← Back to team overview

kernel-packages team mailing list archive

[Bug 1370042] Re: CVE-2014-6410

 

This bug was fixed in the package linux - 3.2.0-70.105

---------------
linux (3.2.0-70.105) precise; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - re-used previous tracking bug

  [ Upstream Kernel Changes ]

  * udf: Avoid infinite loop when processing indirect ICBs
    - LP: #1370042
    - CVE-2014-6410

linux (3.2.0-70.104) precise; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1372522

  [ Tim Gardner ]

  * SAUCE: Fix nfs oops stable regression
    - LP: #1348670
  * [Config] updateconfigs
    - LP: #1369711

  [ Upstream Kernel Changes ]

  * Revert "x86-64, modify_ldt: Make support for 16-bit segments a runtime
    option"
    - LP: #1369711
  * KVM: x86: Inter-privilege level ret emulation is not implemeneted
    - LP: #1369711
  * ASoC: samsung: Correct I2S DAI suspend/resume ops
    - LP: #1369711
  * block: don't assume last put of shared tags is for the host
    - LP: #1369711
  * stable_kernel_rules: Add pointer to netdev-FAQ for network patches
    - LP: #1369711
  * debugfs: Fix corrupted loop in debugfs_remove_recursive
    - LP: #1369711
  * serial: core: Preserve termios c_cflag for console resume
    - LP: #1369711
  * tda10071: force modulation to QPSK on DVB-S
    - LP: #1369711
  * gspca_pac7302: Add new usb-id for Genius i-Look 317
    - LP: #1369711
  * mtd/ftl: fix the double free of the buffers allocated in build_maps()
    - LP: #1369711
  * x86: don't exclude low BIOS area when allocating address space for
    non-PCI cards
    - LP: #1369711
  * Bluetooth: never linger on process exit
    - LP: #1369711
  * scsi: handle flush errors properly
    - LP: #1369711
  * USB: OHCI: don't lose track of EDs when a controller dies
    - LP: #1369711
  * ahci: add support for the Promise FastTrak TX8660 SATA HBA (ahci mode)
    - LP: #1369711
  * usbcore: don't log on consecutive debounce failures of the same port
    - LP: #1369711
  * USB: Fix persist resume of some SS USB devices
    - LP: #1369711
  * drm/radeon: fix irq ring buffer overflow handling
    - LP: #1369711
  * hwmon: (smsc47m192) Fix temperature limit and vrm write operations
    - LP: #1369711
  * staging: vt6655: Fix Warning on boot handle_irq_event_percpu.
    - LP: #1369711
  * staging: vt6655: Fix disassociated messages every 10 seconds
    - LP: #1369711
  * bfa: Fix undefined bit shift on big-endian architectures with 32-bit
    DMA address
    - LP: #1369711
  * hpsa: fix bad -ENOMEM return value in hpsa_big_passthru_ioctl
    - LP: #1369711
  * Drivers: scsi: storvsc: Implement a eh_timed_out handler
    - LP: #1369711
  * Fix gcc-4.9.0 miscompilation of load_balance() in scheduler
    - LP: #1369711
  * iommu/vt-d: Exclude devices using RMRRs from IOMMU API domains
    - LP: #1369711
  * net: sendmsg: fix NULL pointer dereference
    - LP: #1369711
  * tpm: Provide a generic means to override the chip returned timeouts
    - LP: #1369711
  * hwmon: (ads1015) Fix off-by-one for valid channel index checking
    - LP: #1369711
  * MIPS: tlbex: Fix a missing statement for HUGETLB
    - LP: #1369711
  * MIPS: Prevent user from setting FCSR cause bits
    - LP: #1369711
  * mm, thp: do not allow thp faults to avoid cpuset restrictions
    - LP: #1369711
  * md/raid1,raid10: always abort recover on write error.
    - LP: #1369711
  * ext4: cleanup in ext4_discard_allocated_blocks()
    - LP: #1369711
  * ext4: fix ext4_discard_allocated_blocks() if we can't allocate the pa
    struct
    - LP: #1369711
  * hwmon: (lm85) Fix various errors on attribute writes
    - LP: #1369711
  * hwmon: (lm78) Fix overflow problems seen when writing large temperature
    limits
    - LP: #1369711
  * hwmon: (amc6821) Fix return value
    - LP: #1369711
  * hwmon: (amc6821) Fix possible race condition bug
    - LP: #1369711
  * MIPS: GIC: Prevent array overrun
    - LP: #1369711
  * crypto: af_alg - properly label AF_ALG socket
    - LP: #1369711
  * mnt: Change the default remount atime from relatime to the existing
    value
    - LP: #1369711
  * ARM: OMAP3: Fix choice of omap3_restore_es function in OMAP34XX
    rev3.1.2 case.
    - LP: #1369711
  * netlabel: use GFP flags from caller instead of GFP_ATOMIC
    - LP: #1369711
  * netlabel: fix a problem when setting bits below the previously lowest
    bit
    - LP: #1369711
  * USB: serial: ftdi_sio: Annotate the current Xsens PID assignments
    - LP: #1369711
  * USB: serial: ftdi_sio: Add support for new Xsens devices
    - LP: #1369711
  * ALSA: virtuoso: Xonar DSX support
    - LP: #1369711
  * ALSA: virtuoso: add Xonar Essence STX II support
    - LP: #1369711
  * hwmon: (gpio-fan) Prevent overflow problem when writing large limits
    - LP: #1369711
  * hwmon: (sis5595) Prevent overflow problem when writing large limits
    - LP: #1369711
  * drm/ttm: Fix possible stack overflow by recursive shrinker calls.
    - LP: #1369711
  * powerpc/mm/numa: Fix break placement
    - LP: #1369711
  * drm/radeon: load the lm63 driver for an lm64 thermal chip.
    - LP: #1369711
  * RDMA/iwcm: Use a default listen backlog if needed
    - LP: #1369711
  * hwmon: (lm92) Prevent overflow problem when writing large limits
    - LP: #1369711
  * hwmon: (ads1015) Fix out-of-bounds array access
    - LP: #1369711
  * s390/locking: Reenable optimistic spinning
    - LP: #1369711
  * ring-buffer: Up rb_iter_peek() loop count to 3
    - LP: #1369711
  * ring-buffer: Always reset iterator to reader page
    - LP: #1369711
  * x86/xen: resume timer irqs early
    - LP: #1369711
  * carl9170: fix sending URBs with wrong type when using full-speed
    - LP: #1369711
  * reiserfs: Fix use after free in journal teardown
    - LP: #1369711
  * powerpc: Fix build errors STRICT_MM_TYPECHECKS
    - LP: #1369711
  * powerpc/mm: Use read barrier when creating real_pte
    - LP: #1369711
  * ASoC: pxa-ssp: drop SNDRV_PCM_FMTBIT_S24_LE
    - LP: #1369711
  * Btrfs: fix csum tree corruption, duplicate and outdated checksums
    - LP: #1369711
  * ALSA: hda/realtek - Avoid setting wrong COEF on ALC269 & co
    - LP: #1369711
  * CIFS: Fix wrong directory attributes after rename
    - LP: #1369711
  * md/raid6: avoid data corruption during recovery of double-degraded
    RAID6
    - LP: #1369711
  * USB: option: add VIA Telecom CDS7 chipset device id
    - LP: #1369711
  * USB: ftdi_sio: add Basic Micro ATOM Nano USB2Serial PID
    - LP: #1369711
  * USB: serial: pl2303: add device id for ztek device
    - LP: #1369711
  * USB: ftdi_sio: Added PID for new ekey device
    - LP: #1369711
  * iommu/amd: Fix cleanup_domain for mass device removal
    - LP: #1369711
  * pata_scc: propagate return value of scc_wait_after_reset
    - LP: #1369711
  * xhci: Treat not finding the event_seg on COMP_STOP the same as
    COMP_STOP_INVAL
    - LP: #1369711
  * usb: xhci: amd chipset also needs short TX quirk
    - LP: #1369711
  * MIPS: OCTEON: make get_system_type() thread-safe
    - LP: #1369711
  * xhci: rework cycle bit checking for new dequeue pointers
    - LP: #1369711
  * HID: logitech: perform bounds checking on device_id early enough
    - LP: #1369711
  * HID: fix a couple of off-by-ones
    - LP: #1369711
  * USB: whiteheat: Added bounds checking for bulk command response
    - LP: #1369711
  * HID: logitech-dj: prevent false errors to be shown
    - LP: #1369711
  * ACPI / EC: Add support to disallow QR_EC to be issued when SCI_EVT
    isn't set
    - LP: #1369711
  * USB: sisusb: add device id for Magic Control USB video
    - LP: #1369711
  * NFSv4: Fix problems with close in the presence of a delegation
    - LP: #1369711
  * HID: magicmouse: sanity check report size in raw_event() callback
    - LP: #1369711
  * HID: picolcd: sanity check report size in raw_event() callback
    - LP: #1369711
  * ARM: 8128/1: abort: don't clear the exclusive monitors
    - LP: #1369711
  * ARM: 8129/1: errata: work around Cortex-A15 erratum 830321 using dummy
    strex
    - LP: #1369711
  * USB: serial: fix potential stack buffer overflow
    - LP: #1369711
  * USB: serial: fix potential heap buffer overflow
    - LP: #1369711
  * openrisc: add missing header inclusion
    - LP: #1369711
  * MIPS: perf: Fix build error caused by unused
    counters_per_cpu_to_total()
    - LP: #1369711
  * MIPS: Fix accessing to per-cpu data when flushing the cache
    - LP: #1369711
  * openrisc: include export.h for EXPORT_SYMBOL
    - LP: #1369711
  * inetpeer: get rid of ip_id_count
    - LP: #1369711
  * ip: make IP identifiers less predictable
    - LP: #1369711
  * tcp: Fix integer-overflows in TCP veno
    - LP: #1369711
  * tcp: Fix integer-overflow in TCP vegas
    - LP: #1369711
  * macvlan: Initialize vlan_features to turn on offload support.
    - LP: #1369711
  * iovec: make sure the caller actually wants anything in
    memcpy_fromiovecend
    - LP: #1369711
  * sctp: fix possible seqlock seadlock in sctp_packet_transmit()
    - LP: #1369711
  * sparc64: Fix argument sign extension for compat_sys_futex().
    - LP: #1369711
  * sparc64: Make itc_sync_lock raw
    - LP: #1369711
  * sparc64: Handle 32-bit tasks properly in compute_effective_address().
    - LP: #1369711
  * sparc64: Fix top-level fault handling bugs.
    - LP: #1369711
  * sparc64: Don't bark so loudly about 32-bit tasks generating 64-bit
    fault addresses.
    - LP: #1369711
  * sparc64: Fix huge TSB mapping on pre-UltraSPARC-III cpus.
    - LP: #1369711
  * sparc64: Add membar to Niagara2 memcpy code.
    - LP: #1369711
  * sparc64: Do not insert non-valid PTEs into the TSB hash table.
    - LP: #1369711
  * sparc64: Guard against flushing openfirmware mappings.
    - LP: #1369711
  * bbc-i2c: Fix BBC I2C envctrl on SunBlade 2000
    - LP: #1369711
  * sunsab: Fix detection of BREAK on sunsab serial console
    - LP: #1369711
  * sparc64: ldc_connect() should not return EINVAL when handshake is in
    progress.
    - LP: #1369711
  * arch/sparc/math-emu/math_32.c: drop stray break operator
    - LP: #1369711
  * slab/mempolicy: always use local policy from interrupt context
    - LP: #1369711
  * sparc: use asm-generic version of types.h
    - LP: #1369711
  * x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
    - LP: #1369711
  * x86, espfix: Move espfix definitions into a separate header file
    - LP: #1369711
  * x86, espfix: Fix broken header guard
    - LP: #1369711
  * x86, espfix: Make espfix64 a Kconfig option, fix UML
    - LP: #1369711
  * x86, espfix: Make it possible to disable 16-bit support
    - LP: #1369711
  * x86_64/entry/xen: Do not invoke espfix64 on Xen
    - LP: #1369711
  * x86/espfix/xen: Fix allocation of pages for paravirt page tables
    - LP: #1369711
  * microblaze: Fix makefile to work with latest toolchain
    - LP: #1369711
  * Linux 3.2.63
    - LP: #1369711
  * libceph: add process_one_ticket() helper
    - LP: #1370044, #1370046, #1370047
    - CVE-2014-6418
  * libceph: do not hard code max auth ticket len
    - LP: #1370044, #1370046, #1370047
    - CVE-2014-6418
 -- Kamal Mostafa <kamal@xxxxxxxxxxxxx>   Wed, 24 Sep 2014 12:16:42 -0700

** Changed in: linux-ti-omap4 (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1370042

Title:
  CVE-2014-6410

Status in “linux” package in Ubuntu:
  Fix Released
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  New
Status in “linux-lts-backport-natty” package in Ubuntu:
  New
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  Fix Released
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  Fix Released
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  New
Status in “linux-lts-backport-natty” source package in Lucid:
  New
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-lts-saucy” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Fix Released
Status in “linux-armadaxp” source package in Precise:
  Fix Released
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  New
Status in “linux-lts-backport-natty” source package in Precise:
  New
Status in “linux-lts-quantal” source package in Precise:
  New
Status in “linux-lts-raring” source package in Precise:
  Invalid
Status in “linux-lts-saucy” source package in Precise:
  New
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  Fix Released
Status in “linux” source package in Trusty:
  Fix Released
Status in “linux-armadaxp” source package in Trusty:
  Invalid
Status in “linux-ec2” source package in Trusty:
  Invalid
Status in “linux-fsl-imx51” source package in Trusty:
  Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
  New
Status in “linux-lts-backport-natty” source package in Trusty:
  New
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid
Status in “linux-mvl-dove” source package in Trusty:
  Invalid
Status in “linux-ti-omap4” source package in Trusty:
  Invalid
Status in “linux” source package in Utopic:
  Fix Released
Status in “linux-armadaxp” source package in Utopic:
  Invalid
Status in “linux-ec2” source package in Utopic:
  Invalid
Status in “linux-fsl-imx51” source package in Utopic:
  Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
  New
Status in “linux-lts-backport-natty” source package in Utopic:
  New
Status in “linux-lts-quantal” source package in Utopic:
  Invalid
Status in “linux-lts-raring” source package in Utopic:
  Invalid
Status in “linux-lts-saucy” source package in Utopic:
  Invalid
Status in “linux-mvl-dove” source package in Utopic:
  Invalid
Status in “linux-ti-omap4” source package in Utopic:
  Invalid

Bug description:
  The __udf_read_inode function in fs/udf/inode.c in the Linux kernel
  through 3.16.3 does not restrict the amount of ICB indirection, which
  allows physically proximate attackers to cause a denial of service
  (infinite loop or stack consumption) via a UDF filesystem with a
  crafted inode.

  Break-Fix: - c03aa9f6e1f938618e6db2e23afef0574efeeb65

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1370042/+subscriptions


References