This bug was fixed in the package linux-ec2 - 2.6.32-368.84 --------------- linux-ec2 (2.6.32-368.84) lucid; urgency=low
[ Andy Whitcroft ] * pull in missing CVE changelog * Ubuntu-2.6.32-368.84 [ Ubuntu: 2.6.32-64.128 ] * l2tp: Privilege escalation in ppp over l2tp sockets - LP: #1341472 - CVE-2014-4943 linux-ec2 (2.6.32-368.83) lucid; urgency=low [ Stefan Bader ] * Rebased to Ubuntu-2.6.32-64.127 * Release Tracking Bug - LP: #1339215 [ Ubuntu: 2.6.32-64.127 ] * Merged back Ubuntu-2.6.32-62.126 security release * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)" - LP: #1337339 * ptrace,x86: force IRET path after a ptrace_stop() - LP: #1337339 - CVE-2014-4699 linux-ec2 (2.6.32-367.82) lucid; urgency=low [ Stefan Bader ] * Rebased to Ubuntu-2.6.32-63.126 * Release Tracking Bug - LP: #1336142 [ Ubuntu: 2.6.32-63.126 ] * net: check net.core.somaxconn sysctl values - LP: #1321293 * sysctl net: Keep tcp_syn_retries inside the boundary - LP: #1321293 * ethtool: Report link-down while interface is down - LP: #1335049 * futex: Prevent attaching to kernel threads - LP: #1335049 * auditsc: audit_krule mask accesses need bounds checking - LP: #1335049 * net: fix regression introduced in 2.6.32.62 by sysctl fixes - LP: #1335049 * Linux 2.6.32.63 - LP: #1335049 * lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c - LP: #1335313 - CVE-2014-4608 * lib/lzo: Update LZO compression to current upstream version - LP: #1335313 - CVE-2014-4608 * lzo: properly check for overruns - LP: #1335313 - CVE-2014-4608 -- Andy Whitcroft <a...@canonical.com> Mon, 14 Jul 2014 17:31:51 +0100 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-armadaxp in Ubuntu. https://bugs.launchpad.net/bugs/1335313 Title: CVE-2014-4608 Status in “linux” package in Ubuntu: Fix Committed Status in “linux-armadaxp” package in Ubuntu: Invalid Status in “linux-ec2” package in Ubuntu: Invalid Status in “linux-fsl-imx51” package in Ubuntu: Invalid Status in “linux-lts-backport-maverick” package in Ubuntu: New Status in “linux-lts-backport-natty” package in Ubuntu: New Status in “linux-lts-quantal” package in Ubuntu: Invalid Status in “linux-lts-raring” package in Ubuntu: Invalid Status in “linux-lts-saucy” package in Ubuntu: Invalid Status in “linux-mvl-dove” package in Ubuntu: Invalid Status in “linux-ti-omap4” package in Ubuntu: Invalid Status in “linux” source package in Lucid: Fix Released Status in “linux-armadaxp” source package in Lucid: Invalid Status in “linux-ec2” source package in Lucid: Fix Released Status in “linux-fsl-imx51” source package in Lucid: Invalid Status in “linux-lts-backport-maverick” source package in Lucid: New Status in “linux-lts-backport-natty” source package in Lucid: New Status in “linux-lts-quantal” source package in Lucid: Invalid Status in “linux-lts-raring” source package in Lucid: Invalid Status in “linux-lts-saucy” source package in Lucid: Invalid Status in “linux-mvl-dove” source package in Lucid: Invalid Status in “linux-ti-omap4” source package in Lucid: Invalid Status in “linux” source package in Precise: Fix Committed Status in “linux-armadaxp” source package in Precise: Fix Committed Status in “linux-ec2” source package in Precise: Invalid Status in “linux-fsl-imx51” source package in Precise: Invalid Status in “linux-lts-backport-maverick” source package in Precise: New Status in “linux-lts-backport-natty” source package in Precise: New Status in “linux-lts-quantal” source package in Precise: Fix Committed Status in “linux-lts-raring” source package in Precise: Fix Committed Status in “linux-lts-saucy” source package in Precise: Fix Released Status in “linux-mvl-dove” source package in Precise: Invalid Status in “linux-ti-omap4” source package in Precise: New Status in “linux” source package in Saucy: Fix Committed Status in “linux-armadaxp” source package in Saucy: Invalid Status in “linux-ec2” source package in Saucy: Invalid Status in “linux-fsl-imx51” source package in Saucy: Invalid Status in “linux-lts-backport-maverick” source package in Saucy: New Status in “linux-lts-backport-natty” source package in Saucy: New Status in “linux-lts-quantal” source package in Saucy: Invalid Status in “linux-lts-raring” source package in Saucy: Invalid Status in “linux-lts-saucy” source package in Saucy: Invalid Status in “linux-mvl-dove” source package in Saucy: Invalid Status in “linux-ti-omap4” source package in Saucy: New Status in “linux” source package in Trusty: Fix Committed Status in “linux-armadaxp” source package in Trusty: Invalid Status in “linux-ec2” source package in Trusty: Invalid Status in “linux-fsl-imx51” source package in Trusty: Invalid Status in “linux-lts-backport-maverick” source package in Trusty: New Status in “linux-lts-backport-natty” source package in Trusty: New Status in “linux-lts-quantal” source package in Trusty: Invalid Status in “linux-lts-raring” source package in Trusty: Invalid Status in “linux-lts-saucy” source package in Trusty: Invalid Status in “linux-mvl-dove” source package in Trusty: Invalid Status in “linux-ti-omap4” source package in Trusty: Invalid Status in “linux” source package in Utopic: Fix Committed Status in “linux-armadaxp” source package in Utopic: Invalid Status in “linux-ec2” source package in Utopic: Invalid Status in “linux-fsl-imx51” source package in Utopic: Invalid Status in “linux-lts-backport-maverick” source package in Utopic: New Status in “linux-lts-backport-natty” source package in Utopic: New Status in “linux-lts-quantal” source package in Utopic: Invalid Status in “linux-lts-raring” source package in Utopic: Invalid Status in “linux-lts-saucy” source package in Utopic: Invalid Status in “linux-mvl-dove” source package in Utopic: Invalid Status in “linux-ti-omap4” source package in Utopic: Invalid Bug description: ** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype." Break-Fix: 64c70b1cf43de158282bc1675918d503e5b15cc1 206a81c18401c0cde6e579164f752c4b147324ce To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1335313/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp