Ubuntu
linux package

CVE-2014-4014

Bug #1329103 reported by John Johansen on 2014-06-12

256

This bug affects 1 person

	Status	Importance	Assigned to
linux (Ubuntu)	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Trusty	Fix Released	Medium	Unassigned
Vivid	Invalid	Medium	Unassigned
Wily	Invalid	Medium	Unassigned
linux-armadaxp (Ubuntu)	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Trusty	Invalid	Medium	Unassigned
Vivid	Invalid	Medium	Unassigned
Wily	Invalid	Medium	Unassigned
linux-ec2 (Ubuntu)	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Trusty	Invalid	Medium	Unassigned
Vivid	Invalid	Medium	Unassigned
Wily	Invalid	Medium	Unassigned
linux-flo (Ubuntu)	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Vivid	Invalid	Medium	Unassigned
Wily	Invalid	Medium	Unassigned
linux-fsl-imx51 (Ubuntu)	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Trusty	Invalid	Medium	Unassigned
Vivid	Invalid	Medium	Unassigned
Wily	Invalid	Medium	Unassigned
linux-goldfish (Ubuntu)	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Vivid	Invalid	Medium	Unassigned
Wily	Invalid	Medium	Unassigned
linux-lts-backport-maverick (Ubuntu)	Invalid	Undecided	Unassigned
Lucid	Won't Fix	Undecided	Unassigned
Precise	Won't Fix	Undecided	Unassigned
Saucy	Won't Fix	Undecided	Unassigned
Trusty	Won't Fix	Undecided	Unassigned
Utopic	Won't Fix	Undecided	Unassigned
Vivid	New	Undecided	Unassigned
Wily	Invalid	Undecided	Unassigned
linux-lts-backport-natty (Ubuntu)	Invalid	Undecided	Unassigned
Lucid	Won't Fix	Undecided	Unassigned
Precise	Won't Fix	Undecided	Unassigned
Saucy	Won't Fix	Undecided	Unassigned
Trusty	Won't Fix	Undecided	Unassigned
Utopic	Won't Fix	Undecided	Unassigned
Vivid	New	Undecided	Unassigned
Wily	Invalid	Undecided	Unassigned
linux-lts-quantal (Ubuntu)	Invalid	Medium	Unassigned
Precise	Fix Released	Medium	Unassigned
Trusty	Invalid	Medium	Unassigned
Vivid	Invalid	Medium	Unassigned
Wily	Invalid	Medium	Unassigned
linux-lts-raring (Ubuntu)	Invalid	Medium	Unassigned
Precise	Fix Released	Medium	Unassigned
Trusty	Invalid	Medium	Unassigned
Vivid	Invalid	Medium	Unassigned
Wily	Invalid	Medium	Unassigned
linux-lts-saucy (Ubuntu)	Invalid	Medium	Unassigned
Precise	Fix Released	Medium	Unassigned
Trusty	Invalid	Medium	Unassigned
Vivid	Invalid	Medium	Unassigned
Wily	Invalid	Medium	Unassigned
linux-lts-trusty (Ubuntu)
Precise	Fix Released	Medium	Unassigned
linux-lts-utopic (Ubuntu)	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Vivid	Invalid	Medium	Unassigned
Wily	Invalid	Medium	Unassigned
linux-lts-vivid (Ubuntu)	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Vivid	Invalid	Medium	Unassigned
Wily	Invalid	Medium	Unassigned
linux-lts-wily (Ubuntu)	New	Undecided	Unassigned
Precise	Invalid	Medium	Unassigned
Vivid	Invalid	Medium	Unassigned
Wily	Invalid	Medium	Unassigned
linux-lts-xenial (Ubuntu)	New	Undecided	Unassigned
Precise	Invalid	Medium	Unassigned
Vivid	New	Undecided	Unassigned
Wily	Invalid	Medium	Unassigned
linux-mako (Ubuntu)	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Vivid	Invalid	Medium	Unassigned
Wily	Invalid	Medium	Unassigned
linux-manta (Ubuntu)	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Vivid	Invalid	Medium	Unassigned
Wily	Invalid	Medium	Unassigned
linux-mvl-dove (Ubuntu)	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Trusty	Invalid	Medium	Unassigned
Vivid	Invalid	Medium	Unassigned
Wily	Invalid	Medium	Unassigned
linux-raspi2 (Ubuntu)	New	Undecided	Unassigned
Precise	Invalid	Medium	Unassigned
Vivid	Invalid	Medium	Unassigned
Wily	Invalid	Medium	Unassigned
linux-ti-omap4 (Ubuntu)	Invalid	Medium	Unassigned
Precise	Invalid	Medium	Unassigned
Trusty	Invalid	Medium	Unassigned
Vivid	Invalid	Medium	Unassigned
Wily	Invalid	Medium	Unassigned

Bug Description

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

Break-Fix: 1a48e2ac034d47ed843081c4523b63c46b46888b 23adbe12ef7d3d4195e80800ab36b37bee28cd03

See original description

Tags:

CVE References

Revision history for this message

John Johansen (jjohansen) wrote on 2014-06-12:

CVE-2014-4014

tags:	added: kernel-cve-tracking-bug
information type:	Public → Public Security
Changed in linux-armadaxp (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-armadaxp (Ubuntu Trusty):
status:	New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-armadaxp (Ubuntu Utopic):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Trusty):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Utopic):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Trusty):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Utopic):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Trusty):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Utopic):
status:	New → Invalid
Changed in linux-lts-saucy (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-lts-saucy (Ubuntu Trusty):
status:	New → Invalid
Changed in linux-lts-saucy (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-lts-saucy (Ubuntu Utopic):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Trusty):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Utopic):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Trusty):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Utopic):
status:	New → Invalid
Changed in linux-lts-raring (Ubuntu Saucy):
status:	New → Invalid
Changed in linux-lts-raring (Ubuntu Trusty):
status:	New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-lts-raring (Ubuntu Utopic):
status:	New → Invalid
description:	updated
Changed in linux-armadaxp (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Utopic):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Utopic):
importance:	Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Utopic):
importance:	Undecided → Medium

John Johansen (jjohansen) on 2014-06-12

Changed in linux-mvl-dove (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Utopic):
importance:	Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Utopic):
importance:	Undecided → Medium
Changed in linux (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux (Ubuntu Utopic):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Utopic):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Utopic):
importance:	Undecided → Medium
Changed in linux-lts-raring (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-lts-raring (Ubuntu Saucy):
importance:	Undecided → Medium
Changed in linux-lts-raring (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux-lts-raring (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-lts-raring (Ubuntu Utopic):
importance:	Undecided → Medium

Jamie Strandboge (jdstrand) on 2014-06-26

Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status:	New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status:	New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status:	New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Precise):
status:	New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Saucy):
status:	New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Saucy):
status:	New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Trusty):
status:	New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Trusty):
status:	New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Utopic):
status:	New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Utopic):
status:	New → Won't Fix

John Johansen (jjohansen) on 2014-06-27

Changed in linux-lts-quantal (Ubuntu Precise):
status:	New → Fix Committed
Changed in linux (Ubuntu Utopic):
status:	New → Fix Committed
Changed in linux-lts-raring (Ubuntu Precise):
status:	New → Fix Committed
description:	updated

John Johansen (jjohansen) on 2014-07-01

Changed in linux (Ubuntu Saucy):
status:	New → Fix Committed

John Johansen (jjohansen) on 2014-07-08

Changed in linux-lts-saucy (Ubuntu Precise):
status:	New → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-07-16:

This bug was fixed in the package linux-lts-quantal - 3.5.0-54.81~precise1

---------------
linux-lts-quantal (3.5.0-54.81~precise1) precise; urgency=low

[ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux-lts-quantal (3.5.0-54.80~precise1) precise; urgency=low

[ Luis Henriques ]

  * Merged back Ubuntu-lts-3.5.0-52.79 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338611

[ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux-lts-quantal (3.5.0-53.79~precise1) precise; urgency=low

[ Joseph Salisbury ]

* Release Tracking Bug
- LP: #1336400

[ Upstream Kernel Changes ]

  * skbuff: export skb_copy_ubufs
    - LP: #1298119
    - CVE-2014-0131
  * skbuff: add an api to orphan frags
    - LP: #1298119
    - CVE-2014-0131
  * skbuff: skb_segment: orphan frags before copying
    - LP: #1298119
    - CVE-2014-0131
  * media-device: fix infoleak in ioctl media_enum_entities()
    - LP: #1333609
    - CVE-2014-1739
  * auditsc: audit_krule mask accesses need bounds checking
    - LP: #1325941
    - CVE-2014-3917
  * userns: Allow chown and setgid preservation
    - LP: #1329103
    - CVE-2014-4014
  * fs,userns: Change inode_capable to capable_wrt_inode_uidgid
    - LP: #1329103
    - CVE-2014-4014
  * target/rd: Refactor rd_build_device_space + rd_release_device_space
    - LP: #1333612
    - CVE-2014-4027
  * lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c
    - CVE-2014-4608
  * lib/lzo: Update LZO compression to current upstream version
    - CVE-2014-4608
  * lzo: properly check for overruns
    - CVE-2014-4608
-- Luis Henriques <email address hidden> Mon, 14 Jul 2014 15:28:36 +0100

Changed in linux-lts-quantal (Ubuntu Precise):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-07-16:

Download full text (15.7 KiB)

This bug was fixed in the package linux-lts-raring - 3.8.0-44.66~precise1

---------------
linux-lts-raring (3.8.0-44.66~precise1) precise; urgency=low

[ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux-lts-raring (3.8.0-44.65~precise1) precise; urgency=low

[ Luis Henriques ]

  * Merged back Ubuntu-lts-3.8.0-42.63 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338579

[ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux-lts-raring (3.8.0-43.64~precise1) precise; urgency=low

[ Kamal Mostafa ]

  * Revert "ARM: OMAP3: clock: Back-propagate rate change from
    cam_mclk to dpll4_m5 on all OMAP3 platforms"
  * Release Tracking Bug
    - re-used previous tracking bug

linux-lts-raring (3.8.0-43.63~precise1) precise; urgency=low

[ Kamal Mostafa ]

  * [Config] add debian/gbp.conf
  * Release Tracking Bug
    - LP: #1335912

[ Upstream Kernel Changes ]

This bug was fixed in the package linux-lts-raring - 3.8.0-44.66~precise1

---------------
linux-lts-raring (3.8.0-44.66~precise1) precise; urgency=low

[ Upstream Kernel Changes ]

* l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux-lts-raring (3.8.0-44.65~precise1) precise; urgency=low

[ Luis Henriques ]

* Merged back Ubuntu-lts-3.8.0-42.63 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338579

[ Upstream Kernel Changes ]

* ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux-lts-raring (3.8.0-43.64~precise1) precise; urgency=low

[ Kamal Mostafa ]

* Revert "ARM: OMAP3: clock: Back-propagate rate change from
    cam_mclk to dpll4_m5 on all OMAP3 platforms"
  * Release Tracking Bug
    - re-used previous tracking bug

linux-lts-raring (3.8.0-43.63~precise1) precise; urgency=low

[ Kamal Mostafa ]

* [Config] add debian/gbp.conf
  * Release Tracking Bug
    - LP: #1335912

[ Upstream Kernel Changes ]

* Revert "USB: serial: add usbid for dell wwan card to sierra.c"
    - LP: #1333900
  * Revert "macvlan : fix checksums error when we are in bridge mode"
    - LP: #1333900
  * auditsc: audit_krule mask accesses need bounds checking
    - LP: #1325941
    - CVE-2014-3917
  * fs, userns: Change inode_capable to capable_wrt_inode_uidgid
    - LP: #1329103
    - CVE-2014-4014
  * ACPI / EC: Clear stale EC events on Samsung systems
    - LP: #1333900
  * ACPI / EC: Process rather than discard events in acpi_ec_clear
    - LP: #1333900
  * mac80211: fix software remain-on-channel implementation
    - LP: #1333900
  * mac80211: exclude AP_VLAN interfaces from tx power calculation
    - LP: #1333900
  * parisc: fix epoll_pwait syscall on compat kernel
    - LP: #1333900
  * ALSA: hda/realtek - Add support of ALC288 codec
    - LP: #1333900
  * user namespace: fix incorrect memory barriers
    - LP: #1333900
  * mlx4_en: don't use napi_synchronize inside mlx4_en_netpoll
    - LP: #1333900
  * mei: ignore client writing state during cb completion
    - LP: #1333900
  * staging: r8712u: Fix case where ethtype was never obtained and always
    be checked against 0
    - LP: #1333900
  * USB: serial: ftdi_sio: add id for Brainboxes serial cards
    - LP: #1333900
  * usb: option driver, add support for Telit UE910v2
    - LP: #1333900
  * USB: cp210x: Add 8281 (Nanotec Plug & Drive)
    - LP: #1333900
  * USB: pl2303: add ids for Hewlett-Packard HP POS pole displays
    - LP: #1333900
  * USB: usb_wwan: fix handling of missing bulk endpoints
    - LP: #1333900
  * USB: fix crash during hotplug of PCI USB controller card
    - LP: #1333900
  * USB: cdc-acm: Remove Motorola/Telit H24 serial interfaces from ACM
    driver
    - LP: #1333900
  * drm/radeon: memory leak on bo reservation failure. v2
    - LP: #1333900
  * drm/radeon/si: make sure mc ucode is loaded before checking the size
    - LP: #1333900
  * mm/hugetlb.c: add cond_resched_lock() in return_unused_surplus_pages()
    - LP: #1333900
  * mm: use paravirt friendly ops for NUMA hinting ptes
    - LP: #1333900
  * iio: querying buffer scan_mask should return 0/1
    - LP: #1333900
  * pata_at91: fix ata_host_activate() failure handling
    - LP: #1333900
  * ext4: note the error in ext4_end_bio()
    - LP: #1333900
  * ext4: fix jbd2 warning under heavy xattr load
    - LP: #1333900
  * ext4: use i_size_read in ext4_unaligned_aio()
    - LP: #1333900
  * locks: allow __break_lease to sleep even when break_time is 0
    - LP: #1333900
  * genirq: Allow forcing cpu affinity of interrupts
    - LP: #1333900
  * nfsd: set timeparms.to_maxval in setup_callback_client
    - LP: #1333900
  * libata/ahci: accommodate tag ordered controllers
    - LP: #1333900
  * Input: synaptics - add min/max quirk for ThinkPad T431s, L440, L540, S1
    Yoga and X1
    - LP: #1333900
  * drm/radeon: fix ATPX detection on non-VGA GPUs
    - LP: #1333900
  * mm: make fixup_user_fault() check the vma access rights too
    - LP: #1333900
  * ARM: 8027/1: fix do_div() bug in big-endian systems
    - LP: #1333900
  * ARM: 8030/1: ARM : kdump : add arch_crash_save_vmcoreinfo
    - LP: #1333900
  * USB: serial: fix sysfs-attribute removal deadlock
    - LP: #1333900
  * Btrfs: fix inode caching vs tree log
    - LP: #1333900
  * xhci: Switch Intel Lynx Point ports to EHCI on shutdown.
    - LP: #1333900
  * USB: io_ti: fix firmware download on big-endian machines
    - LP: #1333900
  * usb: qcserial: add Sierra Wireless EM7355
    - LP: #1333900
  * usb: qcserial: add Sierra Wireless MC73xx
    - LP: #1333900
  * usb: qcserial: add Sierra Wireless MC7305/MC7355
    - LP: #1333900
  * usb: option: add Olivetti Olicard 500
    - LP: #1333900
  * usb: option: add Alcatel L800MA
    - LP: #1333900
  * usb: option: add and update a number of CMOTech devices
    - LP: #1333900
  * list: introduce list_next_entry() and list_prev_entry()
    - LP: #1333900
  * net: sctp: wake up all assocs if sndbuf policy is per socket
    - LP: #1333900
  * net: sctp: test if association is dead in sctp_wake_up_waiters
    - LP: #1333900
  * l2tp: take PMTU from tunnel UDP socket
    - LP: #1333900
  * net: core: don't account for udp header size when computing seglen
    - LP: #1333900
  * bonding: Remove debug_fs files when module init fails
    - LP: #1333900
  * ipv6: Limit mtu to 65575 bytes
    - LP: #1333900
  * ipv4: return valid RTA_IIF on ip route get
    - LP: #1333900
  * filter: prevent nla extensions to peek beyond the end of the message
    - LP: #1333900
  * ip6_gre: don't allow to remove the fb_tunnel_dev
    - LP: #1333900
  * vlan: Fix lockdep warning when vlan dev handle notification
    - LP: #1333900
  * tg3: update rx_jumbo_pending ring param only when jumbo frames are
    enabled
    - LP: #1333900
  * net: sctp: cache auth_enable per endpoint
    - LP: #1333900
  * rtnetlink: Warn when interface's information won't fit in our packet
    - LP: #1333900
  * rtnetlink: Only supply IFLA_VF_PORTS information when RTEXT_FILTER_VF
    is set
    - LP: #1333900
  * ipv6: fib: fix fib dump restart
    - LP: #1333900
  * bridge: Handle IFLA_ADDRESS correctly when creating bridge device
    - LP: #1333900
  * sctp: reset flowi4_oif parameter on route lookup
    - LP: #1333900
  * tcp_cubic: fix the range of delayed_ack
    - LP: #1333900
  * net: ipv4: ip_forward: fix inverted local_df test
    - LP: #1333900
  * netfilter: ipv4: defrag: set local_df flag on defragmented skb
    - LP: #1333900
  * net: ipv6: send pkttoobig immediately if orig frag size > mtu
    - LP: #1333900
  * ipv4: fib_semantics: increment fib_info_cnt after fib_info allocation
    - LP: #1333900
  * net: cdc_mbim: handle unaccelerated VLAN tagged frames
    - LP: #1333900
  * macvlan: Don't propagate IFF_ALLMULTI changes on down interfaces.
    - LP: #1333900
  * ip6_tunnel: fix potential NULL pointer dereference
    - LP: #1333900
  * ipv4: initialise the itag variable in __mkroute_input
    - LP: #1333900
  * net-gro: reset skb->truesize in napi_reuse_skb()
    - LP: #1333900
  * net: qmi_wwan: fixup Sierra Wireless MC8305 entry
    - LP: #1333900
  * net: qmi_wwan: add Option GTM681W
    - LP: #1333900
  * net: qmi_wwan: add TP-LINK MA260
    - LP: #1333900
  * qmi_wwan: add ONDA MT689DC device ID (fwd)
    - LP: #1333900
  * net: qmi_wwan: add Telit LE920 newer firmware support
    - LP: #1333900
  * net: qmi_wwan: fix Cinterion PLXX product ID
    - LP: #1333900
  * net: qmi_wwan: Olivetti Olicard 200 support
    - LP: #1333900
  * net: qmi_wwan: add ZTE MF667
    - LP: #1333900
  * net: qmi_wwan: add support for Cinterion PXS8 and PHS8
    - LP: #1333900
  * net: qmi_wwan: add Sierra Wireless EM7355
    - LP: #1333900
  * net: qmi_wwan: add Sierra Wireless MC73xx
    - LP: #1333900
  * net: qmi_wwan: add Sierra Wireless MC7305/MC7355
    - LP: #1333900
  * net: qmi_wwan: add Olivetti Olicard 500
    - LP: #1333900
  * net: qmi_wwan: add Alcatel L800MA
    - LP: #1333900
  * net: qmi_wwan: add a number of CMOTech devices
    - LP: #1333900
  * net: qmi_wwan: add a number of Dell devices
    - LP: #1333900
  * xhci: For streams the css flag most be read from the stream-ctx on ep
    stop
    - LP: #1333900
  * usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb
    - LP: #1333900
  * skbuff: skb_segment: orphan frags before copying
    - LP: #1298119, #1333900
    - CVE-2014-0131
  * drm/vmwgfx: Make sure user-space can't DMA across buffer object
    boundaries v2
    - LP: #1333900
  * s390/bpf,jit: initialize A register if 1st insn is BPF_S_LDX_B_MSH
    - LP: #1333900
  * ftrace/module: Hardcode ftrace_module_init() call into load_module()
    - LP: #1333900
  * [SCSI] mpt2sas: Don't disable device twice at suspend.
    - LP: #1333900
  * drivercore: deferral race condition fix
    - LP: #1333900
  * hrtimer: Prevent all reprogramming if hang detected
    - LP: #1333900
  * hrtimer: Prevent remote enqueue of leftmost timers
    - LP: #1333900
  * timer: Prevent overflow in apply_slack
    - LP: #1333900
  * rt2x00: fix beaconing on USB
    - LP: #1333900
  * Input: synaptics - add min/max quirk for ThinkPad Edge E431
    - LP: #1333900
  * Bluetooth: Fix triggering BR/EDR L2CAP Connect too early
    - LP: #1333900
  * Bluetooth: Add support for Lite-on [04ca:3007]
    - LP: #1333900
  * drm/i915: Break encoder->crtc link separately in intel_sanitize_crtc()
    - LP: #1333900
  * rtl8192cu: Fix unbalanced irq enable in error path of rtl92cu_hw_init()
    - LP: #1333900
  * drm/nouveau/acpi: allow non-optimus setups to load vbios from acpi
    - LP: #1333900
  * ALSA: usb-audio: work around corrupted TEAC UD-H01 feedback data
    - LP: #1333900
  * usb: qcserial: add a number of Dell devices
    - LP: #1333900
  * usb: storage: shuttle_usbat: fix discs being detected twice
    - LP: #1333900
  * fsl-usb: do not test for PHY_CLK_VALID bit on controller version 1.6
    - LP: #1333900
  * drivers/tty/hvc: don't free hvc_console_setup after init
    - LP: #1333900
  * USB: Nokia 305 should be treated as unusual dev
    - LP: #1333900
  * USB: Nokia 5300 should be treated as unusual dev
    - LP: #1333900
  * HID: add NO_INIT_REPORTS quirk for Synaptics Touch Pad V 103S
    - LP: #1333900
  * Input: elantech - fix touchpad initialization on Gigabyte U2442
    - LP: #1333900
  * posix_acl: handle NULL ACL in posix_acl_equiv_mode
    - LP: #1333900
  * mm/compaction: make isolate_freepages start at pageblock boundary
    - LP: #1333900
  * Linux 3.8.13.24
    - LP: #1333900
  * lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c
    - CVE-2014-4608
  * lib/lzo: Update LZO compression to current upstream version
    - CVE-2014-4608
  * lzo: properly check for overruns
    - CVE-2014-4608
  * percpu: make pcpu_alloc_chunk() use pcpu_mem_free() instead of kfree()
    - LP: #1335893
  * [media] fc2580: fix tuning failure on 32-bit arch
    - LP: #1335893
  * crypto: caam - add allocation failure handling in SPRINTFCAT macro
    - LP: #1335893
  * [media] media-device: fix infoleak in ioctl media_enum_entities()
    - LP: #1335893
  * md: avoid possible spinning md thread at shutdown.
    - LP: #1335893
  * NFSd: call rpc_destroy_wait_queue() from free_client()
    - LP: #1335893
  * genirq: Provide irq_force_affinity fallback for non-SMP
    - LP: #1335893
  * ACPI / blacklist: Add dmi_enable_osi_linux quirk for Asus EEE PC 1015PX
    - LP: #1335893
  * NFSD: Call ->set_acl with a NULL ACL structure if no entries
    - LP: #1335893
  * ARM: dts: i.MX53: Fix ipu register space size
    - LP: #1335893
  * mm, thp: close race between mremap() and split_huge_page()
    - LP: #1335893
  * hrtimer: Set expiry time before switch_hrtimer_base()
    - LP: #1335893
  * hwmon: (emc1403) fix inverted store_hyst()
    - LP: #1335893
  * hwmon: (emc1403) Support full range of known chip revision numbers
    - LP: #1335893
  * iommu/amd: Fix interrupt remapping for aliased devices
    - LP: #1335893
  * ASoC: wm8962: Update register CLASS_D_CONTROL_1 to be non-volatile
    - LP: #1335893
  * [media] V4L2: ov7670: fix a wrong index, potentially Oopsing the kernel
    from user-space
    - LP: #1335893
  * [media] V4L2: fix VIDIOC_CREATE_BUFS in 64- / 32-bit compatibility mode
    - LP: #1335893
  * x86, mm, hugetlb: Add missing TLB page invalidation for hugetlb_cow()
    - LP: #1335893
  * i2c: designware: Mask all interrupts during i2c controller enable
    - LP: #1335893
  * i2c: s3c2410: resume race fix
    - LP: #1335893
  * i2c: rcar: bail out on zero length transfers
    - LP: #1335893
  * dm crypt: fix cpu hotplug crash by removing per-cpu structure
    - LP: #1335893
  * x86-64, modify_ldt: Make support for 16-bit segments a runtime option
    - LP: #1335893
  * PCI: shpchp: Check bridge's secondary (not primary) bus speed
    - LP: #1335893
  * libceph: fix corruption when using page_count 0 page in rbd
    - LP: #1335893
  * sched: Sanitize irq accounting madness
    - LP: #1335893
  * sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri check
    - LP: #1335893
  * net: cpsw: fix null dereference at probe
    - LP: #1335893
  * perf: Limit perf_event_attr::sample_period to 63 bits
    - LP: #1335893
  * perf: Prevent false warning in perf_swevent_add
    - LP: #1335893
  * drm/radeon: also try GART for CPU accessed buffers
    - LP: #1335893
  * drm/radeon: handle non-VGA class pci devices with ATRM
    - LP: #1335893
  * drm/radeon: avoid segfault on device open when accel is not working.
    - LP: #1335893
  * can: peak_pci: prevent use after free at netdev removal
    - LP: #1335893
  * nfsd4: remove lockowner when removing lock stateid
    - LP: #1335893
  * nfsd4: warn on finding lockowner without stateid's
    - LP: #1335893
  * dma: mv_xor: Flush descriptors before activating a channel
    - LP: #1335893
  * hwpoison, hugetlb: lock_page/unlock_page does not match for handling a
    free hugepage
    - LP: #1335893
  * mm/memory-failure.c: fix memory leak by race between poison and
    unpoison
    - LP: #1335893
  * ARM: OMAP3: clock: Back-propagate rate change from cam_mclk to dpll4_m5
    on all OMAP3 platforms
    - LP: #1335893
  * Input: synaptics - add min/max quirk for the ThinkPad W540
    - LP: #1335893
  * futex: Add another early deadlock detection check
    - LP: #1335893
  * futex: Prevent attaching to kernel threads
    - LP: #1335893
  * ARM: imx: fix error handling in ipu device registration
    - LP: #1335893
  * sched/deadline: Change sched_getparam() behaviour vs SCHED_DEADLINE
    - LP: #1335893
  * ALSA: hda - Fix onboard audio on Intel H97/Z97 chipsets
    - LP: #1335893
  * ARM: 8051/1: put_user: fix possible data corruption in put_user
    - LP: #1335893
  * Input: synaptics - T540p - unify with other LEN0034 models
    - LP: #1335893
  * powerpc: Fix 64 bit builds with binutils 2.24
    - LP: #1335893
  * Staging: speakup: Move pasting into a work item
    - LP: #1335893
  * USB: Avoid runtime suspend loops for HCDs that can't handle
    suspend/resume
    - LP: #1335893
  * USB: io_ti: fix firmware download on big-endian machines (part 2)
    - LP: #1335893
  * USB: ftdi_sio: add NovaTech OrionLXm product ID
    - LP: #1335893
  * USB: serial: option: add support for Novatel E371 PCIe card
    - LP: #1335893
  * md: always set MD_RECOVERY_INTR when aborting a reshape or other
    "resync".
    - LP: #1335893
  * xhci: delete endpoints from bandwidth list before freeing whole device
    - LP: #1335893
  * ALSA: hda/realtek - Correction of fixup codes for PB V7900 laptop
    - LP: #1335893
  * ALSA: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup
    - LP: #1335893
  * target: Fix alua_access_state attribute OOPs for un-configured devices
    - LP: #1335893
  * mm: rmap: fix use-after-free in __put_anon_vma
    - LP: #1335893
  * Linux 3.8.13.25
    - LP: #1335893
 -- Luis Henriques <luis.henriques@canonical.com>   Mon, 14 Jul 2014 14:52:11 +0100

Changed in linux-lts-raring (Ubuntu Precise):
status:	Fix Committed → Fix Released

John Johansen (jjohansen) on 2014-07-23

no longer affects:	linux-armadaxp (Ubuntu Saucy)
no longer affects:	linux-ec2 (Ubuntu Saucy)
no longer affects:	linux-lts-saucy (Ubuntu Saucy)
no longer affects:	linux-lts-quantal (Ubuntu Saucy)
no longer affects:	linux-mvl-dove (Ubuntu Saucy)
no longer affects:	linux (Ubuntu Saucy)
no longer affects:	linux-fsl-imx51 (Ubuntu Saucy)
no longer affects:	linux-ti-omap4 (Ubuntu Saucy)
no longer affects:	linux-lts-raring (Ubuntu Saucy)
Changed in linux-lts-saucy (Ubuntu Precise):
status:	Fix Committed → Fix Released

John Johansen (jjohansen) on 2014-07-29

Changed in linux (Ubuntu Trusty):
status:	New → Fix Committed

John Johansen (jjohansen) on 2014-08-28

Changed in linux-armadaxp (Ubuntu Precise):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Lucid):
status:	New → Invalid
Changed in linux (Ubuntu Precise):
status:	New → Invalid
Changed in linux (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status:	New → Invalid
description:	updated

Mathew Hodson (mhodson) on 2015-03-29

Changed in linux (Ubuntu):
status:	Fix Committed → Invalid
Changed in linux (Ubuntu Trusty):
status:	Fix Committed → Fix Released
Changed in linux (Ubuntu Utopic):
status:	Fix Committed → Invalid
Changed in linux-lts-backport-maverick (Ubuntu):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu):
status:	New → Invalid
Changed in linux-lts-trusty (Ubuntu Precise):
status:	New → Fix Released
no longer affects:	linux-lts-trusty (Ubuntu)
no longer affects:	linux-lts-trusty (Ubuntu Lucid)
no longer affects:	linux-lts-trusty (Ubuntu Trusty)

Mathew Hodson (mhodson) on 2015-03-29

no longer affects:

linux-lts-trusty (Ubuntu Utopic)

John Johansen (jjohansen) on 2015-05-08

no longer affects:	linux-armadaxp (Ubuntu Lucid)
no longer affects:	linux-ec2 (Ubuntu Lucid)
no longer affects:	linux-lts-saucy (Ubuntu Lucid)
no longer affects:	linux-lts-quantal (Ubuntu Lucid)
no longer affects:	linux-mvl-dove (Ubuntu Lucid)
no longer affects:	linux (Ubuntu Lucid)
no longer affects:	linux-fsl-imx51 (Ubuntu Lucid)
no longer affects:	linux-ti-omap4 (Ubuntu Lucid)
no longer affects:	linux-lts-raring (Ubuntu Lucid)
Changed in linux-lts-trusty (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-lts-raring (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-manta (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-manta (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-manta (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-lts-vivid (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-lts-vivid (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-lts-vivid (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-mako (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-mako (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-mako (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-goldfish (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-goldfish (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-goldfish (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-flo (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-flo (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-flo (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → Medium

Steve Beattie (sbeattie) on 2015-12-03

no longer affects:	linux-armadaxp (Ubuntu Utopic)
no longer affects:	linux-ec2 (Ubuntu Utopic)
no longer affects:	linux-lts-saucy (Ubuntu Utopic)
no longer affects:	linux-lts-quantal (Ubuntu Utopic)
no longer affects:	linux-mvl-dove (Ubuntu Utopic)
no longer affects:	linux-ti-omap4 (Ubuntu Utopic)
no longer affects:	linux (Ubuntu Utopic)
no longer affects:	linux-fsl-imx51 (Ubuntu Utopic)
no longer affects:	linux-lts-raring (Ubuntu Utopic)
Changed in linux-lts-wily (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-lts-wily (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-lts-wily (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-raspi2 (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-raspi2 (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-raspi2 (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → Medium

Steve Beattie (sbeattie) on 2016-02-10

Changed in linux-lts-xenial (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-lts-xenial (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → Medium

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

CVE-2014-4014

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package