CVE-2014-1737

Bug #1316729 reported by John Johansen on 2014-05-06
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Status tracked in Wily
Precise
High
Unassigned
Trusty
High
Unassigned
Utopic
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
linux-armadaxp (Ubuntu)
Status tracked in Wily
Precise
High
Unassigned
Trusty
High
Unassigned
Utopic
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
linux-ec2 (Ubuntu)
Status tracked in Wily
Precise
High
Unassigned
Trusty
High
Unassigned
Utopic
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
linux-flo (Ubuntu)
Status tracked in Wily
Precise
High
Unassigned
Trusty
High
Unassigned
Utopic
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
linux-fsl-imx51 (Ubuntu)
Status tracked in Wily
Precise
High
Unassigned
Trusty
High
Unassigned
Utopic
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
linux-goldfish (Ubuntu)
Status tracked in Wily
Precise
High
Unassigned
Trusty
High
Unassigned
Utopic
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
linux-lts-backport-maverick (Ubuntu)
Status tracked in Wily
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Undecided
Unassigned
Wily
Undecided
Unassigned
linux-lts-backport-natty (Ubuntu)
Status tracked in Wily
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Undecided
Unassigned
Wily
Undecided
Unassigned
linux-lts-quantal (Ubuntu)
Status tracked in Wily
Precise
High
Unassigned
Trusty
High
Unassigned
Utopic
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
linux-lts-raring (Ubuntu)
Status tracked in Wily
Precise
High
Unassigned
Trusty
High
Unassigned
Utopic
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
linux-lts-saucy (Ubuntu)
Status tracked in Wily
Precise
High
Unassigned
Trusty
High
Unassigned
Utopic
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
linux-lts-trusty (Ubuntu)
Status tracked in Wily
Precise
High
Unassigned
Trusty
High
Unassigned
Utopic
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
linux-lts-utopic (Ubuntu)
Status tracked in Wily
Precise
High
Unassigned
Trusty
High
Unassigned
Utopic
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
linux-lts-vivid (Ubuntu)
Status tracked in Wily
Precise
High
Unassigned
Trusty
High
Unassigned
Utopic
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
linux-mako (Ubuntu)
Status tracked in Wily
Precise
High
Unassigned
Trusty
High
Unassigned
Utopic
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
linux-manta (Ubuntu)
Status tracked in Wily
Precise
High
Unassigned
Trusty
High
Unassigned
Utopic
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
linux-mvl-dove (Ubuntu)
Status tracked in Wily
Precise
High
Unassigned
Trusty
High
Unassigned
Utopic
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
linux-ti-omap4 (Ubuntu)
Status tracked in Wily
Precise
High
Unassigned
Trusty
High
Unassigned
Utopic
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned

Bug Description

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. First, raw_cmd_ioctl calls raw_cmd_copyin. This function kmallocs space for a floppy_raw_cmd structure and stores the resulting allocation in the "rcmd" pointer argument. It then attempts to copy_from_user the structure from userspace. If this fails, an early EFAULT return is taken. The problem is that even if the early return is taken, the pointer to the non-/partially-initialized floppy_raw_cmd structure has already been returned via the "rcmd" pointer. Back out in raw_cmd_ioctl, it attempts to raw_cmd_free this pointer. raw_cmd_free attempts to free any DMA pages allocated for the raw command, kfrees the raw command structure itself, and follows the linked list, if any, of further raw commands (a user can specify the FD_RAW_MORE flag to signal that there are more raw commands to follow in a single FDRAWCMD ioctl). So, a malicious user can send a FDRAWCMD ioctl with a raw command argument structure that has some bytes inaccessible (ie. off the end of an allocated page). The copy_from_user will fail but raw_cmd_free will attempt to process the floppy_raw_cmd as if it had been fully initialized by the rest of raw_cmd_copyin. The user can control the arguments passed to fd_dma_mem_free and kfree (by making use of the linked-list feature and specifying the target address as a next-in-list structure).

Break-Fix: - ef87dbe7614341c2e7bfe8d32fcb7028cc97442c

John Johansen (jjohansen) wrote :

CVE-2014-1737

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
Changed in linux-armadaxp (Ubuntu Saucy):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Trusty):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Utopic):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Saucy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Trusty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Utopic):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Quantal):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Quantal):
importance: Undecided → High
Changed in linux (Ubuntu Precise):
importance: Undecided → High
Changed in linux (Ubuntu Saucy):
importance: Undecided → High
Changed in linux (Ubuntu Trusty):
importance: Undecided → High
Changed in linux (Ubuntu Lucid):
importance: Undecided → High
Changed in linux (Ubuntu Utopic):
importance: Undecided → High
Changed in linux (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-lts-saucy (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Saucy):
status: New → Fix Committed
Changed in linux (Ubuntu Trusty):
status: New → Fix Committed
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Saucy):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Fix Committed
no longer affects: linux-armadaxp (Ubuntu Quantal)
no longer affects: linux-ec2 (Ubuntu Quantal)
no longer affects: linux-lts-saucy (Ubuntu Quantal)
no longer affects: linux-lts-quantal (Ubuntu Quantal)
no longer affects: linux-mvl-dove (Ubuntu Quantal)
no longer affects: linux (Ubuntu Quantal)
no longer affects: linux-fsl-imx51 (Ubuntu Quantal)
no longer affects: linux-ti-omap4 (Ubuntu Quantal)
no longer affects: linux-lts-raring (Ubuntu Quantal)
Changed in linux (Ubuntu Utopic):
status: New → Fix Committed
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-60.122

---------------
linux (2.6.32-60.122) lucid; urgency=low

  [ Andy Whitcroft ]

  * Release Tracking Bug
    - LP: #1317230
  * merge CVE release 2.6.32-58.121
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762

  [ Upstream Kernel Changes ]

  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
    - switch existing patch for upstream code.

linux (2.6.32-59.121) lucid; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1313820

  [ Upstream Kernel Changes ]

  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * rds: prevent dereference of a NULL device
    - LP: #1297738
    - CVE-2013-7339
 -- Andy Whitcroft <email address hidden> Wed, 07 May 2014 19:32:40 +0100

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ec2 - 2.6.32-364.77

---------------
linux-ec2 (2.6.32-364.77) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Rebase to Ubuntu-2.6.32-60.122
  * Release Tracking Bug
    - LP: #1317334

  [ Ubuntu: 2.6.32-60.122 ]

  * merge CVE release 2.6.32-58.121
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
    - switch existing patch for upstream code.

  [ Ubuntu: 2.6.32-59.121 ]

  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * rds: prevent dereference of a NULL device
    - LP: #1297738
    - CVE-2013-7339

  [ Ubuntu: 2.6.32-58.121 ]

  * n_tty: Fix n_tty_write crash when echoing in raw mode
 -- Stefan Bader <email address hidden> Tue, 06 May 2014 11:05:23 -0500

Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (17.7 KiB)

This bug was fixed in the package linux - 3.2.0-63.95

---------------
linux (3.2.0-63.95) precise; urgency=low

  [ Kamal Mostafa ]

  * Revert "rtlwifi: Set the link state"
    - LP: #1319735
  * Release Tracking Bug
    - re-used previous tracking bug

linux (3.2.0-63.94) precise; urgency=low

  [ Kamal Mostafa ]

  * Merged back Ubuntu-3.2.0-61.93 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1316703

  [ Stefan Bader ]

  * SAUCE: net/ipv4: Always flush route cache on unregister batch call
    - LP: #1021471

  [ Upstream Kernel Changes ]

  * ipv6: don't set DST_NOCOUNT for remotely added routes
    - LP: #1293726
    - CVE-2014-2309
  * vhost: fix total length when packets are too short
    - LP: #1312984
    - CVE-2014-0077
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

linux (3.2.0-62.93) precise; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1313807

  [ Joseph Salisbury ]

  * [Config] updateconfigs after Linux v3.2.57 update

  [ Upstream Kernel Changes ]

  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * rtlwifi: Set the link state
    - LP: #1310763
  * rtlwifi: rtl8192cu: Fix some code in RF handling
    - LP: #1310763
  * NFSv4: OPEN must handle the NFS4ERR_IO return code correctly
    - LP: #1310763
  * selinux: process labeled IPsec TCP SYN-ACK packets properly in
    selinux_ip_postroute()
    - LP: #1310763
  * parport: parport_pc: remove double PCI ID for NetMos
    - LP: #1310763
  * staging: vt6656: [BUG] BBvUpdatePreEDThreshold Always set sensitivity
    on bScanning
    - LP: #1310763
  * bfa: Chinook quad port 16G FC HBA claim issue
    - LP: #1310763
  * usb: option: add new zte 3g modem pids to option driver
    - LP: #1310763
  * dib8000: make 32 bits read atomic
    - LP: #1310763
  * serial: add support for 400 and 800 v3 series Titan cards
    - LP: #1310763
  * serial: add support for 200 v3 series Titan card
    - LP: #1310763
  * x86/efi: Fix off-by-one bug in EFI Boot Services reservation
    - LP: #1310763
  * rtc-cmos: Add an alarm disable quirk
    - LP: #1310763
  * slub: Fix calculation of cpu slabs
    - LP: #1310763
  * mtd: mxc_nand: remove duplicated ecc_stats counting
    - LP: #1310763
  * USB: pl2303: fix data corruption on termios updates
    - LP: #1310763
  * USB: serial: add support for iBall 3.5G connect usb modem
    - LP: #1310763
  * USB: Nokia 502 is an unusual device
    - LP: #1310763
  * USB: cypress_m8: fix ring-indicator detection and reporting
    - LP: #1310763
  * ALSA: rme9652: fix a missing comma in channel_map_9636_ds[]
    - LP: #1310763
  * sunrpc: Fix infinite loop in RPC state machine
    - LP: #1310763
  * SELinux: Fix memory leak upon loading policy
    - LP: #1310763
  * drm/radeon: warn users when hw_i2c is enabled (v2)
    - LP: #131...

Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-armadaxp - 3.2.0-1633.47

---------------
linux-armadaxp (3.2.0-1633.47) precise-proposed; urgency=low

  [ Ike Panhc ]

  * Release Tracking Bug
    - LP: #1320044
  * Rebase to Ubuntu-3.2.0-63.95

  [ Ubuntu: 3.2.0-63.95 ]

  * Revert "rtlwifi: Set the link state"
    - LP: #1319735
  * Release Tracking Bug
    - re-used previous tracking bug
 -- Ike Panhc <email address hidden> Fri, 16 May 2014 11:46:55 +0800

Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (6.8 KiB)

This bug was fixed in the package linux-lts-quantal - 3.5.0-51.76~precise1

---------------
linux-lts-quantal (3.5.0-51.76~precise1) precise; urgency=low

  [ Brad Figg ]

  * Revert "rtlwifi: Set the link state"

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - re-used previous tracking bug

linux (3.5.0-51.75) quantal; urgency=low

  [ Kamal Mostafa ]

  * Merged back Ubuntu-3.5.0-49.74 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1317333

  [ Upstream Kernel Changes ]

  * ipv6: don't set DST_NOCOUNT for remotely added routes
    - LP: #1293726
    - CVE-2014-2309
  * vhost: fix total length when packets are too short
    - LP: #1312984
    - CVE-2014-0077
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

linux (3.5.0-50.74) quantal; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1313852

  [ Upstream Kernel Changes ]

  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * vhost: validate vhost_get_vq_desc return value
    - LP: #1298117
    - CVE-2014-0055
  * netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
    - LP: #1295090
    - CVE-2014-2523
  * ALSA: oxygen: Xonar DG(X): capture from I2S channel 1, not 2
    - LP: #1310783
  * ALSA: oxygen: Xonar DG(X): modify DAC routing
    - LP: #1310783
  * mac80211: fix AP powersave TX vs. wakeup race
    - LP: #1310783
  * iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when assoc fails
    - LP: #1310783
  * ath9k: protect tid->sched check
    - LP: #1310783
  * ath9k: Fix ETSI compliance for AR9462 2.0
    - LP: #1310783
  * genirq: Remove racy waitqueue_active check
    - LP: #1310783
  * sched: Fix double normalization of vruntime
    - LP: #1310783
  * cpuset: fix a race condition in __cpuset_node_allowed_softwall()
    - LP: #1310783
  * firewire: net: fix use after free
    - LP: #1310783
  * mwifiex: do not advertise usb autosuspend support
    - LP: #1310783
  * NFS: Fix a delegation callback race
    - LP: #1310783
  * can: flexcan: fix shutdown: first disable chip, then all interrupts
    - LP: #1310783
  * can: flexcan: flexcan_open(): fix error path if flexcan_chip_start()
    fails
    - LP: #1310783
  * tracing: Do not add event files for modules that fail tracepoints
    - LP: #1310783
  * ocfs2: fix quota file corruption
    - LP: #1310783
  * rapidio/tsi721: fix tasklet termination in dma channel release
    - LP: #1310783
  * ALSA: usb-audio: Add quirk for Logitech Webcam C500
    - LP: #1310783
  * drm/radeon: TTM must be init with cpu-visible VRAM, v2
    - LP: #1310783
  * drm/radeon/atom: select the proper number of lanes in transmitter setup
    - LP: #1310783
  * powerpc: Align p_dyn, p_rela and p_st symbols
    - LP: #1310783
  * libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus
    SpinPoint M8 (2BA30001)
    ...

Read more...

Changed in linux-lts-quantal (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (16.0 KiB)

This bug was fixed in the package linux-lts-saucy - 3.11.0-22.38~precise1

---------------
linux-lts-saucy (3.11.0-22.38~precise1) precise; urgency=low

  [ Brad Figg ]

  * Revert "rtlwifi: Set the link state"

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - re-used previous tracking bug

linux (3.11.0-22.37) saucy; urgency=low

  [ Kamal Mostafa ]

  * Merged back Ubuntu-3.11.0-20.35 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1317369

  [ Tim Gardner ]

  * [Config] d-i -- add virtio_scsi to virtio-modules
    - LP: #1315462

  [ Upstream Kernel Changes ]

  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

linux (3.11.0-21.35) saucy; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1313831

  [ Upstream Kernel Changes ]

  * Revert "sparc64: Fix __copy_{to,from}_user_inatomic defines."
    - LP: #1311196
  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * ALSA: oxygen: Xonar DG(X): capture from I2S channel 1, not 2
    - LP: #1311196
  * ALSA: oxygen: Xonar DG(X): modify DAC routing
    - LP: #1311196
  * jiffies: Avoid undefined behavior from signed overflow
    - LP: #1311196
  * mac80211: send control port protocol frames to the VO queue
    - LP: #1311196
  * mac80211: fix AP powersave TX vs. wakeup race
    - LP: #1311196
  * iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when assoc fails
    - LP: #1311196
  * mwifiex: clean pcie ring only when device is present
    - LP: #1311196
  * mwifiex: add NULL check for PCIe Rx skb
    - LP: #1311196
  * mwifiex: fix cmd and Tx data timeout issue for PCIe cards
    - LP: #1311196
  * ath9k: protect tid->sched check
    - LP: #1311196
  * ath9k: Fix ETSI compliance for AR9462 2.0
    - LP: #1311196
  * mac80211: don't validate unchanged AP bandwidth while tracking
    - LP: #1311196
  * regulator: core: Replace direct ops->enable usage
    - LP: #1311196
  * regulator: core: Replace direct ops->disable usage
    - LP: #1311196
  * iwlwifi: mvm: change of listen interval from 70 to 10
    - LP: #1311196
  * iwlwifi: fix TX status for aggregated packets
    - LP: #1311196
  * genirq: Remove racy waitqueue_active check
    - LP: #1311196
  * sched: Fix double normalization of vruntime
    - LP: #1311196
  * cpuset: fix a locking issue in cpuset_migrate_mm()
    - LP: #1311196
  * cpuset: fix a race condition in __cpuset_node_allowed_softwall()
    - LP: #1311196
  * mac80211: fix association to 20/40 MHz VHT networks
    - LP: #1311196
  * firewire: net: fix use after free
    - LP: #1311196
  * mwifiex: do not advertise usb autosuspend support
    - LP: #1311196
  * ACPI / resources: ignore invalid ACPI device resources
    - LP: #1311196
  * NFS: Fix a delegation callback race
    - LP: #1311196
  * spi: spi-ath79: fix initial GPIO CS line setup
    - LP: #1311196
...

Changed in linux-lts-saucy (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (17.9 KiB)

This bug was fixed in the package linux-lts-raring - 3.8.0-41.60~precise1

---------------
linux-lts-raring (3.8.0-41.60~precise1) precise; urgency=low

  [ Kamal Mostafa ]

  * Revert "rtlwifi: Set the link state"
    - LP: #1289429
    - LP: #1319735
  * Release Tracking Bug
    - re-used previous tracking bug

linux-lts-raring (3.8.0-41.59~precise1) precise; urgency=low

  [ Kamal Mostafa ]

  * Merged back Ubuntu-3.8.0-39.58 security release
  * Revert: "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1317242
  * Release Tracking Bug
    - LP: #1317246

  [ Upstream Kernel Changes ]

  * Input: ALPS - add support for "Dolphin" devices
    - LP: #1256213
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1317242
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1317242
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1317242
    - LP: #1316735
    - CVE-2014-1738
  * Linux 3.8.13.23
    - LP: #1317242

linux-lts-raring (3.8.0-40.58~precise1) precise; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1314348

  [ Upstream Kernel Changes ]

  * Revert "sparc64: Fix __copy_{to,from}_user_inatomic defines."
    - LP: #1313767
  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * 6lowpan: fix lockdep splats
    - LP: #1307561
  * 9p/trans_virtio.c: Fix broken zero-copy on vmalloc() buffers
    - LP: #1307561
  * ipv4: Fix runtime WARNING in rtmsg_ifa()
    - LP: #1307561
  * net: fix 'ip rule' iif/oif device rename
    - LP: #1307561
  * net: qmi_wwan: add Netgear Aircard 340U
    - LP: #1307561
  * tcp: tsq: fix nonagle handling
    - LP: #1307561
  * tg3: Fix deadlock in tg3_change_mtu()
    - LP: #1307561
  * net: asix: add missing flag to struct driver_info
    - LP: #1307561
  * bonding: 802.3ad: make aggregator_identifier bond-private
    - LP: #1307561
  * ipv4: fix counter in_slow_tot
    - LP: #1307561
  * net: sctp: fix sctp_connectx abi for ia32 emulation/compat mode
    - LP: #1307561
  * net: add and use skb_gso_transport_seglen()
    - LP: #1307561
  * net: core: introduce netif_skb_dev_features
    - LP: #1307561
  * net: ip, ipv6: handle gso skbs in forwarding path
    - LP: #1307561
  * net: use __GFP_NORETRY for high order allocations
    - LP: #1307561
  * net-tcp: fastopen: fix high order allocations
    - LP: #1307561
  * virtio-net: alloc big buffers also when guest can receive UFO
    - LP: #1307561
  * ipv6: reuse ip6_frag_id from ip6_ufo_append_data
    - LP: #1307561
  * sfc: check for NULL efx->ptp_data in efx_ptp_event
    - LP: #1307561
  * ipv6: ipv6_find_hdr restore prev functionality
    - LP: #1307561
  * tg3: Don't check undefined error bits in RXBD
    - LP: #1307561
  * net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
    - LP: #1307561
  * mac80211: send control port protocol frames to the VO queue
    - LP: #1307561
  * mac80211: fix AP powersave TX vs. wakeup race
    - LP: #1307561
  * iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when asso...

Changed in linux-lts-raring (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (11.0 KiB)

This bug was fixed in the package linux - 3.13.0-27.50

---------------
linux (3.13.0-27.50) trusty; urgency=low

  [ Brad Figg ]

  * Revert "rtlwifi: Set the link state"

linux (3.13.0-27.49) trusty; urgency=low

  [ Brad Figg ]

  * Revert "SAUCE: (no-up) HID: rmi: do not stop the device at the end of
    probe"
  * Revert "SAUCE: (no-up) HID: rmi: introduce RMI driver for Synaptics
    touchpads"
  * Revert "[Config] CONFIG_HID_RMI=m"

linux (3.13.0-26.48) trusty; urgency=low

  [ Benjamin Tissoires ]

  * SAUCE: (no-up) HID: rmi: introduce RMI driver for Synaptics touchpads
    - LP: #1305522
  * SAUCE: (no-up) HID: rmi: do not stop the device at the end of probe
    - LP: #1305522

  [ Kamal Mostafa ]

  * Merged back Ubuntu-3.13.0-24.47 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1316835

  [ Tim Gardner ]

  * [Config] CONFIG_HID_RMI=m
    - LP: #1305522
  * [Config] CONFIG_CRYPTO_DEV_NX=n for ppc64el
    - LP: #1314625
  * [Config] CONFIG_ZSWAP=y
    - LP: #1315203
  * Add rpcsec_gss_krb5 to generic inclusion list
    - LP: #769527

  [ Upstream Kernel Changes ]

  * HID: hidraw: make comment more accurate and nicer
    - LP: #1305522
  * HID: remove hid_get_raw_report in struct hid_device
    - LP: #1305522
  * HID: i2c-hid: implement ll_driver transport-layer callbacks
    - LP: #1305522
  * HID: add inliners for ll_driver transport-layer callbacks
    - LP: #1305522
  * HID: Add transport-driver callbacks to the hid_ll_driver struct
    - LP: #1305522
  * drm/nouveau: fail runtime pm properly.
    - LP: #1313986
  * drm/nouveau: don't suspend/resume display on runtime s/r
    - LP: #1313986
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

linux (3.13.0-25.47) trusty; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1313868

  [ Adam Lee ]

  * [Config] CONFIG_RTL8723BE=m, CONFIG_RTL8723_COMMON=m
    - LP: #1240940

  [ Alex Hung ]

  * SAUCE: (no-up) dell-led: add mic mute led interface
    - LP: #1308297

  [ Andy Whitcroft ]

  * SAUCE: (no-up) powerpc: Increase COMMAND_LINE_SIZE to 2048 from 512.
    - LP: #1306677

  [ Ben Collins ]

  * [Config] Disable PAMU on Freescale kernels
    - LP: #1311738

  [ Tim Gardner ]

  * Revert "SAUCE: x86, hyperv: bypass the timer_irq_works() check"
    - LP: #1311683
  * SAUCE: (no-up) ALSA: usb-audio: Suppress repetitive debug messages from
    retire_playback_urb()
    - LP: #1305133
  * SAUCE: (no-up) 'BUG:' message unnecessarily triggers kerneloops
    - LP: #1305480
  * [Config] CONFIG_POWERNV_CPUFREQ=m
    - LP: #1309576
  * [Config] CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND=y for ppc64el
    - LP: #1309576
  * [Config] CONFIG_TRANSPARENT_HUGEPAGE=n for arm64
    - LP: #1309221
  * [Config] CONFIG_MEMCG_KMEM=y
    - LP: #1309586
  * [Config] CONFIG_CRASH_DUMP=y for ppc64el
    - LP: #1312783

  [ Upstream Kernel Change...

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (17.6 KiB)

This bug was fixed in the package linux-ti-omap4 - 3.2.0-1446.65

---------------
linux-ti-omap4 (3.2.0-1446.65) precise; urgency=low

  * Release Tracking Bug
    - LP: #1317327

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.2.0-63.94

  [ Ubuntu: 3.2.0-63.94 ]

  * Merged back Ubuntu-3.2.0-61.93 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1316703
  * SAUCE: net/ipv4: Always flush route cache on unregister batch call
    - LP: #1021471
  * ipv6: don't set DST_NOCOUNT for remotely added routes
    - LP: #1293726
    - CVE-2014-2309
  * vhost: fix total length when packets are too short
    - LP: #1312984
    - CVE-2014-0077
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

  [ Ubuntu: 3.2.0-62.93 ]

  * Release Tracking Bug
    - LP: #1313807
  * [Config] updateconfigs after Linux v3.2.57 update
  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * rtlwifi: Set the link state
    - LP: #1310763
  * rtlwifi: rtl8192cu: Fix some code in RF handling
    - LP: #1310763
  * NFSv4: OPEN must handle the NFS4ERR_IO return code correctly
    - LP: #1310763
  * selinux: process labeled IPsec TCP SYN-ACK packets properly in
    selinux_ip_postroute()
    - LP: #1310763
  * parport: parport_pc: remove double PCI ID for NetMos
    - LP: #1310763
  * staging: vt6656: [BUG] BBvUpdatePreEDThreshold Always set sensitivity
    on bScanning
    - LP: #1310763
  * bfa: Chinook quad port 16G FC HBA claim issue
    - LP: #1310763
  * usb: option: add new zte 3g modem pids to option driver
    - LP: #1310763
  * dib8000: make 32 bits read atomic
    - LP: #1310763
  * serial: add support for 400 and 800 v3 series Titan cards
    - LP: #1310763
  * serial: add support for 200 v3 series Titan card
    - LP: #1310763
  * x86/efi: Fix off-by-one bug in EFI Boot Services reservation
    - LP: #1310763
  * rtc-cmos: Add an alarm disable quirk
    - LP: #1310763
  * slub: Fix calculation of cpu slabs
    - LP: #1310763
  * mtd: mxc_nand: remove duplicated ecc_stats counting
    - LP: #1310763
  * USB: pl2303: fix data corruption on termios updates
    - LP: #1310763
  * USB: serial: add support for iBall 3.5G connect usb modem
    - LP: #1310763
  * USB: Nokia 502 is an unusual device
    - LP: #1310763
  * USB: cypress_m8: fix ring-indicator detection and reporting
    - LP: #1310763
  * ALSA: rme9652: fix a missing comma in channel_map_9636_ds[]
    - LP: #1310763
  * sunrpc: Fix infinite loop in RPC state machine
    - LP: #1310763
  * SELinux: Fix memory leak upon loading policy
    - LP: #1310763
  * drm/radeon: warn users when hw_i2c is enabled (v2)
    - LP: #1310763
  * USB: ftdi_sio: added CS5 quirk for broken smartcard readers
    - LP: #1310763
  * serial: 8250: enable UART_BUG_NOMSR for Tegra
    - LP: #1310763
  * dm: wait until embedded kobject is released b...

Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (15.8 KiB)

This bug was fixed in the package linux - 3.11.0-22.38

---------------
linux (3.11.0-22.38) saucy; urgency=low

  [ Brad Figg ]

  * Revert "rtlwifi: Set the link state"

linux (3.11.0-22.37) saucy; urgency=low

  [ Kamal Mostafa ]

  * Merged back Ubuntu-3.11.0-20.35 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1317207

  [ Tim Gardner ]

  * [Config] d-i -- add virtio_scsi to virtio-modules
    - LP: #1315462

  [ Upstream Kernel Changes ]

  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

linux (3.11.0-21.35) saucy; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1313831

  [ Upstream Kernel Changes ]

  * Revert "sparc64: Fix __copy_{to,from}_user_inatomic defines."
    - LP: #1311196
  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * ALSA: oxygen: Xonar DG(X): capture from I2S channel 1, not 2
    - LP: #1311196
  * ALSA: oxygen: Xonar DG(X): modify DAC routing
    - LP: #1311196
  * jiffies: Avoid undefined behavior from signed overflow
    - LP: #1311196
  * mac80211: send control port protocol frames to the VO queue
    - LP: #1311196
  * mac80211: fix AP powersave TX vs. wakeup race
    - LP: #1311196
  * iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when assoc fails
    - LP: #1311196
  * mwifiex: clean pcie ring only when device is present
    - LP: #1311196
  * mwifiex: add NULL check for PCIe Rx skb
    - LP: #1311196
  * mwifiex: fix cmd and Tx data timeout issue for PCIe cards
    - LP: #1311196
  * ath9k: protect tid->sched check
    - LP: #1311196
  * ath9k: Fix ETSI compliance for AR9462 2.0
    - LP: #1311196
  * mac80211: don't validate unchanged AP bandwidth while tracking
    - LP: #1311196
  * regulator: core: Replace direct ops->enable usage
    - LP: #1311196
  * regulator: core: Replace direct ops->disable usage
    - LP: #1311196
  * iwlwifi: mvm: change of listen interval from 70 to 10
    - LP: #1311196
  * iwlwifi: fix TX status for aggregated packets
    - LP: #1311196
  * genirq: Remove racy waitqueue_active check
    - LP: #1311196
  * sched: Fix double normalization of vruntime
    - LP: #1311196
  * cpuset: fix a locking issue in cpuset_migrate_mm()
    - LP: #1311196
  * cpuset: fix a race condition in __cpuset_node_allowed_softwall()
    - LP: #1311196
  * mac80211: fix association to 20/40 MHz VHT networks
    - LP: #1311196
  * firewire: net: fix use after free
    - LP: #1311196
  * mwifiex: do not advertise usb autosuspend support
    - LP: #1311196
  * ACPI / resources: ignore invalid ACPI device resources
    - LP: #1311196
  * NFS: Fix a delegation callback race
    - LP: #1311196
  * spi: spi-ath79: fix initial GPIO CS line setup
    - LP: #1311196
  * ALSA: hda - Added inverted digital-mic handling for Acer TravelMate
    8371
    - LP: #1311196
  * drm/i915: fix pch p...

Changed in linux (Ubuntu Saucy):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (6.7 KiB)

This bug was fixed in the package linux-ti-omap4 - 3.5.0-242.58

---------------
linux-ti-omap4 (3.5.0-242.58) quantal; urgency=low

  * Release Tracking Bug
    - LP: #1317330

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.5.0-51.75

  [ Ubuntu: 3.5.0-51.75 ]

  * Merged back Ubuntu-3.5.0-49.74 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1317227
  * ipv6: don't set DST_NOCOUNT for remotely added routes
    - LP: #1293726
    - CVE-2014-2309
  * vhost: fix total length when packets are too short
    - LP: #1312984
    - CVE-2014-0077
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

  [ Ubuntu: 3.5.0-50.74 ]

  * Release Tracking Bug
    - LP: #1313852
  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * vhost: validate vhost_get_vq_desc return value
    - LP: #1298117
    - CVE-2014-0055
  * netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
    - LP: #1295090
    - CVE-2014-2523
  * ALSA: oxygen: Xonar DG(X): capture from I2S channel 1, not 2
    - LP: #1310783
  * ALSA: oxygen: Xonar DG(X): modify DAC routing
    - LP: #1310783
  * mac80211: fix AP powersave TX vs. wakeup race
    - LP: #1310783
  * iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when assoc fails
    - LP: #1310783
  * ath9k: protect tid->sched check
    - LP: #1310783
  * ath9k: Fix ETSI compliance for AR9462 2.0
    - LP: #1310783
  * genirq: Remove racy waitqueue_active check
    - LP: #1310783
  * sched: Fix double normalization of vruntime
    - LP: #1310783
  * cpuset: fix a race condition in __cpuset_node_allowed_softwall()
    - LP: #1310783
  * firewire: net: fix use after free
    - LP: #1310783
  * mwifiex: do not advertise usb autosuspend support
    - LP: #1310783
  * NFS: Fix a delegation callback race
    - LP: #1310783
  * can: flexcan: fix shutdown: first disable chip, then all interrupts
    - LP: #1310783
  * can: flexcan: flexcan_open(): fix error path if flexcan_chip_start()
    fails
    - LP: #1310783
  * tracing: Do not add event files for modules that fail tracepoints
    - LP: #1310783
  * ocfs2: fix quota file corruption
    - LP: #1310783
  * rapidio/tsi721: fix tasklet termination in dma channel release
    - LP: #1310783
  * ALSA: usb-audio: Add quirk for Logitech Webcam C500
    - LP: #1310783
  * drm/radeon: TTM must be init with cpu-visible VRAM, v2
    - LP: #1310783
  * drm/radeon/atom: select the proper number of lanes in transmitter setup
    - LP: #1310783
  * powerpc: Align p_dyn, p_rela and p_st symbols
    - LP: #1310783
  * libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus
    SpinPoint M8 (2BA30001)
    - LP: #1310783
  * usb: Add device quirk for Logitech HD Pro Webcams C920 and C930e
    - LP: #1310783
  * usb: Make DELAY_INIT quirk wait 100ms between Get Configuration
    requests
    - LP: #1310783
...

Read more...

Changed in linux-ti-omap4 (Ubuntu Saucy):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Saucy):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Saucy):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Trusty):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Trusty):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Utopic):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Utopic):
status: New → Won't Fix
no longer affects: linux-armadaxp (Ubuntu Saucy)
no longer affects: linux-ec2 (Ubuntu Saucy)
no longer affects: linux-lts-saucy (Ubuntu Saucy)
no longer affects: linux-lts-quantal (Ubuntu Saucy)
no longer affects: linux-mvl-dove (Ubuntu Saucy)
no longer affects: linux (Ubuntu Saucy)
no longer affects: linux-fsl-imx51 (Ubuntu Saucy)
no longer affects: linux-ti-omap4 (Ubuntu Saucy)
no longer affects: linux-lts-raring (Ubuntu Saucy)
Changed in linux-lts-trusty (Ubuntu Precise):
status: New → Fix Released
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Mathew Hodson (mathew-hodson) wrote :
Changed in linux-lts-backport-maverick (Ubuntu Vivid):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Vivid):
status: New → Invalid
Changed in linux (Ubuntu Utopic):
status: Fix Committed → Invalid
Changed in linux (Ubuntu Vivid):
status: Fix Committed → Invalid
no longer affects: linux-lts-trusty (Ubuntu Lucid)
no longer affects: linux-armadaxp (Ubuntu Lucid)
no longer affects: linux-ec2 (Ubuntu Lucid)
no longer affects: linux-goldfish (Ubuntu Lucid)
no longer affects: linux-lts-saucy (Ubuntu Lucid)
no longer affects: linux-lts-quantal (Ubuntu Lucid)
no longer affects: linux-mvl-dove (Ubuntu Lucid)
no longer affects: linux-ti-omap4 (Ubuntu Lucid)
no longer affects: linux (Ubuntu Lucid)
no longer affects: linux-mako (Ubuntu Lucid)
no longer affects: linux-fsl-imx51 (Ubuntu Lucid)
no longer affects: linux-lts-utopic (Ubuntu Lucid)
no longer affects: linux-flo (Ubuntu Lucid)
no longer affects: linux-lts-raring (Ubuntu Lucid)
no longer affects: linux-manta (Ubuntu Lucid)
Changed in linux-lts-vivid (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Trusty):
status: New → Fix Committed
importance: Undecided → High
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers