Ubuntu
linux package

Lucid update to 2.6.32.65 stable release

Bug #1403918 reported by Luis Henriques
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned
Lucid
Fix Released
Undecided
Unassigned

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from Linus' tree or in a minimally
       backported form of that patch. The 2.6.32.65 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

       The following patches are in the 2.6.32.65 stable release:

x86, 64-bit: Move K8 B step iret fixup to fault entry asm
x86-64: Adjust frame type at paranoid_exit:
x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
x86-32, espfix: Remove filter for espfix32 due to race
x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
x86, espfix: Move espfix definitions into a separate header file
x86, espfix: Fix broken header guard
x86, espfix: Make espfix64 a Kconfig option, fix UML
x86, espfix: Make it possible to disable 16-bit support
x86_64/entry/xen: Do not invoke espfix64 on Xen
x86/espfix/xen: Fix allocation of pages for paravirt page tables
x86_64, traps: Stop using IST for #SS
x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C
x86_64, traps: Rework bad_iret

The following patches from the stable release have been dropped (some were actually already applied to Lucid):

net: sendmsg: fix failed backport of "fix NULL pointer dereference"
net/l2tp: don't fall back on UDP [get|set]sockopt
ALSA: control: Don't access controls outside of protected regions
ALSA: control: Fix replacing user controls
USB: whiteheat: Added bounds checking for bulk command response
net: sctp: fix panic on duplicate ASCONF chunks
net: sctp: fix remote memory pressure from excessive queueing
udf: Avoid infinite loop when processing indirect ICBs
net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet
mac80211: fix fragmentation code, particularly for encryption
ttusb-dec: buffer overflow in ioctl
vlan: Don't propagate flag changes on down interfaces.
sctp: Fix double-free introduced by bad backport in 2.6.32.62
md/raid6: Fix misapplied backport in 2.6.32.64
block: add missing blk_queue_dead() checks
block: Fix blk_execute_rq_nowait() dead queue handling
cciss: Fix misapplied "cciss: fix info leak in cciss_ioctl32_passthru()"
proc connector: Delete spurious memset in proc_exit_connector()
Linux 2.6.32.65

See original description

CVE References

Luis Henriques (henrix)
tags: added: kernel-stable-tracking-bug
Luis Henriques (henrix)
description: updated
Luis Henriques (henrix)
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-71.138

---------------
linux (2.6.32-71.138) lucid; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1403943

  [ Luis Henriques ]

  * [Config] updateconfigs CONFIG_X86_16BIT=y after v2.6.32.65 update

  [ Upstream Kernel Changes ]

  * KVM: x86: Check non-canonical addresses upon WRMSR
    - LP: #1384539
    - CVE-2014-3610
  * KVM: x86: Improve thread safety in pit
    - LP: #1384540
    - CVE-2014-3611
  * net:socket: set msg_namelen to 0 if msg_name is passed as NULL in
    msghdr struct from userland.
    - LP: #1335478
  * x86, 64-bit: Move K8 B step iret fixup to fault entry asm
    - LP: #1403918
  * x86-64: Adjust frame type at paranoid_exit:
    - LP: #1403918
  * x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
    - LP: #1403918
  * x86-32, espfix: Remove filter for espfix32 due to race
    - LP: #1403918
  * x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
    - LP: #1403918
  * x86, espfix: Move espfix definitions into a separate header file
    - LP: #1403918
  * x86, espfix: Fix broken header guard
    - LP: #1403918
  * x86, espfix: Make espfix64 a Kconfig option, fix UML
    - LP: #1403918
  * x86, espfix: Make it possible to disable 16-bit support
    - LP: #1403918
  * x86_64/entry/xen: Do not invoke espfix64 on Xen
    - LP: #1403918
  * x86/espfix/xen: Fix allocation of pages for paravirt page tables
    - LP: #1403918
  * x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C
    - LP: #1403918
  * x86_64, traps: Rework bad_iret
    - LP: #1403918
 -- Luis Henriques <email address hidden> Thu, 18 Dec 2014 16:22:56 +0000

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Mathew Hodson (mhodson)
Changed in linux (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.