This bug was fixed in the package linux-ti-omap4 - 3.5.0-242.58 --------------- linux-ti-omap4 (3.5.0-242.58) quantal; urgency=low
* Release Tracking Bug - LP: #1317330 [ Paolo Pisati ] * rebased on Ubuntu-3.5.0-51.75 [ Ubuntu: 3.5.0-51.75 ] * Merged back Ubuntu-3.5.0-49.74 security release * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode" - LP: #1314762 * Release Tracking Bug - LP: #1317227 * ipv6: don't set DST_NOCOUNT for remotely added routes - LP: #1293726 - CVE-2014-2309 * vhost: fix total length when packets are too short - LP: #1312984 - CVE-2014-0077 * n_tty: Fix n_tty_write crash when echoing in raw mode - LP: #1314762 - CVE-2014-0196 * floppy: ignore kernel-only members in FDRAWCMD ioctl input - LP: #1316729 - CVE-2014-1737 * floppy: don't write kernel-only members to FDRAWCMD ioctl output - LP: #1316735 - CVE-2014-1738 [ Ubuntu: 3.5.0-50.74 ] * Release Tracking Bug - LP: #1313852 * rds: prevent dereference of a NULL device in rds_iw_laddr_check - LP: #1302222 - CVE-2014-2678 * vhost: validate vhost_get_vq_desc return value - LP: #1298117 - CVE-2014-0055 * netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages - LP: #1295090 - CVE-2014-2523 * ALSA: oxygen: Xonar DG(X): capture from I2S channel 1, not 2 - LP: #1310783 * ALSA: oxygen: Xonar DG(X): modify DAC routing - LP: #1310783 * mac80211: fix AP powersave TX vs. wakeup race - LP: #1310783 * iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when assoc fails - LP: #1310783 * ath9k: protect tid->sched check - LP: #1310783 * ath9k: Fix ETSI compliance for AR9462 2.0 - LP: #1310783 * genirq: Remove racy waitqueue_active check - LP: #1310783 * sched: Fix double normalization of vruntime - LP: #1310783 * cpuset: fix a race condition in __cpuset_node_allowed_softwall() - LP: #1310783 * firewire: net: fix use after free - LP: #1310783 * mwifiex: do not advertise usb autosuspend support - LP: #1310783 * NFS: Fix a delegation callback race - LP: #1310783 * can: flexcan: fix shutdown: first disable chip, then all interrupts - LP: #1310783 * can: flexcan: flexcan_open(): fix error path if flexcan_chip_start() fails - LP: #1310783 * tracing: Do not add event files for modules that fail tracepoints - LP: #1310783 * ocfs2: fix quota file corruption - LP: #1310783 * rapidio/tsi721: fix tasklet termination in dma channel release - LP: #1310783 * ALSA: usb-audio: Add quirk for Logitech Webcam C500 - LP: #1310783 * drm/radeon: TTM must be init with cpu-visible VRAM, v2 - LP: #1310783 * drm/radeon/atom: select the proper number of lanes in transmitter setup - LP: #1310783 * powerpc: Align p_dyn, p_rela and p_st symbols - LP: #1310783 * libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus SpinPoint M8 (2BA30001) - LP: #1310783 * usb: Add device quirk for Logitech HD Pro Webcams C920 and C930e - LP: #1310783 * usb: Make DELAY_INIT quirk wait 100ms between Get Configuration requests - LP: #1310783 * ARM: 7991/1: sa1100: fix compile problem on Collie - LP: #1310783 * firewire: don't use PREPARE_DELAYED_WORK - LP: #1310783 * x86: Ignore NMIs that come in during early boot - LP: #1310783 * x86: fix compile error due to X86_TRAP_NMI use in asm files - LP: #1310783 * virtio-net: alloc big buffers also when guest can receive UFO - LP: #1310783 * tg3: Don't check undefined error bits in RXBD - LP: #1310783 * net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable - LP: #1310783 * usb: dwc3: add support for Merrifield - LP: #1310783 * mac80211: clear sequence/fragment number in QoS-null frames - LP: #1310783 * mwifiex: copy AP's HT capability info correctly - LP: #1310783 * net: unix socket code abuses csum_partial - LP: #1310783 * ibmveth: Fix endian issues with MAC addresses - LP: #1310783 * [SCSI] isci: fix reset timeout handling - LP: #1310783 * [SCSI] isci: correct erroneous for_each_isci_host macro - LP: #1310783 * [SCSI] qla2xxx: Poll during initialization for ISP25xx and ISP83xx - LP: #1310783 * ocfs2 syncs the wrong range... - LP: #1310783 * fs/proc/base.c: fix GPF in /proc/$PID/map_files - LP: #1310783 * vmxnet3: fix netpoll race condition - LP: #1310783 * [SCSI] storvsc: NULL pointer dereference fix - LP: #1310783 * PCI: Enable INTx in pci_reenable_device() only when MSI/MSI-X not enabled - LP: #1310783 * KVM: SVM: fix cr8 intercept window - LP: #1310783 * drm/ttm: don't oops if no invalidate_caches() - LP: #1310783 * vmxnet3: fix building without CONFIG_PCI_MSI - LP: #1310783 * x86/amd/numa: Fix northbridge quirk to assign correct NUMA node - LP: #1310783 * Btrfs: fix data corruption when reading/updating compressed extents - LP: #1310783 * jiffies: Avoid undefined behavior from signed overflow - LP: #1310783 * ALSA: compress: Pass through return value of open ops callback - LP: #1310783 * acpi-cpufreq: set current frequency based on target P-State - LP: #1310783 * hpfs: deadlock and race in directory lseek() - LP: #1310783 * intel_idle: Check cpu_idle_get_driver() for NULL before dereferencing it. - LP: #1310783 * ipc/msg: fix race around refcount - LP: #1310783 * Input: synaptics - add manual min/max quirk - LP: #1310783 * Input: synaptics - add manual min/max quirk for ThinkPad X240 - LP: #1310783 * x86: fix boot on uniprocessor systems - LP: #1310783 * staging: speakup: Prefix externally-visible symbols - LP: #1310783 * ext4: atomically set inode->i_flags in ext4_set_inode_flags() - LP: #1310783 * deb-pkg: Fix cross-building linux-headers package - LP: #1310783 * x86: bpf_jit: support negative offsets - LP: #1310783 * p54: clamp properly instead of just truncating - LP: #1310783 * ALSA: hda/realtek - Avoid invalid COEFs for ALC271X - LP: #1310783 * of: Fix address decoding on Bimini and js2x machines - LP: #1310783 * of: fix PCI bus match for PCIe slots - LP: #1310783 * libata: disable LPM for some WD SATA-I devices - LP: #1310783 * mmc: sdhci: fix lockdep error in tuning routine - LP: #1310783 * usb: ehci: add freescale imx28 special write register method - LP: #1310783 * USB: pl2303: fix data corruption on termios updates - LP: #1310783 * Linux 3.5.7.33 - LP: #1310783 * net: ipv4: current group_info should be put after using. - CVE-2014-2851 [ Ubuntu: 3.5.0-49.74 ] * n_tty: Fix n_tty_write crash when echoing in raw mode -- Paolo Pisati <paolo.pis...@canonical.com> Fri, 09 May 2014 16:00:35 +0200 ** Changed in: linux-ti-omap4 (Ubuntu Saucy) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-armadaxp in Ubuntu. https://bugs.launchpad.net/bugs/1312984 Title: CVE-2014-0077 Status in “linux” package in Ubuntu: Fix Committed Status in “linux-armadaxp” package in Ubuntu: Invalid Status in “linux-ec2” package in Ubuntu: Invalid Status in “linux-fsl-imx51” package in Ubuntu: Invalid Status in “linux-lts-backport-maverick” package in Ubuntu: New Status in “linux-lts-backport-natty” package in Ubuntu: New Status in “linux-lts-quantal” package in Ubuntu: Invalid Status in “linux-lts-raring” package in Ubuntu: Invalid Status in “linux-lts-saucy” package in Ubuntu: Invalid Status in “linux-mvl-dove” package in Ubuntu: Invalid Status in “linux-ti-omap4” package in Ubuntu: Invalid Status in “linux” source package in Lucid: Invalid Status in “linux-armadaxp” source package in Lucid: Invalid Status in “linux-ec2” source package in Lucid: Invalid Status in “linux-fsl-imx51” source package in Lucid: Invalid Status in “linux-lts-backport-maverick” source package in Lucid: New Status in “linux-lts-backport-natty” source package in Lucid: New Status in “linux-lts-quantal” source package in Lucid: Invalid Status in “linux-lts-raring” source package in Lucid: Invalid Status in “linux-lts-saucy” source package in Lucid: Invalid Status in “linux-mvl-dove” source package in Lucid: Invalid Status in “linux-ti-omap4” source package in Lucid: Invalid Status in “linux” source package in Precise: Fix Released Status in “linux-armadaxp” source package in Precise: Fix Released Status in “linux-ec2” source package in Precise: Invalid Status in “linux-fsl-imx51” source package in Precise: Invalid Status in “linux-lts-backport-maverick” source package in Precise: New Status in “linux-lts-backport-natty” source package in Precise: New Status in “linux-lts-quantal” source package in Precise: Fix Released Status in “linux-lts-raring” source package in Precise: Fix Released Status in “linux-lts-saucy” source package in Precise: Fix Released Status in “linux-mvl-dove” source package in Precise: Invalid Status in “linux-ti-omap4” source package in Precise: Fix Released Status in “linux-lts-backport-maverick” source package in Quantal: New Status in “linux-lts-backport-natty” source package in Quantal: New Status in “linux” source package in Saucy: Fix Released Status in “linux-armadaxp” source package in Saucy: Invalid Status in “linux-ec2” source package in Saucy: Invalid Status in “linux-fsl-imx51” source package in Saucy: Invalid Status in “linux-lts-backport-maverick” source package in Saucy: New Status in “linux-lts-backport-natty” source package in Saucy: New Status in “linux-lts-quantal” source package in Saucy: Invalid Status in “linux-lts-raring” source package in Saucy: Invalid Status in “linux-lts-saucy” source package in Saucy: Invalid Status in “linux-mvl-dove” source package in Saucy: Invalid Status in “linux-ti-omap4” source package in Saucy: Fix Released Status in “linux” source package in Trusty: Fix Released Status in “linux-armadaxp” source package in Trusty: Invalid Status in “linux-ec2” source package in Trusty: Invalid Status in “linux-fsl-imx51” source package in Trusty: Invalid Status in “linux-lts-backport-maverick” source package in Trusty: New Status in “linux-lts-backport-natty” source package in Trusty: New Status in “linux-lts-quantal” source package in Trusty: Invalid Status in “linux-lts-raring” source package in Trusty: Invalid Status in “linux-lts-saucy” source package in Trusty: Invalid Status in “linux-mvl-dove” source package in Trusty: Invalid Status in “linux-ti-omap4” source package in Trusty: Invalid Status in “linux” source package in Utopic: Fix Committed Status in “linux-armadaxp” source package in Utopic: Invalid Status in “linux-ec2” source package in Utopic: Invalid Status in “linux-fsl-imx51” source package in Utopic: Invalid Status in “linux-lts-backport-maverick” source package in Utopic: New Status in “linux-lts-backport-natty” source package in Utopic: New Status in “linux-lts-quantal” source package in Utopic: Invalid Status in “linux-lts-raring” source package in Utopic: Invalid Status in “linux-lts-saucy” source package in Utopic: Invalid Status in “linux-mvl-dove” source package in Utopic: Invalid Status in “linux-ti-omap4” source package in Utopic: Invalid Bug description: drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. Break-Fix: 8dd014adfea6f173c1ef6378f7e5e7924866c923 d8316f3991d207fe32881a9ac20241be8fa2bad0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1312984/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp