This bug was fixed in the package linux - 3.11.0-22.38 --------------- linux (3.11.0-22.38) saucy; urgency=low [ Brad Figg ] * Revert "rtlwifi: Set the link state" linux (3.11.0-22.37) saucy; urgency=low [ Kamal Mostafa ] * Merged back Ubuntu-3.11.0-20.35 security release * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode" - LP: #1314762 * Release Tracking Bug - LP: #1317207 [ Tim Gardner ] * [Config] d-i -- add virtio_scsi to virtio-modules - LP: #1315462 [ Upstream Kernel Changes ] * n_tty: Fix n_tty_write crash when echoing in raw mode - LP: #1314762 - CVE-2014-0196 * floppy: ignore kernel-only members in FDRAWCMD ioctl input - LP: #1316729 - CVE-2014-1737 * floppy: don't write kernel-only members to FDRAWCMD ioctl output - LP: #1316735 - CVE-2014-1738 linux (3.11.0-21.35) saucy; urgency=low [ Joseph Salisbury ] * Release Tracking Bug - LP: #1313831 [ Upstream Kernel Changes ] * Revert "sparc64: Fix __copy_{to,from}_user_inatomic defines." - LP: #1311196 * rds: prevent dereference of a NULL device in rds_iw_laddr_check - LP: #1302222 - CVE-2014-2678 * ALSA: oxygen: Xonar DG(X): capture from I2S channel 1, not 2 - LP: #1311196 * ALSA: oxygen: Xonar DG(X): modify DAC routing - LP: #1311196 * jiffies: Avoid undefined behavior from signed overflow - LP: #1311196 * mac80211: send control port protocol frames to the VO queue - LP: #1311196 * mac80211: fix AP powersave TX vs. wakeup race - LP: #1311196 * iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when assoc fails - LP: #1311196 * mwifiex: clean pcie ring only when device is present - LP: #1311196 * mwifiex: add NULL check for PCIe Rx skb - LP: #1311196 * mwifiex: fix cmd and Tx data timeout issue for PCIe cards - LP: #1311196 * ath9k: protect tid->sched check - LP: #1311196 * ath9k: Fix ETSI compliance for AR9462 2.0 - LP: #1311196 * mac80211: don't validate unchanged AP bandwidth while tracking - LP: #1311196 * regulator: core: Replace direct ops->enable usage - LP: #1311196 * regulator: core: Replace direct ops->disable usage - LP: #1311196 * iwlwifi: mvm: change of listen interval from 70 to 10 - LP: #1311196 * iwlwifi: fix TX status for aggregated packets - LP: #1311196 * genirq: Remove racy waitqueue_active check - LP: #1311196 * sched: Fix double normalization of vruntime - LP: #1311196 * cpuset: fix a locking issue in cpuset_migrate_mm() - LP: #1311196 * cpuset: fix a race condition in __cpuset_node_allowed_softwall() - LP: #1311196 * mac80211: fix association to 20/40 MHz VHT networks - LP: #1311196 * firewire: net: fix use after free - LP: #1311196 * mwifiex: do not advertise usb autosuspend support - LP: #1311196 * ACPI / resources: ignore invalid ACPI device resources - LP: #1311196 * NFS: Fix a delegation callback race - LP: #1311196 * spi: spi-ath79: fix initial GPIO CS line setup - LP: #1311196 * ALSA: hda - Added inverted digital-mic handling for Acer TravelMate 8371 - LP: #1311196 * drm/i915: fix pch pci device enumeration - LP: #1311196 * can: flexcan: fix shutdown: first disable chip, then all interrupts - LP: #1311196 * can: flexcan: flexcan_open(): fix error path if flexcan_chip_start() fails - LP: #1311196 * can: flexcan: Check the return value from clk_prepare_enable() - LP: #1311196 * can: flexcan: fix transition from and to low power mode in chip_{en,dis}able - LP: #1311196 * can: flexcan: factor out transceiver {en,dis}able into seperate functions - LP: #1311196 * can: flexcan: fix transition from and to freeze mode in chip_{,un}freeze - LP: #1311196 * drm/i915: vlv: reserve GT power context early - LP: #1311196 * drm/i915: Reject >165MHz modes w/ DVI monitors - LP: #1311196 * tracing: Do not add event files for modules that fail tracepoints - LP: #1311196 * mm: include VM_MIXEDMAP flag in the VM_SPECIAL list to avoid m(un)locking - LP: #1311196 * ocfs2: fix quota file corruption - LP: #1311196 * zram: avoid null access when fail to alloc meta - LP: #1311196 * rapidio/tsi721: fix tasklet termination in dma channel release - LP: #1311196 * iscsi-target: Fix iscsit_get_tpg_from_np tpg_state bug - LP: #1311196 * iscsi-target: Perform release of acknowledged tags from RX context - LP: #1311196 * iscsi/iser-target: Use list_del_init for ->i_conn_node - LP: #1311196 * pinctrl: sunxi: use chained_irq_{enter, exit} for GIC compatibility - LP: #1311196 * ALSA: hda - Add missing loopback merge path for AD1884/1984 codecs - LP: #1311196 * ALSA: usb-audio: Add quirk for Logitech Webcam C500 - LP: #1311196 * NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid - LP: #1311196 * ACPI / EC: Fix incorrect placement of __initdata - LP: #1311196 * firewire: ohci: beautify some macro definitions - LP: #1311196 * firewire: ohci: fix probe failure with Agere/LSI controllers - LP: #1311196 * drm/radeon: TTM must be init with cpu-visible VRAM, v2 - LP: #1311196 * drm/radeon/dpm: fix typo in EVERGREEN_SMC_FIRMWARE_HEADER_softRegisters - LP: #1311196 * drm/radeon/atom: select the proper number of lanes in transmitter setup - LP: #1311196 * powerpc/tm: Fix crash when forking inside a transaction - LP: #1311196 * powerpc: Align p_dyn, p_rela and p_st symbols - LP: #1311196 * firewire: don't use PREPARE_DELAYED_WORK - LP: #1311196 * libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus SpinPoint M8 (2BA30001) - LP: #1311196 * usb: Add device quirk for Logitech HD Pro Webcams C920 and C930e - LP: #1311196 * usb: Make DELAY_INIT quirk wait 100ms between Get Configuration requests - LP: #1311196 * ARM: fix noMMU kallsyms symbol filtering - LP: #1311196 * ARM: 7991/1: sa1100: fix compile problem on Collie - LP: #1311196 * x86: Ignore NMIs that come in during early boot - LP: #1311196 * x86: fix compile error due to X86_TRAP_NMI use in asm files - LP: #1311196 * drm/radeon: re-order firmware loading in preparation for dpm rework - LP: #1311196 * net-tcp: fastopen: fix high order allocations - LP: #1311196 * neigh: recompute reachabletime before returning from neigh_periodic_work() - LP: #1311196 * virtio-net: alloc big buffers also when guest can receive UFO - LP: #1311196 * ipv6: reuse ip6_frag_id from ip6_ufo_append_data - LP: #1311196 * sfc: check for NULL efx->ptp_data in efx_ptp_event - LP: #1311196 * ipv6: ipv6_find_hdr restore prev functionality - LP: #1311196 * tg3: Don't check undefined error bits in RXBD - LP: #1311196 * net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable - LP: #1311196 * s390/dasd: hold request queue sysfs lock when calling elevator_init() - LP: #1311196 * iwlwifi: mvm: don't WARN when statistics are handled late - LP: #1311196 * mac80211: clear sequence/fragment number in QoS-null frames - LP: #1311196 * mwifiex: copy AP's HT capability info correctly - LP: #1311196 * mwifiex: save and copy AP's VHT capability info correctly - LP: #1311196 * net: unix socket code abuses csum_partial - LP: #1311196 * ibmveth: Fix endian issues with MAC addresses - LP: #1311196 * [SCSI] isci: fix reset timeout handling - LP: #1311196 * [SCSI] isci: correct erroneous for_each_isci_host macro - LP: #1311196 * [SCSI] qla2xxx: Poll during initialization for ISP25xx and ISP83xx - LP: #1311196 * ocfs2 syncs the wrong range... - LP: #1311196 * mm/compaction: break out of loop on !PageBuddy in isolate_freepages_block - LP: #1311196 * fs/proc/base.c: fix GPF in /proc/$PID/map_files - LP: #1311196 * vmxnet3: fix netpoll race condition - LP: #1311196 * [SCSI] storvsc: NULL pointer dereference fix - LP: #1311196 * PCI: Enable INTx in pci_reenable_device() only when MSI/MSI-X not enabled - LP: #1311196 * KVM: SVM: fix cr8 intercept window - LP: #1311196 * dm cache: fix truncation bug when copying a block to/from >2TB fast device - LP: #1311196 * dm cache: fix access beyond end of origin device - LP: #1311196 * drm/ttm: don't oops if no invalidate_caches() - LP: #1311196 * drm/radeon/cik: properly set sdma ring status on disable - LP: #1311196 * drm/radeon/cik: stop the sdma engines in the enable() function - LP: #1311196 * drm/radeon/cik: properly set compute ring status on disable - LP: #1311196 * vmxnet3: fix building without CONFIG_PCI_MSI - LP: #1311196 * ACPI / sleep: Add extra checks for HW Reduced ACPI mode sleep states - LP: #1311196 * i2c: Remove usage of orphaned symbol OF_I2C - LP: #1311196 * x86/amd/numa: Fix northbridge quirk to assign correct NUMA node - LP: #1311196 * ipc: Fix 2 bugs in msgrcv() MSG_COPY implementation - LP: #1311196 * MIPS: include linux/types.h - LP: #1311196 * iwlwifi: disable TX AMPDU by default for iwldvm - LP: #1311196 * ARM: 7864/1: Handle 64-bit memory in case of 32-bit phys_addr_t - LP: #1311196 * ARM: ignore memory below PHYS_OFFSET - LP: #1311196 * iscsi/iser-target: Fix isert_conn->state hung shutdown issues - LP: #1311196 * iser-target: Fix post_send_buf_count for RDMA READ/WRITE - LP: #1311196 * memcg: reparent charges of children before processing parent - LP: #1311196 * PNP / ACPI: proper handling of ACPI IO/Memory resource parsing failures - LP: #1311196 * Btrfs: fix data corruption when reading/updating compressed extents - LP: #1311196 * x86, fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU - LP: #1311196 * Fix mountpoint reference leakage in linkat - LP: #1311196 * clocksource: vf_pit_timer: use complement for sched_clock reading - LP: #1311196 * drm/i915: Disable stolen memory when DMAR is active - LP: #1311196 * ALSA: compress: Pass through return value of open ops callback - LP: #1311196 * tracing: Fix array size mismatch in format string - LP: #1311196 * net: davinci_emac: Replace devm_request_irq with request_irq - LP: #1311196 * printk: fix syslog() overflowing user buffer - LP: #1311196 * i2c: cpm: Fix build by adding of_address.h and of_irq.h - LP: #1311196 * net: mvneta: rename MVNETA_GMAC2_PSC_ENABLE to MVNETA_GMAC2_PCS_ENABLE - LP: #1311196 * net: mvneta: fix usage as a module on RGMII configurations - LP: #1311196 * Input: synaptics - add manual min/max quirk - LP: #1311196 * Input: synaptics - add manual min/max quirk for ThinkPad X240 - LP: #1311196 * x86: fix boot on uniprocessor systems - LP: #1311196 * Input: mousedev - fix race when creating mixed device - LP: #1311196 * ext4: atomically set inode->i_flags in ext4_set_inode_flags() - LP: #1311196 * libceph: rename ceph_msg::front_max to front_alloc_len - LP: #1311196 * libceph: rename front to front_len in get_reply() - LP: #1311196 * libceph: fix preallocation check in get_reply() - LP: #1311196 * ASoC: max98090: make REVISION_ID readable - LP: #1311196 * libceph: block I/O when PAUSE or FULL osd map flags are set - LP: #1311196 * libceph: resend all writes after the osdmap loses the full flag - LP: #1311196 * [media] cxusb: unlock on error in cxusb_i2c_xfer() - LP: #1311196 * [media] cx18: check for allocation failure in cx18_read_eeprom() - LP: #1311196 * [media] dw2102: some missing unlocks on error - LP: #1311196 * deb-pkg: Fix cross-building linux-headers package - LP: #1311196 * p54: clamp properly instead of just truncating - LP: #1311196 * x86: bpf_jit: support negative offsets - LP: #1311196 * KVM: x86: handle invalid root_hpa everywhere - LP: #1311196 * can: flexcan: flexcan_remove(): add missing netif_napi_del() - LP: #1311196 * mmc: sdhci: fix lockdep error in tuning routine - LP: #1311196 * HID:hid-lg4ff: Initialize device properties before we touch autocentering. - LP: #1311196 * Linux 3.11.10.7 - LP: #1311196 * Input: cypress_ps2 - don't report as a button pads - LP: #1311196 * netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages - LP: #1311196 * cpufreq: Fix timer/workqueue corruption due to double queueing - LP: #1311196 * futex: Allow architectures to skip futex_atomic_cmpxchg_inatomic() test - LP: #1311196 * m68k: Skip futex_atomic_cmpxchg_inatomic() test - LP: #1311196 * powernow-k6: disable cache when changing frequency - LP: #1311196 * powernow-k6: correctly initialize default parameters - LP: #1311196 * powernow-k6: reorder frequencies - LP: #1311196 * selinux: correctly label /proc inodes in use before the policy is loaded - LP: #1311196 * net: fix for a race condition in the inet frag code - LP: #1311196 * net: sctp: fix skb leakage in COOKIE ECHO path of chunk->auth_chunk - LP: #1311196 * bridge: multicast: add sanity check for query source addresses - LP: #1311196 * inet: frag: make sure forced eviction removes all frags - LP: #1311196 * net: unix: non blocking recvmsg() should not return -EINTR - LP: #1311196 * ipv6: Fix exthdrs offload registration. - LP: #1311196 * ipv6: don't set DST_NOCOUNT for remotely added routes - LP: #1311196 * vlan: Set correct source MAC address with TX VLAN offload enabled - LP: #1311196 * tcp: tcp_release_cb() should release socket ownership - LP: #1311196 * net: socket: error on a negative msg_namelen - LP: #1311196 * ipv6: Avoid unnecessary temporary addresses being generated - LP: #1311196 * ipv6: ip6_append_data_mtu do not handle the mtu of the second fragment properly - LP: #1311196 * vxlan: fix potential NULL dereference in arp_reduce() - LP: #1311196 * rtnetlink: fix fdb notification flags - LP: #1311196 * ipmr: fix mfc notification flags - LP: #1311196 * ip6mr: fix mfc notification flags - LP: #1311196 * netpoll: fix the skb check in pkt_is_ns - LP: #1311196 * tg3: Do not include vlan acceleration features in vlan_features - LP: #1311196 * usbnet: include wait queue head in device structure - LP: #1311196 * vlan: Set hard_header_len according to available acceleration - LP: #1311196 * vhost: fix total length when packets are too short - LP: #1311196 - CVE-2014-0077 * vhost: validate vhost_get_vq_desc return value - LP: #1311196 - CVE-2014-0055 * xen-netback: remove pointless clause from if statement - LP: #1311196 * ipv6: some ipv6 statistic counters failed to disable bh - LP: #1311196 * netlink: don't compare the nul-termination in nla_strcmp - LP: #1311196 * isdnloop: Validate NUL-terminated strings from user. - LP: #1311196 * isdnloop: several buffer overflows - LP: #1311196 * cpuidle: Check the result of cpuidle_get_driver() against NULL - LP: #1311196 * sparc: PCI: Fix incorrect address calculation of PCI Bridge windows on Simba-bridges - LP: #1311196 * sparc32: fix build failure for arch_jump_label_transform - LP: #1311196 * sparc64: don't treat 64-bit syscall return codes as 32-bit - LP: #1311196 * sparc64: Make sure %pil interrupts are enabled during hypervisor yield. - LP: #1311196 * netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len - LP: #1311196 * netfilter: Can't fail and free after table replacement - LP: #1311196 * crypto: ghash-clmulni-intel - use C implementation for setkey() - LP: #1311196 * Linux 3.11.10.8 - LP: #1311196 * net: ipv4: current group_info should be put after using. - CVE-2014-2851 [ Wen-chien Jesse Sung ] * SAUCE: Bluetooth: Give restart command more time to complete its job - LP: #1301908 -- Brad Figg