CVE-2014-0077

Bug #1312984 reported by John Johansen on 2014-04-26
276
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-armadaxp (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-ec2 (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-flo (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-fsl-imx51 (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-goldfish (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-lts-backport-maverick (Ubuntu)
Status tracked in Vivid
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Undecided
Unassigned
linux-lts-backport-natty (Ubuntu)
Status tracked in Vivid
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Undecided
Unassigned
linux-lts-quantal (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-lts-raring (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-lts-saucy (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-lts-trusty (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-lts-utopic (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-mako (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-manta (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-mvl-dove (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned
linux-ti-omap4 (Ubuntu)
Status tracked in Vivid
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Trusty
Medium
Unassigned
Utopic
Medium
Unassigned
Vivid
Medium
Unassigned

Bug Description

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.

Break-Fix: 8dd014adfea6f173c1ef6378f7e5e7924866c923 d8316f3991d207fe32881a9ac20241be8fa2bad0

John Johansen (jjohansen) wrote :

CVE-2014-0077

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
Changed in linux-armadaxp (Ubuntu Saucy):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Trusty):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Utopic):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Saucy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Trusty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Utopic):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Quantal):
status: New → Invalid
Changed in linux (Ubuntu Trusty):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Quantal):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Saucy):
status: New → Fix Committed
Changed in linux (Ubuntu Utopic):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Lucid):
status: New → Invalid
Changed in linux (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Saucy):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Fix Committed
description: updated
no longer affects: linux-armadaxp (Ubuntu Quantal)
no longer affects: linux-ec2 (Ubuntu Quantal)
no longer affects: linux-lts-saucy (Ubuntu Quantal)
no longer affects: linux-lts-quantal (Ubuntu Quantal)
no longer affects: linux-mvl-dove (Ubuntu Quantal)
no longer affects: linux (Ubuntu Quantal)
no longer affects: linux-fsl-imx51 (Ubuntu Quantal)
no longer affects: linux-ti-omap4 (Ubuntu Quantal)
no longer affects: linux-lts-raring (Ubuntu Quantal)
Launchpad Janitor (janitor) wrote :
Download full text (17.7 KiB)

This bug was fixed in the package linux - 3.2.0-63.95

---------------
linux (3.2.0-63.95) precise; urgency=low

  [ Kamal Mostafa ]

  * Revert "rtlwifi: Set the link state"
    - LP: #1319735
  * Release Tracking Bug
    - re-used previous tracking bug

linux (3.2.0-63.94) precise; urgency=low

  [ Kamal Mostafa ]

  * Merged back Ubuntu-3.2.0-61.93 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1316703

  [ Stefan Bader ]

  * SAUCE: net/ipv4: Always flush route cache on unregister batch call
    - LP: #1021471

  [ Upstream Kernel Changes ]

  * ipv6: don't set DST_NOCOUNT for remotely added routes
    - LP: #1293726
    - CVE-2014-2309
  * vhost: fix total length when packets are too short
    - LP: #1312984
    - CVE-2014-0077
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

linux (3.2.0-62.93) precise; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1313807

  [ Joseph Salisbury ]

  * [Config] updateconfigs after Linux v3.2.57 update

  [ Upstream Kernel Changes ]

  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * rtlwifi: Set the link state
    - LP: #1310763
  * rtlwifi: rtl8192cu: Fix some code in RF handling
    - LP: #1310763
  * NFSv4: OPEN must handle the NFS4ERR_IO return code correctly
    - LP: #1310763
  * selinux: process labeled IPsec TCP SYN-ACK packets properly in
    selinux_ip_postroute()
    - LP: #1310763
  * parport: parport_pc: remove double PCI ID for NetMos
    - LP: #1310763
  * staging: vt6656: [BUG] BBvUpdatePreEDThreshold Always set sensitivity
    on bScanning
    - LP: #1310763
  * bfa: Chinook quad port 16G FC HBA claim issue
    - LP: #1310763
  * usb: option: add new zte 3g modem pids to option driver
    - LP: #1310763
  * dib8000: make 32 bits read atomic
    - LP: #1310763
  * serial: add support for 400 and 800 v3 series Titan cards
    - LP: #1310763
  * serial: add support for 200 v3 series Titan card
    - LP: #1310763
  * x86/efi: Fix off-by-one bug in EFI Boot Services reservation
    - LP: #1310763
  * rtc-cmos: Add an alarm disable quirk
    - LP: #1310763
  * slub: Fix calculation of cpu slabs
    - LP: #1310763
  * mtd: mxc_nand: remove duplicated ecc_stats counting
    - LP: #1310763
  * USB: pl2303: fix data corruption on termios updates
    - LP: #1310763
  * USB: serial: add support for iBall 3.5G connect usb modem
    - LP: #1310763
  * USB: Nokia 502 is an unusual device
    - LP: #1310763
  * USB: cypress_m8: fix ring-indicator detection and reporting
    - LP: #1310763
  * ALSA: rme9652: fix a missing comma in channel_map_9636_ds[]
    - LP: #1310763
  * sunrpc: Fix infinite loop in RPC state machine
    - LP: #1310763
  * SELinux: Fix memory leak upon loading policy
    - LP: #1310763
  * drm/radeon: warn users when hw_i2c is enabled (v2)
    - LP: #131...

Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-armadaxp - 3.2.0-1633.47

---------------
linux-armadaxp (3.2.0-1633.47) precise-proposed; urgency=low

  [ Ike Panhc ]

  * Release Tracking Bug
    - LP: #1320044
  * Rebase to Ubuntu-3.2.0-63.95

  [ Ubuntu: 3.2.0-63.95 ]

  * Revert "rtlwifi: Set the link state"
    - LP: #1319735
  * Release Tracking Bug
    - re-used previous tracking bug
 -- Ike Panhc <email address hidden> Fri, 16 May 2014 11:46:55 +0800

Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (6.8 KiB)

This bug was fixed in the package linux-lts-quantal - 3.5.0-51.76~precise1

---------------
linux-lts-quantal (3.5.0-51.76~precise1) precise; urgency=low

  [ Brad Figg ]

  * Revert "rtlwifi: Set the link state"

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - re-used previous tracking bug

linux (3.5.0-51.75) quantal; urgency=low

  [ Kamal Mostafa ]

  * Merged back Ubuntu-3.5.0-49.74 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1317333

  [ Upstream Kernel Changes ]

  * ipv6: don't set DST_NOCOUNT for remotely added routes
    - LP: #1293726
    - CVE-2014-2309
  * vhost: fix total length when packets are too short
    - LP: #1312984
    - CVE-2014-0077
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

linux (3.5.0-50.74) quantal; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1313852

  [ Upstream Kernel Changes ]

  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * vhost: validate vhost_get_vq_desc return value
    - LP: #1298117
    - CVE-2014-0055
  * netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
    - LP: #1295090
    - CVE-2014-2523
  * ALSA: oxygen: Xonar DG(X): capture from I2S channel 1, not 2
    - LP: #1310783
  * ALSA: oxygen: Xonar DG(X): modify DAC routing
    - LP: #1310783
  * mac80211: fix AP powersave TX vs. wakeup race
    - LP: #1310783
  * iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when assoc fails
    - LP: #1310783
  * ath9k: protect tid->sched check
    - LP: #1310783
  * ath9k: Fix ETSI compliance for AR9462 2.0
    - LP: #1310783
  * genirq: Remove racy waitqueue_active check
    - LP: #1310783
  * sched: Fix double normalization of vruntime
    - LP: #1310783
  * cpuset: fix a race condition in __cpuset_node_allowed_softwall()
    - LP: #1310783
  * firewire: net: fix use after free
    - LP: #1310783
  * mwifiex: do not advertise usb autosuspend support
    - LP: #1310783
  * NFS: Fix a delegation callback race
    - LP: #1310783
  * can: flexcan: fix shutdown: first disable chip, then all interrupts
    - LP: #1310783
  * can: flexcan: flexcan_open(): fix error path if flexcan_chip_start()
    fails
    - LP: #1310783
  * tracing: Do not add event files for modules that fail tracepoints
    - LP: #1310783
  * ocfs2: fix quota file corruption
    - LP: #1310783
  * rapidio/tsi721: fix tasklet termination in dma channel release
    - LP: #1310783
  * ALSA: usb-audio: Add quirk for Logitech Webcam C500
    - LP: #1310783
  * drm/radeon: TTM must be init with cpu-visible VRAM, v2
    - LP: #1310783
  * drm/radeon/atom: select the proper number of lanes in transmitter setup
    - LP: #1310783
  * powerpc: Align p_dyn, p_rela and p_st symbols
    - LP: #1310783
  * libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus
    SpinPoint M8 (2BA30001)
    ...

Read more...

Changed in linux-lts-quantal (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (17.6 KiB)

This bug was fixed in the package linux-ti-omap4 - 3.2.0-1446.65

---------------
linux-ti-omap4 (3.2.0-1446.65) precise; urgency=low

  * Release Tracking Bug
    - LP: #1317327

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.2.0-63.94

  [ Ubuntu: 3.2.0-63.94 ]

  * Merged back Ubuntu-3.2.0-61.93 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1316703
  * SAUCE: net/ipv4: Always flush route cache on unregister batch call
    - LP: #1021471
  * ipv6: don't set DST_NOCOUNT for remotely added routes
    - LP: #1293726
    - CVE-2014-2309
  * vhost: fix total length when packets are too short
    - LP: #1312984
    - CVE-2014-0077
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

  [ Ubuntu: 3.2.0-62.93 ]

  * Release Tracking Bug
    - LP: #1313807
  * [Config] updateconfigs after Linux v3.2.57 update
  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * rtlwifi: Set the link state
    - LP: #1310763
  * rtlwifi: rtl8192cu: Fix some code in RF handling
    - LP: #1310763
  * NFSv4: OPEN must handle the NFS4ERR_IO return code correctly
    - LP: #1310763
  * selinux: process labeled IPsec TCP SYN-ACK packets properly in
    selinux_ip_postroute()
    - LP: #1310763
  * parport: parport_pc: remove double PCI ID for NetMos
    - LP: #1310763
  * staging: vt6656: [BUG] BBvUpdatePreEDThreshold Always set sensitivity
    on bScanning
    - LP: #1310763
  * bfa: Chinook quad port 16G FC HBA claim issue
    - LP: #1310763
  * usb: option: add new zte 3g modem pids to option driver
    - LP: #1310763
  * dib8000: make 32 bits read atomic
    - LP: #1310763
  * serial: add support for 400 and 800 v3 series Titan cards
    - LP: #1310763
  * serial: add support for 200 v3 series Titan card
    - LP: #1310763
  * x86/efi: Fix off-by-one bug in EFI Boot Services reservation
    - LP: #1310763
  * rtc-cmos: Add an alarm disable quirk
    - LP: #1310763
  * slub: Fix calculation of cpu slabs
    - LP: #1310763
  * mtd: mxc_nand: remove duplicated ecc_stats counting
    - LP: #1310763
  * USB: pl2303: fix data corruption on termios updates
    - LP: #1310763
  * USB: serial: add support for iBall 3.5G connect usb modem
    - LP: #1310763
  * USB: Nokia 502 is an unusual device
    - LP: #1310763
  * USB: cypress_m8: fix ring-indicator detection and reporting
    - LP: #1310763
  * ALSA: rme9652: fix a missing comma in channel_map_9636_ds[]
    - LP: #1310763
  * sunrpc: Fix infinite loop in RPC state machine
    - LP: #1310763
  * SELinux: Fix memory leak upon loading policy
    - LP: #1310763
  * drm/radeon: warn users when hw_i2c is enabled (v2)
    - LP: #1310763
  * USB: ftdi_sio: added CS5 quirk for broken smartcard readers
    - LP: #1310763
  * serial: 8250: enable UART_BUG_NOMSR for Tegra
    - LP: #1310763
  * dm: wait until embedded kobject is released b...

Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux-lts-saucy (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Saucy):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
Changed in linux-lts-raring (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (6.7 KiB)

This bug was fixed in the package linux-ti-omap4 - 3.5.0-242.58

---------------
linux-ti-omap4 (3.5.0-242.58) quantal; urgency=low

  * Release Tracking Bug
    - LP: #1317330

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.5.0-51.75

  [ Ubuntu: 3.5.0-51.75 ]

  * Merged back Ubuntu-3.5.0-49.74 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1317227
  * ipv6: don't set DST_NOCOUNT for remotely added routes
    - LP: #1293726
    - CVE-2014-2309
  * vhost: fix total length when packets are too short
    - LP: #1312984
    - CVE-2014-0077
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

  [ Ubuntu: 3.5.0-50.74 ]

  * Release Tracking Bug
    - LP: #1313852
  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * vhost: validate vhost_get_vq_desc return value
    - LP: #1298117
    - CVE-2014-0055
  * netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
    - LP: #1295090
    - CVE-2014-2523
  * ALSA: oxygen: Xonar DG(X): capture from I2S channel 1, not 2
    - LP: #1310783
  * ALSA: oxygen: Xonar DG(X): modify DAC routing
    - LP: #1310783
  * mac80211: fix AP powersave TX vs. wakeup race
    - LP: #1310783
  * iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when assoc fails
    - LP: #1310783
  * ath9k: protect tid->sched check
    - LP: #1310783
  * ath9k: Fix ETSI compliance for AR9462 2.0
    - LP: #1310783
  * genirq: Remove racy waitqueue_active check
    - LP: #1310783
  * sched: Fix double normalization of vruntime
    - LP: #1310783
  * cpuset: fix a race condition in __cpuset_node_allowed_softwall()
    - LP: #1310783
  * firewire: net: fix use after free
    - LP: #1310783
  * mwifiex: do not advertise usb autosuspend support
    - LP: #1310783
  * NFS: Fix a delegation callback race
    - LP: #1310783
  * can: flexcan: fix shutdown: first disable chip, then all interrupts
    - LP: #1310783
  * can: flexcan: flexcan_open(): fix error path if flexcan_chip_start()
    fails
    - LP: #1310783
  * tracing: Do not add event files for modules that fail tracepoints
    - LP: #1310783
  * ocfs2: fix quota file corruption
    - LP: #1310783
  * rapidio/tsi721: fix tasklet termination in dma channel release
    - LP: #1310783
  * ALSA: usb-audio: Add quirk for Logitech Webcam C500
    - LP: #1310783
  * drm/radeon: TTM must be init with cpu-visible VRAM, v2
    - LP: #1310783
  * drm/radeon/atom: select the proper number of lanes in transmitter setup
    - LP: #1310783
  * powerpc: Align p_dyn, p_rela and p_st symbols
    - LP: #1310783
  * libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus
    SpinPoint M8 (2BA30001)
    - LP: #1310783
  * usb: Add device quirk for Logitech HD Pro Webcams C920 and C930e
    - LP: #1310783
  * usb: Make DELAY_INIT quirk wait 100ms between Get Configuration
    requests
    - LP: #1310783
...

Read more...

Changed in linux-ti-omap4 (Ubuntu Saucy):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Saucy):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Saucy):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Trusty):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Trusty):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Utopic):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Utopic):
status: New → Won't Fix
no longer affects: linux-armadaxp (Ubuntu Saucy)
no longer affects: linux-ec2 (Ubuntu Saucy)
no longer affects: linux-lts-saucy (Ubuntu Saucy)
no longer affects: linux-lts-quantal (Ubuntu Saucy)
no longer affects: linux-mvl-dove (Ubuntu Saucy)
no longer affects: linux (Ubuntu Saucy)
no longer affects: linux-fsl-imx51 (Ubuntu Saucy)
no longer affects: linux-ti-omap4 (Ubuntu Saucy)
no longer affects: linux-lts-raring (Ubuntu Saucy)
Changed in linux-lts-trusty (Ubuntu Precise):
status: New → Fix Released
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Vivid):
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Vivid):
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Vivid):
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Vivid):
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Utopic):
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers