← Back to team overview

kernel-packages team mailing list archive

[Bug 1383358] Re: CVE-2014-7975

 

This bug was fixed in the package linux-ti-omap4 - 3.2.0-1456.76

---------------
linux-ti-omap4 (3.2.0-1456.76) precise; urgency=low

  * Release Tracking Bug
    - LP: #1390175

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.2.0-72.107

  [ Ubuntu: 3.2.0-72.107 ]

  * Release Tracking Bug
    - LP: #1390048
  * Revert "iwlwifi: dvm: don't enable CTS to self"
    - LP: #1389928
  * regulatory: add NUL to alpha2
    - LP: #1389928
  * percpu: fix pcpu_alloc_pages() failure path
    - LP: #1389928
  * percpu: perform tlb flush after pcpu_map_pages() failure
    - LP: #1389928
  * percpu: free percpu allocation info for uniprocessor system
    - LP: #1389928
  * cgroup: reject cgroup names with ' '
    - LP: #1389928
  * KVM: s390: Fix user triggerable bug in dead code
    - LP: #1389928
  * rtlwifi: rtl8192cu: Add new ID
    - LP: #1389928
  * MIPS: ZBOOT: add missing <linux/string.h> include
    - LP: #1389928
  * regmap: if format_write is used, declare all registers as "unreadable"
    - LP: #1389928
  * regmap: Fix handling of volatile registers for format_write() chips
    - LP: #1389928
  * drm/i915: Remove bogus __init annotation from DMI callbacks
    - LP: #1389928
  * ahci: Add Device IDs for Intel 9 Series PCH
    - LP: #1389928
  * ata_piix: Add Device IDs for Intel 9 Series PCH
    - LP: #1389928
  * USB: ftdi_sio: add support for NOVITUS Bono E thermal printer
    - LP: #1389928
  * USB: sierra: avoid CDC class functions on "68A3" devices
    - LP: #1389928
  * USB: sierra: add 1199:68AA device ID
    - LP: #1389928
  * drm/vmwgfx: Fix a potential infinite spin waiting for fifo idle
    - LP: #1389928
  * ALSA: hda - Fix COEF setups for ALC1150 codec
    - LP: #1389928
  * xen/manage: Always freeze/thaw processes when suspend/resuming
    - LP: #1389928
  * aio: add missing smp_rmb() in read_events_ring
    - LP: #1389928
  * block: Fix dev_t minor allocation lifetime
    - LP: #1389928
  * ACPI / cpuidle: fix deadlock between cpuidle_lock and cpu_hotplug.lock
    - LP: #1389928
  * usb: dwc3: core: use pm_runtime_put_sync() on remove
    - LP: #1389928
  * usb: dwc3: core: fix order of PM runtime calls
    - LP: #1389928
  * ahci: add pcid for Marvel 0x9182 controller
    - LP: #1389928
  * drm/radeon: add connector quirk for fujitsu board
    - LP: #1389928
  * usb: host: xhci: fix compliance mode workaround
    - LP: #1389928
  * Input: elantech - fix detection of touchpad on ASUS s301l
    - LP: #1389928
  * USB: ftdi_sio: Add support for GE Healthcare Nemo Tracker device
    - LP: #1389928
  * uwb: init beacon cache entry before registering uwb device
    - LP: #1389928
  * perf: Fix a race condition in perf_remove_from_context()
    - LP: #1389928
  * Input: synaptics - add support for ForcePads
    - LP: #1389928
  * libceph: rename ceph_msg::front_max to front_alloc_len
    - LP: #1389928
  * libceph: gracefully handle large reply messages from the mon
    - LP: #1389928
  * Input: serport - add compat handling for SPIOCSTYPE ioctl
    - LP: #1389928
  * usb: hub: take hub->hdev reference when processing from eventlist
    - LP: #1389928
  * storage: Add single-LUN quirk for Jaz USB Adapter
    - LP: #1389928
  * xhci: Fix null pointer dereference if xhci initialization fails
    - LP: #1389928
  * Input: i8042 - add Fujitsu U574 to no_timeout dmi table
    - LP: #1389928
  * Input: i8042 - add nomux quirk for Avatar AVIU-145A6
    - LP: #1389928
  * futex: Unlock hb->lock in futex_wait_requeue_pi() error path
    - LP: #1389928
  * jiffies: Fix timeval conversion to jiffies
    - LP: #1389928
  * alarmtimer: Return relative times in timer_gettime
    - LP: #1389928
  * alarmtimer: Do not signal SIGEV_NONE timers
    - LP: #1389928
  * alarmtimer: Lock k_itimer during timer callback
    - LP: #1389928
  * don't bugger nd->seq on set_root_rcu() from follow_dotdot_rcu()
    - LP: #1389928
  * vfs: Fold follow_mount_rcu() into follow_dotdot_rcu()
    - LP: #1389928
  * be careful with nd->inode in path_init() and follow_dotdot_rcu()
    - LP: #1389928
  * iscsi-target: Fix memory corruption in
    iscsit_logout_post_handler_diffcid
    - LP: #1389928
  * iscsi-target: avoid NULL pointer in iscsi_copy_param_list failure
    - LP: #1389928
  * NFSv4: Fix another bug in the close/open_downgrade code
    - LP: #1389928
  * libiscsi: fix potential buffer overrun in __iscsi_conn_send_pdu
    - LP: #1389928
  * USB: storage: Add quirk for Adaptec USBConnect 2000 USB-to-SCSI Adapter
    - LP: #1389928
  * USB: storage: Add quirk for Ariston Technologies iConnect USB to SCSI
    adapter
    - LP: #1389928
  * USB: storage: Add quirks for Entrega/Xircom USB to SCSI converters
    - LP: #1389928
  * nl80211: clear skb cb before passing to netlink
    - LP: #1389928
  * can: flexcan: mark TX mailbox as TX_INACTIVE
    - LP: #1389928
  * can: flexcan: correctly initialize mailboxes
    - LP: #1389928
  * can: flexcan: implement workaround for errata ERR005829
    - LP: #1389928
  * can: flexcan: put TX mailbox into TX_INACTIVE mode after tx-complete
    - LP: #1389928
  * can: at91_can: add missing prepare and unprepare of the clock
    - LP: #1389928
  * ALSA: pcm: fix fifo_size frame calculation
    - LP: #1389928
  * Fix nasty 32-bit overflow bug in buffer i/o code.
    - LP: #1389928
  * parisc: Only use -mfast-indirect-calls option for 32-bit kernel builds
    - LP: #1389928
  * sched: Fix unreleased llc_shared_mask bit during CPU hotplug
    - LP: #1389928
  * ARM: 8165/1: alignment: don't break misaligned NEON load/store
    - LP: #1389928
  * MIPS: mcount: Adjust stack pointer for static trace in MIPS32
    - LP: #1389928
  * nilfs2: fix data loss with mmap()
    - LP: #1389928
  * ocfs2/dlm: do not get resource spinlock if lockres is new
    - LP: #1389928
  * shmem: fix nlink for rename overwrite directory
    - LP: #1389928
  * mm: migrate: Close race between migration completion and mprotect
    - LP: #1389928
  * perf: fix perf bug in fork()
    - LP: #1389928
  * init/Kconfig: Hide printk log config if CONFIG_PRINTK=n
    - LP: #1389928
  * MIPS: Fix forgotten preempt_enable() when CPU has inclusive pcaches
    - LP: #1389928
  * ipv4: move route garbage collector to work queue
    - LP: #1389928
  * ipv4: avoid parallel route cache gc executions
    - LP: #1389928
  * ipv4: disable bh while doing route gc
    - LP: #1389928
  * ipv6: reallocate addrconf router for ipv6 address when lo device up
    - LP: #1389928
  * ext4: fix BUG_ON in mb_free_blocks()
    - LP: #1389928
  * ipv6: reuse ip6_frag_id from ip6_ufo_append_data
    - LP: #1389928
  * KVM: x86: Check non-canonical addresses upon WRMSR
    - LP: #1389928
  * KVM: x86: Improve thread safety in pit
    - LP: #1389928
  * nEPT: Nested INVEPT
    - LP: #1389928
  * kvm: vmx: handle invvpid vm exit gracefully
    - LP: #1389928
  * KVM: x86 emulator: Use opcode::execute for CALL
    - LP: #1389928
  * KVM: x86: Fix wrong masking on relative jump/call
    - LP: #1389928
  * KVM: x86: Emulator fixes for eip canonical checks on near branches
    - LP: #1389928
  * KVM: x86: use new CS.RPL as CPL during task switch
    - LP: #1389928
  * KVM: x86: Handle errors when RIP is set during far jumps
    - LP: #1389928
  * net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks
    - LP: #1389928
  * net: sctp: fix panic on duplicate ASCONF chunks
    - LP: #1389928
  * net: sctp: fix remote memory pressure from excessive queueing
    - LP: #1389928
  * x86,kvm,vmx: Preserve CR4 across VM entry
    - LP: #1389928
  * dm crypt: fix access beyond the end of allocated space
    - LP: #1389928
  * ext2: Fix fs corruption in ext2_get_xip_mem()
    - LP: #1389928
  * ipvs: avoid netns exit crash on ip_vs_conn_drop_conntrack
    - LP: #1389928
  * ring-buffer: Fix infinite spin in reading buffer
    - LP: #1389928
  * genhd: fix leftover might_sleep() in blk_free_devt()
    - LP: #1389928
  * KVM: x86: Fix far-jump to non-canonical check
    - LP: #1389928
  * l2tp: fix race while getting PMTU on PPP pseudo-wire
    - LP: #1389928
  * Linux 3.2.64
    - LP: #1389928

  [ Ubuntu: 3.2.0-71.106 ]

  * Release Tracking Bug
    - LP: #1388903
  * [Config] updateconfigs - enable X86_16BIT and ESPFIX
    - LP: #1328965
  * [Config] CS5535_MFGPT=m, GEODE_WDT=m
  * [Debian] Fix linux-doc dangling symlinks
    - LP: #661306
  * Revert "lzo: properly check for overruns"
    - LP: #1335313
    - CVE-2014-4608
  * lzo: check for length overrun in variable length encoding.
    - LP: #1335313
    - CVE-2014-4608
  * fs: Add a missing permission check to do_umount
    - LP: #1383358
    - CVE-2014-7975
 -- Paolo Pisati <paolo.pisati@xxxxxxxxxxxxx>   Tue, 11 Nov 2014 10:58:44 +0100

** Changed in: linux-ti-omap4 (Ubuntu Precise)
       Status: Fix Committed => Fix Released

** Changed in: linux-ti-omap4 (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1383358

Title:
  CVE-2014-7975

Status in “linux” package in Ubuntu:
  Fix Committed
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  New
Status in “linux-lts-backport-natty” package in Ubuntu:
  New
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  Fix Released
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  Fix Released
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  New
Status in “linux-lts-backport-natty” source package in Lucid:
  New
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-lts-saucy” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Fix Released
Status in “linux-armadaxp” source package in Precise:
  Fix Released
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  New
Status in “linux-lts-backport-natty” source package in Precise:
  New
Status in “linux-lts-quantal” source package in Precise:
  Fix Committed
Status in “linux-lts-raring” source package in Precise:
  Invalid
Status in “linux-lts-saucy” source package in Precise:
  Fix Committed
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  Fix Released
Status in “linux” source package in Trusty:
  Fix Released
Status in “linux-armadaxp” source package in Trusty:
  Invalid
Status in “linux-ec2” source package in Trusty:
  Invalid
Status in “linux-fsl-imx51” source package in Trusty:
  Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
  New
Status in “linux-lts-backport-natty” source package in Trusty:
  New
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid
Status in “linux-mvl-dove” source package in Trusty:
  Invalid
Status in “linux-ti-omap4” source package in Trusty:
  Invalid
Status in “linux” source package in Utopic:
  Fix Released
Status in “linux-armadaxp” source package in Utopic:
  Invalid
Status in “linux-ec2” source package in Utopic:
  Invalid
Status in “linux-fsl-imx51” source package in Utopic:
  Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
  New
Status in “linux-lts-backport-natty” source package in Utopic:
  New
Status in “linux-lts-quantal” source package in Utopic:
  Invalid
Status in “linux-lts-raring” source package in Utopic:
  Invalid
Status in “linux-lts-saucy” source package in Utopic:
  Invalid
Status in “linux-mvl-dove” source package in Utopic:
  Invalid
Status in “linux-ti-omap4” source package in Utopic:
  Invalid
Status in “linux” source package in Vivid:
  Fix Committed
Status in “linux-armadaxp” source package in Vivid:
  Invalid
Status in “linux-ec2” source package in Vivid:
  Invalid
Status in “linux-fsl-imx51” source package in Vivid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Vivid:
  New
Status in “linux-lts-backport-natty” source package in Vivid:
  New
Status in “linux-lts-quantal” source package in Vivid:
  Invalid
Status in “linux-lts-raring” source package in Vivid:
  Invalid
Status in “linux-lts-saucy” source package in Vivid:
  Invalid
Status in “linux-mvl-dove” source package in Vivid:
  Invalid
Status in “linux-ti-omap4” source package in Vivid:
  Invalid

Bug description:
  The do_umount function in fs/namespace.c in the Linux kernel through
  3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb
  calls that change the root filesystem to read-only, which allows local
  users to cause a denial of service (loss of writability) by making
  certain unshare system calls, clearing the / MNT_LOCKED flag, and
  making an MNT_FORCE umount system call.

  Break-Fix: - a1480dcc3c706e309a88884723446f2e84fedd5b

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1383358/+subscriptions


References