Ubuntu

CVE-2013-0190

Reported by John Johansen on 2013-01-21
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Luis Henriques
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-armadaxp (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-ec2 (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-fsl-imx51 (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-lts-backport-maverick (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-lts-backport-natty (Ubuntu)
Undecided
Unassigned
Hardy
Undecided
Unassigned
Lucid
Undecided
Unassigned
Oneiric
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
Undecided
Unassigned
Saucy
Undecided
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-lts-quantal (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-mvl-dove (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
linux-ti-omap4 (Ubuntu)
Medium
Unassigned
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned

Bug Description

The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption.

Break-Fix: 5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 9174adbee4a9a49d0139f5d71969852b36720809

John Johansen (jjohansen) wrote :

CVE-2013-0190

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Raring):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Hardy):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Raring):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Raring):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Raring):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Raring):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → Medium
Luis Henriques (henrix) on 2013-01-30
Changed in linux (Ubuntu Lucid):
assignee: nobody → Luis Henriques (henrix)
status: New → In Progress
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux (Ubuntu Raring):
status: New → Fix Committed
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Oneiric):
status: Fix Committed → Fix Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-45.103

---------------
linux (2.6.32-45.103) lucid-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1118467

  [ Tim Gardner ]

  * [debian] Remove dangling symlink from headers package
    - LP: #1112442

  [ Upstream Kernel Changes ]

  * xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS
    guests.
    - LP: #1102374
    - CVE-2013-0190
 -- Luis Henriques <email address hidden> Thu, 07 Feb 2013 15:38:42 +0000

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ec2 - 2.6.32-350.60

---------------
linux-ec2 (2.6.32-350.60) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-45.103
  * Release Tracking Bug
    - LP: #1119764

  [ Ubuntu: 2.6.32-45.103 ]

  * [debian] Remove dangling symlink from headers package
    - LP: #1112442
  * xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS
    guests.
    - LP: #1102374
    - CVE-2013-0190
 -- Stefan Bader <email address hidden> Tue, 12 Feb 2013 14:47:51 +0100

Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed' to 'verification-done'.

If verification is not done by one week from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Launchpad Janitor (janitor) wrote :
Download full text (15.4 KiB)

This bug was fixed in the package linux - 3.2.0-39.62

---------------
linux (3.2.0-39.62) precise-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1134424

  [ Herton Ronaldo Krzesinski ]

  * Revert "SAUCE: samsung-laptop: disable in UEFI mode"
    - LP: #1117693
  * d-i: Add mellanox ethernet drivers to nic-modules
    - LP: #1015339

  [ Ian Campbell ]

  * SAUCE: xen/netback: shutdown the ring if it contains garbage.
    - LP: #1117325
    - CVE-2013-0216
  * SAUCE: netback: correct netbk_tx_err to handle wrap around.
    - LP: #1117325
    - CVE-2013-0216
  * SAUCE: xen/netback: don't leak pages on failure in
    xen_netbk_tx_check_gop.
    - LP: #1117331
    - CVE-2013-0217
  * SAUCE: xen/netback: free already allocated memory on failure in
    xen_netbk_get_requests
    - LP: #1117331
    - CVE-2013-0217

  [ Jan Beulich ]

  * SAUCE: xen-pciback: rate limit error messages from
    xen_pcibk_enable_msi{, x}()
    - LP: #1117336
    - CVE-2013-0231

  [ Tim Gardner ]

  * [debian] Remove dangling symlink from headers package
    - LP: #1112442
  * SAUCE: rt2x00: rt2x00pci_regbusy_read() - only print register access
    failure once
    - LP: #1128840

  [ Upstream Kernel Changes ]

  * Revert "ALSA: hda - Shut up pins at power-saving mode with Conexnat
    codecs"
    - LP: #1117693, #886975
  * Revert "drm/i915: no lvds quirk for Zotac ZDBOX SD ID12/ID13"
    - LP: #1117693
  * Revert "ptrace: ensure arch_ptrace/ptrace_request can never race with
    SIGKILL"
    - LP: #1131218
  * SAUCE: xen/pv-spinlock: Never enable interrupts in xen_spin_lock_slow()
    - LP: #1011792
  * usb: gadget: dummy: fix enumeration with g_multi
    - LP: #1117693
  * usb: musb: core: print new line in the driver banner again
    - LP: #1117693
  * virtio-blk: Don't free ida when disk is in use
    - LP: #1117693
  * mac80211: use del_timer_sync for final sta cleanup timer deletion
    - LP: #1117693
  * xhci: Handle HS bulk/ctrl endpoints that don't NAK.
    - LP: #1117693
  * USB: Handle auto-transition from hot to warm reset.
    - LP: #1117693
  * USB: Ignore xHCI Reset Device status.
    - LP: #1117693
  * USB: Allow USB 3.0 ports to be disabled.
    - LP: #1117693
  * USB: Increase reset timeout.
    - LP: #1117693
  * USB: Ignore port state until reset completes.
    - LP: #1117693
  * USB: Handle warm reset failure on empty port.
    - LP: #1117693
  * xhci: Avoid "dead ports", add roothub port polling.
    - LP: #1117693
  * ASoC: wm5100: Remove DSP B and left justified formats
    - LP: #1117693
  * mwifiex: handle association failure case correctly
    - LP: #1117693
  * mwifiex: check wait_event_interruptible return value
    - LP: #1117693
  * ASoC: wm2000: Fix sense of speech clarity enable
    - LP: #1117693
  * ioat: Fix DMA memory sync direction correct flag
    - LP: #1117693
  * drm/i915; Only increment the user-pin-count after successfully pinning
    the bo
    - LP: #1117693
  * staging: r8712u: Add new device ID
    - LP: #1117693
  * staging: speakup: avoid out-of-range access in synth_init()
    - LP: #1117693
  * staging: speakup: avoid out-of-range access in synth_add()
    - LP: #1117693
  * staging: come...

Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (15.4 KiB)

This bug was fixed in the package linux-armadaxp - 3.2.0-1615.23

---------------
linux-armadaxp (3.2.0-1615.23) precise-proposed; urgency=low

  [ Ike Panhc ]

  * Release Tracking Bug
    - LP: #1135175
  * Rebase onto Ubuntu-3.2.0-39.62

  [ Ubuntu: 3.2.0-39.62 ]

  * Release Tracking Bug
    - LP: #1134424
  * Revert "SAUCE: samsung-laptop: disable in UEFI mode"
    - LP: #1117693
  * d-i: Add mellanox ethernet drivers to nic-modules
    - LP: #1015339
  * SAUCE: xen/netback: shutdown the ring if it contains garbage.
    - LP: #1117325
    - CVE-2013-0216
  * SAUCE: netback: correct netbk_tx_err to handle wrap around.
    - LP: #1117325
    - CVE-2013-0216
  * SAUCE: xen/netback: don't leak pages on failure in
    xen_netbk_tx_check_gop.
    - LP: #1117331
    - CVE-2013-0217
  * SAUCE: xen/netback: free already allocated memory on failure in
    xen_netbk_get_requests
    - LP: #1117331
    - CVE-2013-0217
  * SAUCE: xen-pciback: rate limit error messages from
    xen_pcibk_enable_msi{, x}()
    - LP: #1117336
    - CVE-2013-0231
  * [debian] Remove dangling symlink from headers package
    - LP: #1112442
  * SAUCE: rt2x00: rt2x00pci_regbusy_read() - only print register access
    failure once
    - LP: #1128840
  * Revert "ALSA: hda - Shut up pins at power-saving mode with Conexnat
    codecs"
    - LP: #1117693, #886975
  * Revert "drm/i915: no lvds quirk for Zotac ZDBOX SD ID12/ID13"
    - LP: #1117693
  * Revert "ptrace: ensure arch_ptrace/ptrace_request can never race with
    SIGKILL"
    - LP: #1131218
  * SAUCE: xen/pv-spinlock: Never enable interrupts in xen_spin_lock_slow()
    - LP: #1011792
  * usb: gadget: dummy: fix enumeration with g_multi
    - LP: #1117693
  * usb: musb: core: print new line in the driver banner again
    - LP: #1117693
  * virtio-blk: Don't free ida when disk is in use
    - LP: #1117693
  * mac80211: use del_timer_sync for final sta cleanup timer deletion
    - LP: #1117693
  * xhci: Handle HS bulk/ctrl endpoints that don't NAK.
    - LP: #1117693
  * USB: Handle auto-transition from hot to warm reset.
    - LP: #1117693
  * USB: Ignore xHCI Reset Device status.
    - LP: #1117693
  * USB: Allow USB 3.0 ports to be disabled.
    - LP: #1117693
  * USB: Increase reset timeout.
    - LP: #1117693
  * USB: Ignore port state until reset completes.
    - LP: #1117693
  * USB: Handle warm reset failure on empty port.
    - LP: #1117693
  * xhci: Avoid "dead ports", add roothub port polling.
    - LP: #1117693
  * ASoC: wm5100: Remove DSP B and left justified formats
    - LP: #1117693
  * mwifiex: handle association failure case correctly
    - LP: #1117693
  * mwifiex: check wait_event_interruptible return value
    - LP: #1117693
  * ASoC: wm2000: Fix sense of speech clarity enable
    - LP: #1117693
  * ioat: Fix DMA memory sync direction correct flag
    - LP: #1117693
  * drm/i915; Only increment the user-pin-count after successfully pinning
    the bo
    - LP: #1117693
  * staging: r8712u: Add new device ID
    - LP: #1117693
  * staging: speakup: avoid out-of-range access in synth_init()
    - LP: #1117693
  * staging: speakup: avoid out-of-range access in synth_add()
    - LP: #1117693
  * staging: ...

Changed in linux-armadaxp (Ubuntu Precise):
status: Invalid → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (14.0 KiB)

This bug was fixed in the package linux-lts-quantal - 3.5.0-26.42~precise1

---------------
linux-lts-quantal (3.5.0-26.42~precise1) precise-proposed; urgency=low

  [Steve Conklin]

  * Release Tracking Bug
    - LP: #1153655

  [ Andy Whitcroft ]

  * ubuntu: overlayfs -- fix missmerge of vfs_open changes
    - LP: #1122094, #1147678

linux (3.5.0-26.40) quantal-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1133429

  [ Andy Whitcroft ]

  * ubuntu: overlayfs -- fix missmerge of vfs_open changes
    - LP: #1122094

  [ Ian Campbell ]

  * SAUCE: xen/netback: shutdown the ring if it contains garbage.
    - LP: #1117325
    - CVE-2013-0216
  * SAUCE: netback: correct netbk_tx_err to handle wrap around.
    - LP: #1117325
    - CVE-2013-0216
  * SAUCE: xen/netback: don't leak pages on failure in
    xen_netbk_tx_check_gop.
    - LP: #1117331
    - CVE-2013-0217
  * SAUCE: xen/netback: free already allocated memory on failure in
    xen_netbk_get_requests
    - LP: #1117331
    - CVE-2013-0217

  [ Jan Beulich ]

  * SAUCE: xen-pciback: rate limit error messages from
    xen_pcibk_enable_msi{, x}()
    - LP: #1117336
    - CVE-2013-0231

  [ Tim Gardner ]

  * [Config] CONFIG_SATA_AHCI=m
    - LP: #1056563
  * SAUCE: rt2x00: rt2x00pci_regbusy_read() - only print register access
    failure once
    - LP: #1128840

  [ Upstream Kernel Changes ]

  * Revert "USB: Handle warm reset failure on empty port."
    - LP: #1131944
  * xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS
    guests.
    - LP: #1102374
    - CVE-2013-0190
  * virtio-blk: Don't free ida when disk is in use
    - LP: #1119885
  * ioat: Fix DMA memory sync direction correct flag
    - LP: #1119885
  * PCI: pciehp: Use per-slot workqueues to avoid deadlock
    - LP: #1119885
  * PCI/AER: pci_get_domain_bus_and_slot() call missing required
    pci_dev_put()
    - LP: #1119885
  * xen/grant-table: correctly initialize grant table version 1
    - LP: #1119885
  * serial:ifx6x60:Delete SPI timer when shut down port
    - LP: #1119885
  * tty: 8250_dw: Fix inverted arguments to serial_out in IRQ handler
    - LP: #1119885
  * drm/i915: Invalidate the relocation presumed_offsets along the slow
    path
    - LP: #1119885
  * ARM: 7627/1: Predicate preempt logic on PREEMP_COUNT not PREEMPT alone
    - LP: #1119885
  * staging: vt6656: Fix inconsistent structure packing
    - LP: #1119885
  * 8250/16?50: Add support for Broadcom TruManage redirected serial port
    - LP: #1119885
  * KVM: PPC: Emulate dcbf
    - LP: #1119885
  * staging: wlan-ng: Fix clamping of returned SSID length
    - LP: #1119885
  * USB: option: blacklist network interface on ONDA MT8205 4G LTE
    - LP: #1119885
  * USB: option: add TP-LINK HSUPA Modem MA180
    - LP: #1119885
  * ALSA: hda - Fix mute led for another HP machine
    - LP: #1096789, #1119885
  * usb: dwc3: gadget: fix ep->maxburst for ep0
    - LP: #1119885
  * ACPI / cpuidle: Fix NULL pointer issues when cpuidle is disabled
    - LP: #1119885
  * ACPI / processor: Get power info before updating the C-states
    - LP: #1119885
  * ARM: DMA: Fix struct page iterator in dma_cache_maint() to work with
    sp...

Changed in linux-lts-quantal (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (13.8 KiB)

This bug was fixed in the package linux - 3.5.0-26.42

---------------
linux (3.5.0-26.42) quantal-proposed; urgency=low

  [Steve Conklin]

  * Release Tracking Bug
    - LP: #1152715

  [ Andy Whitcroft ]

  * ubuntu: overlayfs -- fix missmerge of vfs_open changes
    - LP: #1122094, #1147678

linux (3.5.0-26.40) quantal-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1133429

  [ Andy Whitcroft ]

  * ubuntu: overlayfs -- fix missmerge of vfs_open changes
    - LP: #1122094

  [ Ian Campbell ]

  * SAUCE: xen/netback: shutdown the ring if it contains garbage.
    - LP: #1117325
    - CVE-2013-0216
  * SAUCE: netback: correct netbk_tx_err to handle wrap around.
    - LP: #1117325
    - CVE-2013-0216
  * SAUCE: xen/netback: don't leak pages on failure in
    xen_netbk_tx_check_gop.
    - LP: #1117331
    - CVE-2013-0217
  * SAUCE: xen/netback: free already allocated memory on failure in
    xen_netbk_get_requests
    - LP: #1117331
    - CVE-2013-0217

  [ Jan Beulich ]

  * SAUCE: xen-pciback: rate limit error messages from
    xen_pcibk_enable_msi{, x}()
    - LP: #1117336
    - CVE-2013-0231

  [ Tim Gardner ]

  * [Config] CONFIG_SATA_AHCI=m
    - LP: #1056563
  * SAUCE: rt2x00: rt2x00pci_regbusy_read() - only print register access
    failure once
    - LP: #1128840

  [ Upstream Kernel Changes ]

  * Revert "USB: Handle warm reset failure on empty port."
    - LP: #1131944
  * xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS
    guests.
    - LP: #1102374
    - CVE-2013-0190
  * virtio-blk: Don't free ida when disk is in use
    - LP: #1119885
  * ioat: Fix DMA memory sync direction correct flag
    - LP: #1119885
  * PCI: pciehp: Use per-slot workqueues to avoid deadlock
    - LP: #1119885
  * PCI/AER: pci_get_domain_bus_and_slot() call missing required
    pci_dev_put()
    - LP: #1119885
  * xen/grant-table: correctly initialize grant table version 1
    - LP: #1119885
  * serial:ifx6x60:Delete SPI timer when shut down port
    - LP: #1119885
  * tty: 8250_dw: Fix inverted arguments to serial_out in IRQ handler
    - LP: #1119885
  * drm/i915: Invalidate the relocation presumed_offsets along the slow
    path
    - LP: #1119885
  * ARM: 7627/1: Predicate preempt logic on PREEMP_COUNT not PREEMPT alone
    - LP: #1119885
  * staging: vt6656: Fix inconsistent structure packing
    - LP: #1119885
  * 8250/16?50: Add support for Broadcom TruManage redirected serial port
    - LP: #1119885
  * KVM: PPC: Emulate dcbf
    - LP: #1119885
  * staging: wlan-ng: Fix clamping of returned SSID length
    - LP: #1119885
  * USB: option: blacklist network interface on ONDA MT8205 4G LTE
    - LP: #1119885
  * USB: option: add TP-LINK HSUPA Modem MA180
    - LP: #1119885
  * ALSA: hda - Fix mute led for another HP machine
    - LP: #1096789, #1119885
  * usb: dwc3: gadget: fix ep->maxburst for ep0
    - LP: #1119885
  * ACPI / cpuidle: Fix NULL pointer issues when cpuidle is disabled
    - LP: #1119885
  * ACPI / processor: Get power info before updating the C-states
    - LP: #1119885
  * ARM: DMA: Fix struct page iterator in dma_cache_maint() to work with
    sparsemem
    - LP: #1119885
  * evm: checki...

Changed in linux (Ubuntu Quantal):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (13.9 KiB)

This bug was fixed in the package linux-ti-omap4 - 3.5.0-221.31

---------------
linux-ti-omap4 (3.5.0-221.31) quantal-proposed; urgency=low

  * Release Tracking Bug
    - LP: #1153648

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.5.0-26.42

  [ Ubuntu: 3.5.0-26.42 ]

  * Release Tracking Bug
    - LP: #1152715
  * ubuntu: overlayfs -- fix missmerge of vfs_open changes
    - LP: #1122094, #1147678

linux-ti-omap4 (3.5.0-221.30) quantal-proposed; urgency=low

  * Release Tracking Bug
    - LP: #1133585

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.5.0-26.40

  [ Ubuntu: 3.5.0-26.40 ]

  * Release Tracking Bug
    - LP: #1133429
  * ubuntu: overlayfs -- fix missmerge of vfs_open changes
    - LP: #1122094
  * SAUCE: xen/netback: shutdown the ring if it contains garbage.
    - LP: #1117325
    - CVE-2013-0216
  * SAUCE: netback: correct netbk_tx_err to handle wrap around.
    - LP: #1117325
    - CVE-2013-0216
  * SAUCE: xen/netback: don't leak pages on failure in
    xen_netbk_tx_check_gop.
    - LP: #1117331
    - CVE-2013-0217
  * SAUCE: xen/netback: free already allocated memory on failure in
    xen_netbk_get_requests
    - LP: #1117331
    - CVE-2013-0217
  * SAUCE: xen-pciback: rate limit error messages from
    xen_pcibk_enable_msi{, x}()
    - LP: #1117336
    - CVE-2013-0231
  * [Config] CONFIG_SATA_AHCI=m
    - LP: #1056563
  * SAUCE: rt2x00: rt2x00pci_regbusy_read() - only print register access
    failure once
    - LP: #1128840
  * Revert "USB: Handle warm reset failure on empty port."
    - LP: #1131944
  * xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS
    guests.
    - LP: #1102374
    - CVE-2013-0190
  * virtio-blk: Don't free ida when disk is in use
    - LP: #1119885
  * ioat: Fix DMA memory sync direction correct flag
    - LP: #1119885
  * PCI: pciehp: Use per-slot workqueues to avoid deadlock
    - LP: #1119885
  * PCI/AER: pci_get_domain_bus_and_slot() call missing required
    pci_dev_put()
    - LP: #1119885
  * xen/grant-table: correctly initialize grant table version 1
    - LP: #1119885
  * serial:ifx6x60:Delete SPI timer when shut down port
    - LP: #1119885
  * tty: 8250_dw: Fix inverted arguments to serial_out in IRQ handler
    - LP: #1119885
  * drm/i915: Invalidate the relocation presumed_offsets along the slow
    path
    - LP: #1119885
  * ARM: 7627/1: Predicate preempt logic on PREEMP_COUNT not PREEMPT alone
    - LP: #1119885
  * staging: vt6656: Fix inconsistent structure packing
    - LP: #1119885
  * 8250/16?50: Add support for Broadcom TruManage redirected serial port
    - LP: #1119885
  * KVM: PPC: Emulate dcbf
    - LP: #1119885
  * staging: wlan-ng: Fix clamping of returned SSID length
    - LP: #1119885
  * USB: option: blacklist network interface on ONDA MT8205 4G LTE
    - LP: #1119885
  * USB: option: add TP-LINK HSUPA Modem MA180
    - LP: #1119885
  * ALSA: hda - Fix mute led for another HP machine
    - LP: #1096789, #1119885
  * usb: dwc3: gadget: fix ep->maxburst for ep0
    - LP: #1119885
  * ACPI / cpuidle: Fix NULL pointer issues when cpuidle is disabled
    - LP: #1119885
  * ACPI / processor: Get power info before updating the C-states
    - LP: #1119885
  * ARM: D...

Changed in linux-ti-omap4 (Ubuntu Quantal):
status: Invalid → Fix Released
Changed in linux-ti-omap4 (Ubuntu Raring):
status: Invalid → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (15.5 KiB)

This bug was fixed in the package linux-ti-omap4 - 3.2.0-1427.36

---------------
linux-ti-omap4 (3.2.0-1427.36) precise-proposed; urgency=low

  * Release Tracking Bug
    - LP: #1135174

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.2.0-39.62

  [ Ubuntu: 3.2.0-39.62 ]

  * Release Tracking Bug
    - LP: #1134424
  * Revert "SAUCE: samsung-laptop: disable in UEFI mode"
    - LP: #1117693
  * d-i: Add mellanox ethernet drivers to nic-modules
    - LP: #1015339
  * SAUCE: xen/netback: shutdown the ring if it contains garbage.
    - LP: #1117325
    - CVE-2013-0216
  * SAUCE: netback: correct netbk_tx_err to handle wrap around.
    - LP: #1117325
    - CVE-2013-0216
  * SAUCE: xen/netback: don't leak pages on failure in
    xen_netbk_tx_check_gop.
    - LP: #1117331
    - CVE-2013-0217
  * SAUCE: xen/netback: free already allocated memory on failure in
    xen_netbk_get_requests
    - LP: #1117331
    - CVE-2013-0217
  * SAUCE: xen-pciback: rate limit error messages from
    xen_pcibk_enable_msi{, x}()
    - LP: #1117336
    - CVE-2013-0231
  * [debian] Remove dangling symlink from headers package
    - LP: #1112442
  * SAUCE: rt2x00: rt2x00pci_regbusy_read() - only print register access
    failure once
    - LP: #1128840
  * Revert "ALSA: hda - Shut up pins at power-saving mode with Conexnat
    codecs"
    - LP: #1117693, #886975
  * Revert "drm/i915: no lvds quirk for Zotac ZDBOX SD ID12/ID13"
    - LP: #1117693
  * Revert "ptrace: ensure arch_ptrace/ptrace_request can never race with
    SIGKILL"
    - LP: #1131218
  * SAUCE: xen/pv-spinlock: Never enable interrupts in xen_spin_lock_slow()
    - LP: #1011792
  * usb: gadget: dummy: fix enumeration with g_multi
    - LP: #1117693
  * usb: musb: core: print new line in the driver banner again
    - LP: #1117693
  * virtio-blk: Don't free ida when disk is in use
    - LP: #1117693
  * mac80211: use del_timer_sync for final sta cleanup timer deletion
    - LP: #1117693
  * xhci: Handle HS bulk/ctrl endpoints that don't NAK.
    - LP: #1117693
  * USB: Handle auto-transition from hot to warm reset.
    - LP: #1117693
  * USB: Ignore xHCI Reset Device status.
    - LP: #1117693
  * USB: Allow USB 3.0 ports to be disabled.
    - LP: #1117693
  * USB: Increase reset timeout.
    - LP: #1117693
  * USB: Ignore port state until reset completes.
    - LP: #1117693
  * USB: Handle warm reset failure on empty port.
    - LP: #1117693
  * xhci: Avoid "dead ports", add roothub port polling.
    - LP: #1117693
  * ASoC: wm5100: Remove DSP B and left justified formats
    - LP: #1117693
  * mwifiex: handle association failure case correctly
    - LP: #1117693
  * mwifiex: check wait_event_interruptible return value
    - LP: #1117693
  * ASoC: wm2000: Fix sense of speech clarity enable
    - LP: #1117693
  * ioat: Fix DMA memory sync direction correct flag
    - LP: #1117693
  * drm/i915; Only increment the user-pin-count after successfully pinning
    the bo
    - LP: #1117693
  * staging: r8712u: Add new device ID
    - LP: #1117693
  * staging: speakup: avoid out-of-range access in synth_init()
    - LP: #1117693
  * staging: speakup: avoid out-of-range access in synth_add()
    - LP: #1117693
  * stagin...

Changed in linux-ti-omap4 (Ubuntu Precise):
status: Invalid → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-armadaxp - 3.5.0-1611.17

---------------
linux-armadaxp (3.5.0-1611.17) quantal-proposed; urgency=low

  [ Ike Panhc ]

  * Release Tracking Bug
    - LP: #1160181
  * Rebase onto Ubuntu-3.5.0-27.46

  [ Ubuntu: 3.5.0-27.46 ]

  * Release Tracking Bug
    - LP: #1159991
  * Start New Release
  * crypto: user - fix info leaks in report API
    - LP: #1156790, #1156795, #1156799
    - CVE-2013-2546
  * brcmsmac: fix mismatch in number of custom regulatory rules
    - LP: #1156769
  * SAUCE: PCI: define macro for marvell vendor ID
    - LP: #1159863
  * SAUCE: PCI: fix system hang issue of Marvell SATA host controller
    - LP: #1159863

  [ Ubuntu: 3.5.0-27.45 ]

  * no change

  [ Ubuntu: 3.5.0-27.44 ]

  * no change
 -- Ike Panhc <email address hidden> Tue, 26 Mar 2013 16:59:14 +0800

Changed in linux-armadaxp (Ubuntu Quantal):
status: Invalid → Fix Released
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Julian Wiedmann (jwiedmann) wrote :

This release has reached end-of-life [0].

[0] https://wiki.ubuntu.com/Releases

Changed in linux (Ubuntu Hardy):
status: New → Invalid
Changed in linux (Ubuntu Raring):
status: Fix Committed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers