This bug was fixed in the package linux - 2.6.32-64.128 --------------- linux (2.6.32-64.128) lucid; urgency=low
[ Upstream Kernel Changes ] * l2tp: Privilege escalation in ppp over l2tp sockets - LP: #1341472 - CVE-2014-4943 linux (2.6.32-64.127) lucid; urgency=low [ Luis Henriques ] * Merged back Ubuntu-2.6.32-62.126 security release * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)" - LP: #1337339 * Release Tracking Bug - LP: #1338946 [ Upstream Kernel Changes ] * ptrace,x86: force IRET path after a ptrace_stop() - LP: #1337339 - CVE-2014-4699 linux (2.6.32-63.126) lucid; urgency=low [ Luis Henriques ] * Release Tracking Bug - LP: #1335875 [ Upstream Kernel Changes ] * net: check net.core.somaxconn sysctl values - LP: #1321293 * sysctl net: Keep tcp_syn_retries inside the boundary - LP: #1321293 * ethtool: Report link-down while interface is down - LP: #1335049 * futex: Prevent attaching to kernel threads - LP: #1335049 * auditsc: audit_krule mask accesses need bounds checking - LP: #1335049 * net: fix regression introduced in 2.6.32.62 by sysctl fixes - LP: #1335049 * Linux 2.6.32.63 - LP: #1335049 * lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c - LP: #1335313 - CVE-2014-4608 * lib/lzo: Update LZO compression to current upstream version - LP: #1335313 - CVE-2014-4608 * lzo: properly check for overruns - LP: #1335313 - CVE-2014-4608 -- Luis Henriques <luis.henriq...@canonical.com> Mon, 14 Jul 2014 16:33:33 +0100 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1335049 Title: Lucid update to 2.6.32.63 stable release Status in “linux” package in Ubuntu: New Status in “linux” source package in Lucid: Fix Released Bug description: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from Linus' tree or in a minimally backported form of that patch. The 2.6.32.63 upstream stable patch set is now available. It should be included in the Ubuntu kernel as well. git://git.kernel.org/ TEST CASE: TBD The following patches are in the 2.6.32.63 stable release: Linux 2.6.32.63 net: fix regression introduced in 2.6.32.62 by sysctl fixes auditsc: audit_krule mask accesses need bounds checking futex: Prevent attaching to kernel threads ethtool: Report link-down while interface is down The following patches from 2.6.32.63 were not applied as they were already present in the Lucid kernel: futex: Make lookup_pi_state more robust futex: Always cleanup owner tid in unlock_pi futex: Validate atomic acquisition in futex_lock_pi_atomic() futex-prevent-requeue-pi-on-same-futex.patch futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1) The following patch from 2.6.32.63 was dropped as one of futex patches in Lucid seem to implement a slightly different security fix that prevents it from being applied: futex: Add another early deadlock detection check To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1335049/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp