #1354234
  * lock_parent: don't step on stale ->d_parent of all-but-freed one
    - LP: #1354234
  * tools/testing/selftests/ptrace/peeksiginfo.c: add PAGE_SIZE definition
    - LP: #1358855
  * x86, irq, pic: Probe for legacy PIC and set legacy_pic appropriately
    - LP: #1317697
  * bnx2x: Fix kernel crash and data miscompare after EEH recovery
    - LP: #1353105
  * bnx2x: Adapter not recovery from EEH error injection
    - LP: #1353105
  * Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE
    - LP: #1359670
  * bcache: fix crash on shutdown in passthrough mode
    - LP: #1357295
  * bcache: fix uninterruptible sleep in writeback thread
    - LP: #1357295
  * namespaces: Use task_lock and not rcu to protect nsproxy
    - LP: #1328088
  * MAINTAINERS: Add entry for APM X-Gene SoC ethernet driver
    - LP: #1360140
  * Documentation: dts: Add bindings for APM X-Gene SoC ethernet driver
    - LP: #1360140
  * dts: Add bindings for APM X-Gene SoC ethernet driver
    - LP: #1360140
  * drivers: net: Add APM X-Gene SoC ethernet driver support.
    - LP: #1360140
  * powerpc/mm: Add new "set" flag argument to pte/pmd update function
    - LP: #1357014
  * powerpc/thp: Add write barrier after updating the valid bit
    - LP: #1357014
  * powerpc/thp: Don't recompute vsid and ssize in loop on invalidate
    - LP: #1357014
  * powerpc/thp: Invalidate old 64K based hash page mapping before insert
    of 4k pte
    - LP: #1357014
  * powerpc/thp: Handle combo pages in invalidate
    - LP: #1357014
  * powerpc/thp: Invalidate with vpn in loop
    - LP: #1357014
  * powerpc/thp: Use ACCESS_ONCE when loading pmdp
    - LP: #1357014
  * powerpc/mm: Use read barrier when creating real_pte
    - LP: #1357014
  * powerpc/thp: Add tracepoints to track hugepage invalidate
    - LP: #1357014
  * powerpc: subpage_protect: Increase the array size to take care of 64TB
    - LP: #1357014
  * mfd: rtsx: Add set pull control macro and simplify rtl8411
    - LP: #1361086
  * mfd: rtsx: Add support for card reader rtl8402
    - LP: #1361086
  * kvm: iommu: fix the third parameter of kvm_iommu_put_pages
    (CVE-2014-3601)
    - LP: #1362443
    - CVE-2014-3601
  * isofs: Fix unbounded recursion when processing relocated directories
    - LP: #1362447, #1362448
    - CVE-2014-5472
  * net: sctp: inherit auth_capable on INIT collisions
    - LP: #1349804
    - CVE-2014-5077
  * blk-mq: fix initializing request's start time
    - LP: #1297522

  [ Vinayak Kale ]

  * SAUCE: (no-up) dt-bindings: Add Potenza PMU binding
    - LP: #1357527
  * SAUCE: (no-up) arm64: dts: Add PMU node for APM X-Gene Storm SOC
    - LP: #1357527
 -- Joseph Salisbury <joseph.salisbury@xxxxxxxxxxxxx>   Mon, 22 Sep 2014 15:51:07 -0400

** Changed in: linux (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3181

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3184

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3185

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3186

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3601

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3631

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-5077

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-5472

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-6410

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-6418

** Changed in: linux (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1370046

Title:
  CVE-2014-6417

Status in “linux” package in Ubuntu:
  Invalid
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  New
Status in “linux-lts-backport-natty” package in Ubuntu:
  New
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  Invalid
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  Invalid
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  New
Status in “linux-lts-backport-natty” source package in Lucid:
  New
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-lts-saucy” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Fix Released
Status in “linux-armadaxp” source package in Precise:
  Fix Released
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  New
Status in “linux-lts-backport-natty” source package in Precise:
  New
Status in “linux-lts-quantal” source package in Precise:
  New
Status in “linux-lts-raring” source package in Precise:
  Invalid
Status in “linux-lts-saucy” source package in Precise:
  New
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  Fix Released
Status in “linux” source package in Trusty:
  Fix Released
Status in “linux-armadaxp” source package in Trusty:
  Invalid
Status in “linux-ec2” source package in Trusty:
  Invalid
Status in “linux-fsl-imx51” source package in Trusty:
  Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
  New
Status in “linux-lts-backport-natty” source package in Trusty:
  New
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid
Status in “linux-mvl-dove” source package in Trusty:
  Invalid
Status in “linux-ti-omap4” source package in Trusty:
  Invalid
Status in “linux” source package in Utopic:
  Invalid
Status in “linux-armadaxp” source package in Utopic:
  Invalid
Status in “linux-ec2” source package in Utopic:
  Invalid
Status in “linux-fsl-imx51” source package in Utopic:
  Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
  New
Status in “linux-lts-backport-natty” source package in Utopic:
  New
Status in “linux-lts-quantal” source package in Utopic:
  Invalid
Status in “linux-lts-raring” source package in Utopic:
  Invalid
Status in “linux-lts-saucy” source package in Utopic:
  Invalid
Status in “linux-mvl-dove” source package in Utopic:
  Invalid
Status in “linux-ti-omap4” source package in Utopic:
  Invalid

Bug description:
  net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3,
  does not properly consider the possibility of kmalloc failure, which
  allows remote attackers to cause a denial of service (system crash) or
  possibly have unspecified other impact via a long unencrypted auth
  ticket.

  Break-Fix: ec0994e48ea2aebf62ff08376227f3a9ccf46262
  c27a3e4d667fdcad3db7b104f75659478e0c68d8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1370046/+subscriptions


References