3.13.0-71: IPv6 UDP DNS packets are not received
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | linux (Ubuntu) |
High
|
Kamal Mostafa | ||
| | Trusty |
Undecided
|
Kamal Mostafa | ||
| | Vivid |
Undecided
|
Kamal Mostafa | ||
| | Wily |
Undecided
|
Kamal Mostafa | ||
| | Xenial |
High
|
Kamal Mostafa | ||
| | linux-lts-trusty (Ubuntu) |
High
|
Kamal Mostafa | ||
| | Precise |
Undecided
|
Kamal Mostafa | ||
| | linux-lts-utopic (Ubuntu) |
Undecided
|
Kamal Mostafa | ||
Bug Description
After upgrading linux kernel from version 3.13.0-68 to 3.13.0-71 then Kopete (IM messenger) stopped working, cannot connect to any jabber server.
I started debugging this problem and found out that, problem resolve when I boot back 3.13.0-68 kernel version (without touching any system files or packages). When I boot 3.13.0-71 Kopete always does not connect.
Next I debugged that problem on 3.13.0-71 is just when /etc/resolv.conf contains only IPv6 addresses of DNS servers.
Problem is comes down to dns resolver (jabber in Kopete has its own for SRV records) and syscall recvfrom() (on IPv6 socket) always return error -EAGAIN without any data returned. But wireshark see that DNS response was recevied.
So it looks like that after 3.13.0-68 kernel was included some change which broke receiving UDP packets via IPv6 socket. IPv4 is OK.
| tags: | added: kernel-da-key |
| Changed in linux-lts-trusty (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → High |
| Changed in linux (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → High |
| tags: | added: per |
| tags: |
added: performing-bisect removed: per |
| Joseph Salisbury (jsalisbury) wrote : | #1 |
| Changed in linux (Ubuntu): | |
| assignee: | nobody → Joseph Salisbury (jsalisbury) |
| Changed in linux-lts-trusty (Ubuntu): | |
| assignee: | nobody → Joseph Salisbury (jsalisbury) |
| Changed in linux (Ubuntu): | |
| status: | Triaged → In Progress |
| Changed in linux-lts-trusty (Ubuntu): | |
| status: | Triaged → In Progress |
| Pali (pali) wrote : | #2 |
Now I tested version 3.13.0-
| Pali (pali) wrote : | #3 |
For reproducing just try to use Kopete IM client and try to connect to some jabber server. Kopete must use IPv6 recursive DNS server for translating jabber SRV or A records. DNS server address is read from standard file /etc/resolv.conf.
So if you do not have IPv6 connectivity, you can you start some recursive (or forward) DNS server on IPv6 localhost and set nameserver ::1 in /etc/resolv.conf. This is quick hack, but should work.
I see that NetworkManager on Ubuntu is already using dnsmasq (as forwarder), but does not have enabled IPv6 support on localhost. It automatically add "nameserver 127.0.0.1" line into /etc/resolv.conf.
To tell dnsmasq to listen also on IPv6 localhost add configuration like:
$ echo listen-address=::1 > /etc/NetworkMan
(and reboot)
And set "nameserver ::1" in /etc/resolv.conf (note that NetworkManager is changing that file when reconnecting...)
| tags: | added: regression-update trusty |
| Joseph Salisbury (jsalisbury) wrote : | #4 |
I built a Trusty test kernel with a revert of the three commits mentioned in comment: #1. The test kernel can be downloaded from:
http://
Can you test this kernel and see if it resolves this bug? If it does, then we can narrow which of those three commit is the cause. If the bug still exits, we will probably want to perform a kernel bisect.
Note, with this test kernel, you need to install both the linux-image and linux-image-extra .deb packages.
Thanks in advance!
| Joseph Salisbury (jsalisbury) wrote : | #5 |
Actually that last test kernel for specific to Trusty proper. I'll build one more, but using the trusty-lts repo.
| Joseph Salisbury (jsalisbury) wrote : | #6 |
Ok, a new lts-backport-trusty test kernel is available here:
| Pali (pali) wrote : | #7 |
Now I tested your last build and it does *not* fix this bug :-(
| Joseph Salisbury (jsalisbury) wrote : | #8 |
thanks for testing , pali. I'm going to build one more test kernel. If that does not fix the bug, we'll have to perform a bisect.
| Andy Whitcroft (apw) wrote : | #9 |
I am able to perform dns lookups on a P+T box with -74 (and the OR has separatly confirmed -74 as affected), so this appears to not be systemic:
mru@grovel-
Ubuntu 3.13.0-
mru@grovel-
; <<>> DiG 9.8.1-P1 <<>> aaaa www.google.com @2001:4860:
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33031
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN AAAA
;; ANSWER SECTION:
www.google.com. 299 IN AAAA 2a00:1450:
;; Query time: 39 msec
;; SERVER: 2001:4860:
;; WHEN: Wed Dec 23 19:17:07 2015
;; MSG SIZE rcvd: 60
mru@grovel-
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:19:51.930966 IP6 2001:470:
19:19:51.971448 IP6 2001:4860:
| Pali (pali) wrote : | #10 |
Looks like that program dig is not affected, so not all stub resolvers are non working.
Kopete uses libiris xmpp library which uses jdns resolver. It is 100% reproducable.
I tested also new upstream 4.x kernels and they do not have this problem. Only ubuntu kernels >= 3.13.0-69.
If you need to test jdns library, upstream project has also example dns lookup cmdline tool in git repo:
https:/
(Call it with arg "-6" against some IPv6 DNS server)
I tested it and it reacts exactly same as Kopete, on 3.13.0-69 kernel (and above) just do not receive UDP IPv6 packets. As I wrote in description strace show that every recvfrom() calls just return -EAGAIN. But wireshark see that packets was received.
| Joseph Salisbury (jsalisbury) wrote : | #11 |
I started a kernel bisect between 3.13.0-68 and 3.13.0-69. The kernel bisect will require testing of about 7-10 test kernels.
I built the first test kernel, up to the following commit:
40c4e87e71354cc
The test kernel can be downloaded from:
http://
Can you test that kernel and report back if it has the bug or not? I will build the next test kernel based on your test results.
Thanks in advance
| Joseph Salisbury (jsalisbury) wrote : | #12 |
We may want to perform a reverse bisect as well, since there seems to be a fix in the latest mainline kernel. Could you test the latest upstream 3.13 stable kernel as well, maybe the fix came down through a stable update. The latest upstream stable kernel can be downloaded from:
http://
| Pali (pali) wrote : | #13 |
I tested kernel 3.13.0-68-generic #111~Commit40c4
| Pali (pali) wrote : | #14 |
Now I tested also v3.13.11-
| Joseph Salisbury (jsalisbury) wrote : | #15 |
Sorry for the delay, I was away for holiday break. I'll build the next test kernel and post it shortly.
| Joseph Salisbury (jsalisbury) wrote : | #16 |
I built the next test kernel, up to the following commit:
cc22adac97a74e1
The test kernel can be downloaded from:
http://
Can you test that kernel and report back if it has the bug or not? I will build the next test kernel based on your test results.
Thanks in advance
| Ian Morris (ipm) wrote : | #17 |
I am also seeing problems with UDP ... in my case, TFTP failures. Error message is " service tftp, recvfrom: Resource temporarily unavailable (errno = 11)" in syslog. I suspect this is the same issue: https:/
| Pali (pali) wrote : | #18 |
So it is same error code for recvfrom() on UDP packet. It is possible that it is same problem...
Anyway, currently I cannot test next kernel, so if you cannot reproduce that bug, you need to wait some time after I could test next kernel build...
| Ian Morris (ipm) wrote : | #19 |
I appreciate we might not be chasing the same bug ... so use with caution but here's some extra data points
3.13.0-68 - TFTP works
3.13.0-
| Kamal Mostafa (kamalmostafa) wrote : | #20 |
Good news, everyone! TL;DR:
Pali, I've (finally) managed to reproduce and fix this bug (IPv6 UDP DNS), with your recommendation of the program 'jdns'. For reference, here's my reproduction procedure, on a fresh install of Precise server (a slight variation on a method Pali developed):
sudo apt-get install dnsmasq
echo listen-address=::1 | sudo tee /etc/dnsmasq.d/ipv6
echo nameserver ::1 | sudo resolvconf -a lo.inet6
sudo /etc/init.d/dnsmasq restart
# fetch and build https:/
./jdns -d -6 uni AAAA google.com ::1
... kernel versions >= 3.13.0-
Ian, thanks very much for the pointer! Your mention of Debian bug 808293 led to this pending patch, which does fix this bug (and hopefully your tftp bug also): https:/
Here's an amd64 test kernel which is 3.13.0-
| Changed in linux (Ubuntu): | |
| assignee: | Joseph Salisbury (jsalisbury) → Kamal Mostafa (kamalmostafa) |
| Changed in linux-lts-trusty (Ubuntu): | |
| assignee: | Joseph Salisbury (jsalisbury) → Kamal Mostafa (kamalmostafa) |
| Ian Morris (ipm) wrote : | #21 |
Hello Kamal,
Yes, running, linux-image-
Thanks!
| no longer affects: | linux-lts-trusty (Ubuntu Trusty) |
| no longer affects: | linux-lts-trusty (Ubuntu Vivid) |
| no longer affects: | linux-lts-trusty (Ubuntu Wily) |
| no longer affects: | linux-lts-trusty (Ubuntu Xenial) |
| no longer affects: | linux (Ubuntu Precise) |
| Changed in linux (Ubuntu Xenial): | |
| status: | In Progress → Fix Committed |
| Changed in linux (Ubuntu Wily): | |
| status: | New → Fix Committed |
| Changed in linux (Ubuntu Vivid): | |
| status: | New → Fix Committed |
| Changed in linux (Ubuntu Trusty): | |
| status: | New → Fix Committed |
| Changed in linux-lts-utopic (Ubuntu): | |
| status: | New → Fix Committed |
| Changed in linux (Ubuntu Trusty): | |
| assignee: | nobody → Kamal Mostafa (kamalmostafa) |
| Changed in linux (Ubuntu Vivid): | |
| assignee: | nobody → Kamal Mostafa (kamalmostafa) |
| Changed in linux (Ubuntu Wily): | |
| assignee: | nobody → Kamal Mostafa (kamalmostafa) |
| Changed in linux-lts-trusty (Ubuntu Precise): | |
| assignee: | nobody → Kamal Mostafa (kamalmostafa) |
| Changed in linux-lts-utopic (Ubuntu): | |
| assignee: | nobody → Kamal Mostafa (kamalmostafa) |
| Changed in linux-lts-trusty (Ubuntu Precise): | |
| status: | New → In Progress |
| Changed in linux-lts-trusty (Ubuntu): | |
| status: | In Progress → Invalid |
| Luis Henriques (henrix) wrote : | #22 |
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
| tags: | added: verification-needed-vivid |
| Kamal Mostafa (kamalmostafa) wrote : | #23 |
Verified ok in Vivid 3.19.0-46.52 (proposed): The bug can't be reproduced in 3.19 (a separate upstream fix hides it), but this patch doesn't appear to break anything and does eliminate an unnecessary double checksum computation.
| tags: |
added: verification-done-vivid removed: verification-needed-vivid |
| Pali (pali) wrote : | #24 |
@Kamal: I tested your build 3.13.0-69-generic #112~precise1+
| Kamal Mostafa (kamalmostafa) wrote : | #25 |
Thanks for verifying that Pali. The fix is in the pipeline for all affected Ubuntu kernels.
| Luis Henriques (henrix) wrote : | #26 |
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
| tags: | added: verification-needed-wily |
| Kamal Mostafa (kamalmostafa) wrote : | #27 |
Verified ok in Wily 4.2.0-27.32 (proposed): The bug can't be reproduced in 4.2 (a separate upstream fix hides it), but this patch doesn't appear to break anything and does eliminate an unnecessary double checksum computation.
| tags: |
added: verification-done-wily removed: verification-needed-wily |
| Launchpad Janitor (janitor) wrote : | #28 |
This bug was fixed in the package linux - 4.4.0-2.16
---------------
linux (4.4.0-2.16) xenial; urgency=low
[ Andy Whitcroft ]
* Release Tracking Bug
- LP: #1539090
* SAUCE: hv: hv_set_ifconfig -- convert to python3
- LP: #1506521
* SAUCE: dm: introduce a target_ioctl op to allow target specific ioctls
- LP: #1538618
[ Colin Ian King ]
* SAUCE: ACPI / tables: Add acpi_force_
bit FADT addresses (LP: #1529381)
- LP: #1529381
[ John Johansen ]
* SAUCE: (no-up): apparmor: fix for failed mediation of socket that is
being shutdown
- LP: #1446906
[ Mahesh Salgaonkar ]
* SAUCE: Powernv: Remove the usage of PACAR1 from opal wrappers
- LP: #1537881
* SAUCE: powerpc/book3s: Fix TB corruption in guest exit path on HMI
interrupt.
- LP: #1537881
* SAUCE: KVM: PPC: Book3S HV: Fix soft lockups in KVM on HMI for time
base errors
- LP: #1537881
[ Paolo Pisati ]
* SAUCE: arm64: errata: Add -mpc-relative-
#843419 build flags
- LP: #1533009
* [Config] MFD_TPS65217=y && REGULATOR_
* [Config] disable ARCH_ZX (ZTE ZX Soc)
[ Tim Gardner ]
* Revert "SAUCE: (noup) cxlflash: a couple off by one bugs"
* SAUCE: (no-up) Update bnx2x firmware to 7.12.30.0
- LP: #1536719
* SAUCE: drop obsolete bnx2x firmware
* SAUCE: i40e: Silence 'may be used uninitialized' warnings
- LP: #1536474
* [Config] CONFIG_ZONE_DMA=y for amd64 lowlatency
- LP: #1534647
* [Config] Add pvpanic to virtual flavour
- LP: #1537923
* [Config] CONFIG_
- LP: #1520457
[ Upstream Kernel Changes ]
* i40evf: fix compiler warning of unused variable
- LP: #1536474
* intel: i40e: fix confused code
- LP: #1536474
* i40e/i40evf: remove unused tunnel parameter
- LP: #1536474
* i40e: Change BUG_ON to WARN_ON in service event complete
- LP: #1536474
* i40e: remove BUG_ON from feature string building
- LP: #1536474
* i40e: remove BUG_ON from FCoE setup
- LP: #1536474
* i40e: Workaround fix for mss < 256 issue
- LP: #1536474
* i40e/i40evf: Add a stat to track how many times we have to do a force
WB
- LP: #1536474
* i40e: Move the saving of old link info from handle_link_event to
link_event
- LP: #1536474
* i40e/i40evf: Add comment to #endif
- LP: #1536474
* i40e/i40evf: clean up error messages
- LP: #1536474
* i40evf: handle many MAC filters correctly
- LP: #1536474
* i40e: return the number of enabled queues for ETHTOOL_GRXRINGS
- LP: #1536474
* i40e: rework the functions to configure RSS with similar parameters
- LP: #1536474
* i40e: create a generic configure rss function
- LP: #1536474
* i40e: Bump version to 1.4.2
- LP: #1536474
* i40e: add new fields to store user configuration
- LP: #1536474
* i40e: rename rss_size to alloc_rss_size in i40e_pf
- LP: #1536474
* i40e/i40evf: Fix RS bit update in Tx path and disable force WB
workaround
- LP: #1536474
* i40e/i40evf: prefetch skb data on transmit
- LP: #1536474
* i40evf: rename VF adapter s...
| Changed in linux (Ubuntu Xenial): | |
| status: | Fix Committed → Fix Released |
Hi Kamal! When will be this bug fixed in precise kernel release?
| Launchpad Janitor (janitor) wrote : | #30 |
This bug was fixed in the package linux - 4.2.0-27.32
---------------
linux (4.2.0-27.32) wily; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #1536867
[ Andy Whitcroft ]
* SAUCE: (no-up) add compat_uts_machine= kernel command line override
- LP: #1520627
[ Colin Ian King ]
* SAUCE: (no-up) ACPI / tables: Add acpi_force_
force 32 bit FADT addresses
- LP: #1529381
[ Eric Dumazet ]
* SAUCE: (no-up) udp: properly support MSG_PEEK with truncated buffers
- LP: #1527902
[ Guilherme G. Piccoli ]
* SAUCE: powerpc/eeh: Validate arch in eeh_add_
- LP: #1486180
[ Tim Gardner ]
* SAUCE: (no-up) Revert "[SCSI] libiscsi: Reduce locking contention in
fast path"
- LP: #1517142
* [Config] Add DRM ast driver to udeb installer image
- LP: #1514711
[ Upstream Kernel Changes ]
* net/mlx5e: Re-eanble client vlan TX acceleration
- LP: #1533249
* net/mlx5e: Fix LSO vlan insertion
- LP: #1533249
* net/mlx5e: Fix inline header size calculation
- LP: #1533249
* net: usb: cdc_ncm: Adding Dell DW5812 LTE Verizon Mobile Broadband Card
- LP: #1533118
* net: usb: cdc_ncm: Adding Dell DW5813 LTE AT&T Mobile Broadband Card
- LP: #1533118
* powerpc/eeh: Fix recursive fenced PHB on Broadcom shiner adapter
- LP: #1532942
linux (4.2.0-26.31) wily; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1535795
* Merged back Ubuntu-4.2.0-25.30
-- Brad Figg <email address hidden> Thu, 21 Jan 2016 18:44:37 -0800
| Changed in linux (Ubuntu Wily): | |
| status: | Fix Committed → Fix Released |
| Kamal Mostafa (kamalmostafa) wrote : | #31 |
@Pali- The 3.13 kernel (for Trusty and Precise) including this fix is planned for this week, so it should appear in 'Proposed' within the next few days -- then the usual week more of baking time before actual release. Sorry for the delay, and thanks for your patience!
| Andy Whitcroft (apw) wrote : | #32 |
Fix released in 3.19.0-47.53
| Changed in linux (Ubuntu Vivid): | |
| status: | Fix Committed → Fix Released |
| Brad Figg (brad-figg) wrote : | #33 |
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/
| tags: | added: verification-needed-trusty |
| Kamal Mostafa (kamalmostafa) wrote : | #34 |
Verified ok in Trusty (3.13.0-78.122) and Precise (3.13.0-
| tags: |
added: verification-done-trusty removed: performing-bisect verification-needed-trusty |
I think that unlike the bug title and description suggest, this bug is not limited to IPv6. I am having the same problem with FreeRADIUS when RADIUS packets are received over IPv4. This problem is fixed by the Kernel from trusty-proposed, too.
Actually, this problem looks a lot like a regression that already appeared in 3.13.0-66 and was fixed in 3.13.0-67 (see bug #1510213 which turned out to be the same problem as tracked in #1508510). So maybe, some measures should be taken to ensure that this regression does not make it into a released kernel again but it is detected during QA.
A side note regading the problem with FreeRADIUS: I only had this problem on a multi-core multi-socket machine. On a multi-core single-socket machine, it did not appear, but this might just have been a coincidence.
| Launchpad Janitor (janitor) wrote : | #36 |
This bug was fixed in the package linux - 3.13.0-79.123
---------------
linux (3.13.0-79.123) trusty; urgency=low
[ Seth Forshee ]
* SAUCE: cred: Add clone_cred() interface
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Use mounter's credentials instead of full kernel
credentials
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.*
xattrs
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Be more careful about copying up sxid files
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Propogate nosuid from lower and upper mounts
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
linux (3.13.0-78.122) trusty; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #1540559
[ Eric Dumazet ]
* SAUCE: (no-up) udp: properly support MSG_PEEK with truncated buffers
- LP: #1527902
[ J. R. Okajima ]
* SAUCE: ubuntu: aufs: tiny, extract a new func xino_fwrite_wkq()
- LP: #1533043
* SAUCE: ubuntu: aufs: for 4.3, XINO handles EINTR from the dying process
- LP: #1533043
[ Upstream Kernel Changes ]
* Revert "[stable-only] net: add length argument to
skb_
- LP: #1538756
* unregister_
- LP: #1525324
* rtnetlink: delay RTM_DELLINK notification until after ndo_uninit()
- LP: #1525324
* Drivers: hv: Eliminate the channel spinlock in the callback path
- LP: #1519897
* Drivers: hv: vmbus: Implement per-CPU mapping of relid to channel
- LP: #1519897
* Drivers: hv: vmbus: Suport an API to send pagebuffers with additional
control
- LP: #1519897
* Drivers: hv: vmbus: Suport an API to send packet with additional
control
- LP: #1519897
* Drivers: hv: vmbus: Export the vmbus_sendpacke
- LP: #1519897
* Drivers: hv: vmbus: Fix a siganlling host signalling issue
- LP: #1519897
* Drivers: hv: vmbus: Fix a Host signaling bug
- LP: #1519897
* ARC: Fix silly typo in MAINTAINERS file
- LP: #1538756
* ip6mr: call del_timer_sync() in ip6mr_free_table()
- LP: #1538756
* gre6: allow to update all parameters via rtnl
- LP: #1538756
* atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation
- LP: #1538756
* sctp: use the same clock as if sock source timestamps were on
- LP: #1538756
* sctp: update the netstamp_needed counter when copying sockets
- LP: #1538756
* ipv6: sctp: clone options to avoid use after free
- LP: #1538756
* net: add validation for the socket syscall protocol argument
- LP: #1538756
* sh_eth: fix kernel oops in skb_put()
- LP: #1538756
* pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
- LP: #1538756
* bluetooth: Validate socket address length in sco_sock_bind().
- LP: #1538756
* af_unix: Revert 'lock_interrupt
- LP: #1538756
* KEYS: Fix race between read and revoke
- LP: #1538756
* tools: Add a "make all" rule
- LP: #1538...
| Changed in linux (Ubuntu Trusty): | |
| status: | Fix Committed → Fix Released |
| Launchpad Janitor (janitor) wrote : | #37 |
This bug was fixed in the package linux-lts-utopic - 3.16.0-
---------------
linux-lts-utopic (3.16.0-
[ Seth Forshee ]
* SAUCE: cred: Add clone_cred() interface
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Use mounter's credentials instead of selectively
raising caps
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.*
xattrs
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Be more careful about copying up sxid files
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Propogate nosuid from lower and upper mounts
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
linux-lts-utopic (3.16.0-
[ Brad Figg ]
* Release Tracking Bug
- LP: #1541076
[ Eric Dumazet ]
* SAUCE: (no-up) udp: properly support MSG_PEEK with truncated buffers
- LP: #1527902
[ J. R. Okajima ]
* SAUCE: ubuntu: aufs: tiny, extract a new func xino_fwrite_wkq()
- LP: #1533043
* SAUCE: ubuntu: aufs: for 4.3, XINO handles EINTR from the dying process
- LP: #1533043
[ Upstream Kernel Changes ]
* Revert "[stable-only] net: add length argument to
skb_
- LP: #1540412
* xfrm: dst_entries_init() per-net dst_ops
- LP: #1486670
* fuse: break infinite loop in fuse_fill_
- LP: #1540412
* usb: gadget: pxa27x: fix suspend callback
- LP: #1540412
* iio: fix some warning messages
- LP: #1540412
* USB: cp210x: Remove CP2110 ID from compatibility list
- LP: #1540412
* USB: cdc_acm: Ignore Infineon Flash Loader utility
- LP: #1540412
* USB: serial: Another Infineon flash loader USB ID
- LP: #1540412
* ext4: Fix handling of extended tv_sec
- LP: #1540412
* jbd2: Fix unreclaimed pages after truncate in data=journal mode
- LP: #1540412
* drm/ttm: Fixed a read/write lock imbalance
- LP: #1540412
* AHCI: Fix softreset failed issue of Port Multiplier
- LP: #1540412
* sata_sil: disable trim
- LP: #1540412
* usb-storage: Fix scsi-sd failure "Invalid field in cdb" for USB adapter
JMicron
- LP: #1540412
* staging: lustre: echo_copy.._lsm() dereferences userland pointers
directly
- LP: #1540412
* irqchip/
- LP: #1540412
* usb: core : hub: Fix BOS 'NULL pointer' kernel panic
- LP: #1540412
* USB: whci-hcd: add check for dma mapping error
- LP: #1540412
* usb: Use the USB_SS_MULT() macro to decode burst multiplier for log
message
- LP: #1540412
* dm btree: fix leak of bufio-backed block in btree_split_sibling error
path
- LP: #1540412
* perf: Fix PERF_EVENT_
- LP: #1540412
* usb: xhci: fix config fail of FS hub behind a HS hub with MTT
- LP: #1540412
* ALSA: rme96: Fix unexpected volume reset after rate changes
- LP: #1540412
* ALSA: hda - Add inverted dmic for Packard Bell DOTS
- LP: #1523232, #1540412
* v...
| Changed in linux-lts-utopic (Ubuntu): | |
| status: | Fix Committed → Fix Released |
| status: | Fix Committed → Fix Released |
| Launchpad Janitor (janitor) wrote : | #39 |
This bug was fixed in the package linux-lts-trusty - 3.13.0-
---------------
linux-lts-trusty (3.13.0-
[ Seth Forshee ]
* SAUCE: cred: Add clone_cred() interface
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Use mounter's credentials instead of full kernel
credentials
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.*
xattrs
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Be more careful about copying up sxid files
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
* SAUCE: overlayfs: Propogate nosuid from lower and upper mounts
- LP: #1534961, #1535150
- CVE-2016-1575 CVE-2016-1576
linux (3.13.0-78.122) trusty; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #1540559
[ Eric Dumazet ]
* SAUCE: (no-up) udp: properly support MSG_PEEK with truncated buffers
- LP: #1527902
[ J. R. Okajima ]
* SAUCE: ubuntu: aufs: tiny, extract a new func xino_fwrite_wkq()
- LP: #1533043
* SAUCE: ubuntu: aufs: for 4.3, XINO handles EINTR from the dying process
- LP: #1533043
[ Upstream Kernel Changes ]
* Revert "[stable-only] net: add length argument to
skb_
- LP: #1538756
* unregister_
- LP: #1525324
* rtnetlink: delay RTM_DELLINK notification until after ndo_uninit()
- LP: #1525324
* Drivers: hv: Eliminate the channel spinlock in the callback path
- LP: #1519897
* Drivers: hv: vmbus: Implement per-CPU mapping of relid to channel
- LP: #1519897
* Drivers: hv: vmbus: Suport an API to send pagebuffers with additional
control
- LP: #1519897
* Drivers: hv: vmbus: Suport an API to send packet with additional
control
- LP: #1519897
* Drivers: hv: vmbus: Export the vmbus_sendpacke
- LP: #1519897
* Drivers: hv: vmbus: Fix a siganlling host signalling issue
- LP: #1519897
* Drivers: hv: vmbus: Fix a Host signaling bug
- LP: #1519897
* ARC: Fix silly typo in MAINTAINERS file
- LP: #1538756
* ip6mr: call del_timer_sync() in ip6mr_free_table()
- LP: #1538756
* gre6: allow to update all parameters via rtnl
- LP: #1538756
* atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation
- LP: #1538756
* sctp: use the same clock as if sock source timestamps were on
- LP: #1538756
* sctp: update the netstamp_needed counter when copying sockets
- LP: #1538756
* ipv6: sctp: clone options to avoid use after free
- LP: #1538756
* net: add validation for the socket syscall protocol argument
- LP: #1538756
* sh_eth: fix kernel oops in skb_put()
- LP: #1538756
* pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
- LP: #1538756
* bluetooth: Validate socket address length in sco_sock_bind().
- LP: #1538756
* af_unix: Revert 'lock_interrupt
- LP: #1538756
* KEYS: Fix race between read and revoke
- LP: #1538756
* too...
| Changed in linux-lts-trusty (Ubuntu Precise): | |
| status: | In Progress → Fix Released |
Hi Pali,
I'd like to try and reproduce this bug. Can you list the steps I would need to perform to reproduce the bug? Would it just be to use the Kopete client and try to connect to a jabber server?
Also, do I need to do some network reconfiguration? I am currently using IPv4, and do not have IPv6 configured.
I'm also going to build a test kernel for you to try with the following three commits reverted:
538c22c net/ipv6: Correct PIM6 mrt_lock handling
483d538 [stable-only] net: add length argument to skb_copy_
16b7201 ipv6: fix exthdrs offload registration in out_rt path
If that does not fix the issue, we can perform a kernel bisect to identify the exact commit that introduced the regression.