CVE-2014-4943

Bug #1341472 reported by Luis Henriques on 2014-07-14
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-armadaxp (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-ec2 (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-flo (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-fsl-imx51 (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-goldfish (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-lts-quantal (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-lts-raring (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-lts-saucy (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-lts-trusty (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-lts-utopic (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-lts-vivid (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-mako (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-manta (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-mvl-dove (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-raspi2 (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned
linux-ti-omap4 (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
High
Unassigned
Vivid
High
Unassigned
Wily
High
Unassigned
Xenial
High
Unassigned

Bug Description

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.

Break-Fix: - 3cf521f7dc87c031617fd47e4b7aa2593c2f3daf

Andy Whitcroft (apw) on 2014-07-14
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Saucy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-trusty (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-trusty (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-trusty (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-trusty (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-64.128

---------------
linux (2.6.32-64.128) lucid; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux (2.6.32-64.127) lucid; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-2.6.32-62.126 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338946

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux (2.6.32-63.126) lucid; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1335875

  [ Upstream Kernel Changes ]

  * net: check net.core.somaxconn sysctl values
    - LP: #1321293
  * sysctl net: Keep tcp_syn_retries inside the boundary
    - LP: #1321293
  * ethtool: Report link-down while interface is down
    - LP: #1335049
  * futex: Prevent attaching to kernel threads
    - LP: #1335049
  * auditsc: audit_krule mask accesses need bounds checking
    - LP: #1335049
  * net: fix regression introduced in 2.6.32.62 by sysctl fixes
    - LP: #1335049
  * Linux 2.6.32.63
    - LP: #1335049
  * lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c
    - LP: #1335313
    - CVE-2014-4608
  * lib/lzo: Update LZO compression to current upstream version
    - LP: #1335313
    - CVE-2014-4608
  * lzo: properly check for overruns
    - LP: #1335313
    - CVE-2014-4608
 -- Luis Henriques <email address hidden> Mon, 14 Jul 2014 16:33:33 +0100

Changed in linux (Ubuntu Lucid):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ec2 - 2.6.32-368.84

---------------
linux-ec2 (2.6.32-368.84) lucid; urgency=low

  [ Andy Whitcroft ]

  * pull in missing CVE changelog
  * Ubuntu-2.6.32-368.84

  [ Ubuntu: 2.6.32-64.128 ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux-ec2 (2.6.32-368.83) lucid; urgency=low

  [ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-64.127
  * Release Tracking Bug
    - LP: #1339215

  [ Ubuntu: 2.6.32-64.127 ]

  * Merged back Ubuntu-2.6.32-62.126 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux-ec2 (2.6.32-367.82) lucid; urgency=low

  [ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-63.126
  * Release Tracking Bug
    - LP: #1336142

  [ Ubuntu: 2.6.32-63.126 ]

  * net: check net.core.somaxconn sysctl values
    - LP: #1321293
  * sysctl net: Keep tcp_syn_retries inside the boundary
    - LP: #1321293
  * ethtool: Report link-down while interface is down
    - LP: #1335049
  * futex: Prevent attaching to kernel threads
    - LP: #1335049
  * auditsc: audit_krule mask accesses need bounds checking
    - LP: #1335049
  * net: fix regression introduced in 2.6.32.62 by sysctl fixes
    - LP: #1335049
  * Linux 2.6.32.63
    - LP: #1335049
  * lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c
    - LP: #1335313
    - CVE-2014-4608
  * lib/lzo: Update LZO compression to current upstream version
    - LP: #1335313
    - CVE-2014-4608
  * lzo: properly check for overruns
    - LP: #1335313
    - CVE-2014-4608
 -- Andy Whitcroft <email address hidden> Mon, 14 Jul 2014 17:31:51 +0100

Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.2.0-67.101

---------------
linux (3.2.0-67.101) precise; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux (3.2.0-67.100) precise; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-3.2.0-65.99 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338654

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux (3.2.0-66.99) precise; urgency=low

  * Release Tracking Bug
    - LP: #1335906

  [ Upstream Kernel Changes ]

  * skbuff: export skb_copy_ubufs
    - LP: #1298119
    - CVE-2014-0131
  * skbuff: add an api to orphan frags
    - LP: #1298119
    - CVE-2014-0131
  * skbuff: skb_segment: orphan frags before copying
    - LP: #1298119
    - CVE-2014-0131
  * lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c
    - CVE-2014-4608
  * lib/lzo: Update LZO compression to current upstream version
    - CVE-2014-4608
  * lzo: properly check for overruns
    - CVE-2014-4608
  * KVM: x86 emulator: add support for vector alignment
    - LP: #1330177
  * KVM: x86: emulate movdqa
    - LP: #1330177
 -- Luis Henriques <email address hidden> Mon, 14 Jul 2014 16:07:35 +0100

Changed in linux (Ubuntu Precise):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-quantal - 3.5.0-54.81~precise1

---------------
linux-lts-quantal (3.5.0-54.81~precise1) precise; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux-lts-quantal (3.5.0-54.80~precise1) precise; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-lts-3.5.0-52.79 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338611

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux-lts-quantal (3.5.0-53.79~precise1) precise; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1336400

  [ Upstream Kernel Changes ]

  * skbuff: export skb_copy_ubufs
    - LP: #1298119
    - CVE-2014-0131
  * skbuff: add an api to orphan frags
    - LP: #1298119
    - CVE-2014-0131
  * skbuff: skb_segment: orphan frags before copying
    - LP: #1298119
    - CVE-2014-0131
  * media-device: fix infoleak in ioctl media_enum_entities()
    - LP: #1333609
    - CVE-2014-1739
  * auditsc: audit_krule mask accesses need bounds checking
    - LP: #1325941
    - CVE-2014-3917
  * userns: Allow chown and setgid preservation
    - LP: #1329103
    - CVE-2014-4014
  * fs,userns: Change inode_capable to capable_wrt_inode_uidgid
    - LP: #1329103
    - CVE-2014-4014
  * target/rd: Refactor rd_build_device_space + rd_release_device_space
    - LP: #1333612
    - CVE-2014-4027
  * lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c
    - CVE-2014-4608
  * lib/lzo: Update LZO compression to current upstream version
    - CVE-2014-4608
  * lzo: properly check for overruns
    - CVE-2014-4608
 -- Luis Henriques <email address hidden> Mon, 14 Jul 2014 15:28:36 +0100

Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (7.9 KiB)

This bug was fixed in the package linux-lts-saucy - 3.11.0-26.45~precise1

---------------
linux-lts-saucy (3.11.0-26.45~precise1) precise; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux (3.11.0-26.44) saucy; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-3.11.0-24.42 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338556

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux (3.11.0-25.43) saucy; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1336203

  [ Upstream Kernel Changes ]

  * cfg80211: free sme on connection failures
    - LP: #1335084
  * sched: Sanitize irq accounting madness
    - LP: #1335084
  * sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri check
    - LP: #1335084
  * net: cpsw: fix null dereference at probe
    - LP: #1335084
  * mac80211: fix suspend vs. association race
    - LP: #1335084
  * mac80211: fix on-channel remain-on-channel
    - LP: #1335084
  * af_iucv: wrong mapping of sent and confirmed skbs
    - LP: #1335084
  * net: filter: s390: fix JIT address randomization
    - LP: #1335084
  * perf: Limit perf_event_attr::sample_period to 63 bits
    - LP: #1335084
  * perf: Prevent false warning in perf_swevent_add
    - LP: #1335084
  * drm/gf119-/disp: fix nasty bug which can clobber SOR0's clock setup
    - LP: #1335084
  * drm/radeon: also try GART for CPU accessed buffers
    - LP: #1335084
  * drm/radeon: handle non-VGA class pci devices with ATRM
    - LP: #1335084
  * drm/radeon: fix register typo on si
    - LP: #1335084
  * drm/radeon: avoid segfault on device open when accel is not working.
    - LP: #1335084
  * can: peak_pci: prevent use after free at netdev removal
    - LP: #1335084
  * nfsd4: remove lockowner when removing lock stateid
    - LP: #1335084
  * nfsd4: warn on finding lockowner without stateid's
    - LP: #1335084
  * hwpoison, hugetlb: lock_page/unlock_page does not match for handling a
    free hugepage
    - LP: #1335084
  * mm/memory-failure.c: fix memory leak by race between poison and
    unpoison
    - LP: #1335084
  * netfilter: ipv4: defrag: set local_df flag on defragmented skb
    - LP: #1335084
  * ARM: OMAP3: clock: Back-propagate rate change from cam_mclk to dpll4_m5
    on all OMAP3 platforms
    - LP: #1335084
  * dma: dw: allow shared interrupts
    - LP: #1335084
  * dmaengine: dw: went back to plain {request,free}_irq() calls
    - LP: #1335084
  * ARM: omap5: hwmod_data: Correct IDLEMODE for McPDM
    - LP: #1335084
  * Input: synaptics - add min/max quirk for the ThinkPad W540
    - LP: #1335084
  * futex: Add another early deadlock detection check
    - LP: #1335084
  * futex: Prevent attaching to kernel threads
    - LP: #1335084
  * ARM: OMAP4: Fix the boot regression with CPU_IDLE enabled
    - LP: #1335084
  * cpufreq: remove race while accessing cur_policy
    - LP: #1335084
  * cpufreq: cpu0: drop wrong devm usage
    - LP: #1335084
  * A...

Read more...

Changed in linux-lts-saucy (Ubuntu Precise):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (35.8 KiB)

This bug was fixed in the package linux-lts-trusty - 3.13.0-32.57~precise1

---------------
linux-lts-trusty (3.13.0-32.57~precise1) precise; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux (3.13.0-32.56) trusty; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-3.13.0-30.55 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338524

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699
  * hpsa: add new Smart Array PCI IDs (May 2014)
    - LP: #1337516

linux (3.13.0-31.55) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1336278

  [ Andy Whitcroft ]

  * [Config] switch hyper-keyboard to virtual
    - LP: #1325306
  * [Packaging] linux-udeb-flavour -- standardise on linux prefix

  [ dann frazier ]

  * [Config] CONFIG_GPIO_DWAPB=m
    - LP: #1334823

  [ Feng Kan ]

  * SAUCE: (no-up) arm64: dts: Add Designware GPIO dts binding to APM
    X-Gene platform
    - LP: #1334823

  [ John Johansen ]

  * SAUCE: (no-up) apparmor: fix apparmor spams log with warning message
    - LP: #1308761

  [ Kamal Mostafa ]

  * [Config] updateconfigs ACPI_PROCFS_POWER=y after v3.13.11.4 rebase

  [ Loc Ho ]

  * SAUCE: (no-up) phy-xgene: Use correct tuning for Mustang
    - LP: #1335636

  [ Michael Ellerman ]

  * SAUCE: (no-up) powerpc/perf: Ensure all EBB register state is cleared
    on fork()
    - LP: #1328914

  [ Ming Lei ]

  * Revert "SAUCE: (no-up) rtc: Add X-Gene SoC Real Time Clock Driver"
    - LP: #1274305

  [ Suman Tripathi ]

  * SAUCE: (no-up) libahci: Implement the function ahci_restart_engine to
    restart the port dma engine.
    - LP: #1335645
  * SAUCE: (no-up) ata: Fix the dma state machine lockup for the IDENTIFY
    DEVICE PIO mode command.
    - LP: #1335645

  [ Tim Gardner ]

  * [Config] CONFIG_POWERNV_CPUFREQ=y for powerpc, ppc64el
    - LP: #1324571
  * [Debian] Add UTS_UBUNTU_RELEASE_ABI to utsrelease.h
    - LP: #1327619
  * [Config] CONFIG_HAVE_MEMORYLESS_NODES=y
    - LP: #1332063
  * [Config] CONFIG_HID_RMI=m
    - LP: #1305522

  [ Upstream Kernel Changes ]

  * Revert "offb: Add palette hack for little endian"
    - LP: #1333430
  * Revert "net: mvneta: fix usage as a module on RGMII configurations"
    - LP: #1333837
  * Revert "USB: serial: add usbid for dell wwan card to sierra.c"
    - LP: #1333837
  * Revert "macvlan : fix checksums error when we are in bridge mode"
    - LP: #1333838
  * serial: uart: add hw flow control support configuration
    - LP: #1328295
  * mm/numa: Remove BUG_ON() in __handle_mm_fault()
    - LP: #1323165
  * Tools: hv: Handle the case when the target file exists correctly
    - LP: #1306215
  * Documentation/devicetree/bindings: add documentation for the APM X-Gene
    SoC RTC DTS binding
    - LP: #1274305
  * drivers/rtc: add APM X-Gene SoC RTC driver
    - LP: #1274305
  * arm64: add APM X-Gene SoC RTC DTS entry
    - LP: #1274305
  * powerpc/perf: Add Power8 cache & TLB events
    - LP...

Changed in linux-lts-trusty (Ubuntu Precise):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (15.7 KiB)

This bug was fixed in the package linux-lts-raring - 3.8.0-44.66~precise1

---------------
linux-lts-raring (3.8.0-44.66~precise1) precise; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux-lts-raring (3.8.0-44.65~precise1) precise; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-lts-3.8.0-42.63 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338579

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux-lts-raring (3.8.0-43.64~precise1) precise; urgency=low

  [ Kamal Mostafa ]

  * Revert "ARM: OMAP3: clock: Back-propagate rate change from
    cam_mclk to dpll4_m5 on all OMAP3 platforms"
  * Release Tracking Bug
    - re-used previous tracking bug

linux-lts-raring (3.8.0-43.63~precise1) precise; urgency=low

  [ Kamal Mostafa ]

  * [Config] add debian/gbp.conf
  * Release Tracking Bug
    - LP: #1335912

  [ Upstream Kernel Changes ]

  * Revert "USB: serial: add usbid for dell wwan card to sierra.c"
    - LP: #1333900
  * Revert "macvlan : fix checksums error when we are in bridge mode"
    - LP: #1333900
  * auditsc: audit_krule mask accesses need bounds checking
    - LP: #1325941
    - CVE-2014-3917
  * fs, userns: Change inode_capable to capable_wrt_inode_uidgid
    - LP: #1329103
    - CVE-2014-4014
  * ACPI / EC: Clear stale EC events on Samsung systems
    - LP: #1333900
  * ACPI / EC: Process rather than discard events in acpi_ec_clear
    - LP: #1333900
  * mac80211: fix software remain-on-channel implementation
    - LP: #1333900
  * mac80211: exclude AP_VLAN interfaces from tx power calculation
    - LP: #1333900
  * parisc: fix epoll_pwait syscall on compat kernel
    - LP: #1333900
  * ALSA: hda/realtek - Add support of ALC288 codec
    - LP: #1333900
  * user namespace: fix incorrect memory barriers
    - LP: #1333900
  * mlx4_en: don't use napi_synchronize inside mlx4_en_netpoll
    - LP: #1333900
  * mei: ignore client writing state during cb completion
    - LP: #1333900
  * staging: r8712u: Fix case where ethtype was never obtained and always
    be checked against 0
    - LP: #1333900
  * USB: serial: ftdi_sio: add id for Brainboxes serial cards
    - LP: #1333900
  * usb: option driver, add support for Telit UE910v2
    - LP: #1333900
  * USB: cp210x: Add 8281 (Nanotec Plug & Drive)
    - LP: #1333900
  * USB: pl2303: add ids for Hewlett-Packard HP POS pole displays
    - LP: #1333900
  * USB: usb_wwan: fix handling of missing bulk endpoints
    - LP: #1333900
  * USB: fix crash during hotplug of PCI USB controller card
    - LP: #1333900
  * USB: cdc-acm: Remove Motorola/Telit H24 serial interfaces from ACM
    driver
    - LP: #1333900
  * drm/radeon: memory leak on bo reservation failure. v2
    - LP: #1333900
  * drm/radeon/si: make sure mc ucode is loaded before checking the size
    - LP: #1333900
  * mm/hugetlb.c: add cond_resched_lock() in return_unused_surplus_pages()
    - LP: #1333900
  * mm: use paravirt friendly ops for NUMA hinti...

Changed in linux-lts-raring (Ubuntu Precise):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (7.9 KiB)

This bug was fixed in the package linux - 3.11.0-26.45

---------------
linux (3.11.0-26.45) saucy; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux (3.11.0-26.44) saucy; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-3.11.0-24.42 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338556

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux (3.11.0-25.43) saucy; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1336203

  [ Upstream Kernel Changes ]

  * cfg80211: free sme on connection failures
    - LP: #1335084
  * sched: Sanitize irq accounting madness
    - LP: #1335084
  * sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri check
    - LP: #1335084
  * net: cpsw: fix null dereference at probe
    - LP: #1335084
  * mac80211: fix suspend vs. association race
    - LP: #1335084
  * mac80211: fix on-channel remain-on-channel
    - LP: #1335084
  * af_iucv: wrong mapping of sent and confirmed skbs
    - LP: #1335084
  * net: filter: s390: fix JIT address randomization
    - LP: #1335084
  * perf: Limit perf_event_attr::sample_period to 63 bits
    - LP: #1335084
  * perf: Prevent false warning in perf_swevent_add
    - LP: #1335084
  * drm/gf119-/disp: fix nasty bug which can clobber SOR0's clock setup
    - LP: #1335084
  * drm/radeon: also try GART for CPU accessed buffers
    - LP: #1335084
  * drm/radeon: handle non-VGA class pci devices with ATRM
    - LP: #1335084
  * drm/radeon: fix register typo on si
    - LP: #1335084
  * drm/radeon: avoid segfault on device open when accel is not working.
    - LP: #1335084
  * can: peak_pci: prevent use after free at netdev removal
    - LP: #1335084
  * nfsd4: remove lockowner when removing lock stateid
    - LP: #1335084
  * nfsd4: warn on finding lockowner without stateid's
    - LP: #1335084
  * hwpoison, hugetlb: lock_page/unlock_page does not match for handling a
    free hugepage
    - LP: #1335084
  * mm/memory-failure.c: fix memory leak by race between poison and
    unpoison
    - LP: #1335084
  * netfilter: ipv4: defrag: set local_df flag on defragmented skb
    - LP: #1335084
  * ARM: OMAP3: clock: Back-propagate rate change from cam_mclk to dpll4_m5
    on all OMAP3 platforms
    - LP: #1335084
  * dma: dw: allow shared interrupts
    - LP: #1335084
  * dmaengine: dw: went back to plain {request,free}_irq() calls
    - LP: #1335084
  * ARM: omap5: hwmod_data: Correct IDLEMODE for McPDM
    - LP: #1335084
  * Input: synaptics - add min/max quirk for the ThinkPad W540
    - LP: #1335084
  * futex: Add another early deadlock detection check
    - LP: #1335084
  * futex: Prevent attaching to kernel threads
    - LP: #1335084
  * ARM: OMAP4: Fix the boot regression with CPU_IDLE enabled
    - LP: #1335084
  * cpufreq: remove race while accessing cur_policy
    - LP: #1335084
  * cpufreq: cpu0: drop wrong devm usage
    - LP: #1335084
  * ARM: imx: fix error handling in ipu devic...

Read more...

Changed in linux (Ubuntu Saucy):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (35.8 KiB)

This bug was fixed in the package linux - 3.13.0-32.57

---------------
linux (3.13.0-32.57) trusty; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux (3.13.0-32.56) trusty; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-3.13.0-30.55 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338524

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699
  * hpsa: add new Smart Array PCI IDs (May 2014)
    - LP: #1337516

linux (3.13.0-31.55) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1336278

  [ Andy Whitcroft ]

  * [Config] switch hyper-keyboard to virtual
    - LP: #1325306
  * [Packaging] linux-udeb-flavour -- standardise on linux prefix

  [ dann frazier ]

  * [Config] CONFIG_GPIO_DWAPB=m
    - LP: #1334823

  [ Feng Kan ]

  * SAUCE: (no-up) arm64: dts: Add Designware GPIO dts binding to APM
    X-Gene platform
    - LP: #1334823

  [ John Johansen ]

  * SAUCE: (no-up) apparmor: fix apparmor spams log with warning message
    - LP: #1308761

  [ Kamal Mostafa ]

  * [Config] updateconfigs ACPI_PROCFS_POWER=y after v3.13.11.4 rebase

  [ Loc Ho ]

  * SAUCE: (no-up) phy-xgene: Use correct tuning for Mustang
    - LP: #1335636

  [ Michael Ellerman ]

  * SAUCE: (no-up) powerpc/perf: Ensure all EBB register state is cleared
    on fork()
    - LP: #1328914

  [ Ming Lei ]

  * Revert "SAUCE: (no-up) rtc: Add X-Gene SoC Real Time Clock Driver"
    - LP: #1274305

  [ Suman Tripathi ]

  * SAUCE: (no-up) libahci: Implement the function ahci_restart_engine to
    restart the port dma engine.
    - LP: #1335645
  * SAUCE: (no-up) ata: Fix the dma state machine lockup for the IDENTIFY
    DEVICE PIO mode command.
    - LP: #1335645

  [ Tim Gardner ]

  * [Config] CONFIG_POWERNV_CPUFREQ=y for powerpc, ppc64el
    - LP: #1324571
  * [Debian] Add UTS_UBUNTU_RELEASE_ABI to utsrelease.h
    - LP: #1327619
  * [Config] CONFIG_HAVE_MEMORYLESS_NODES=y
    - LP: #1332063
  * [Config] CONFIG_HID_RMI=m
    - LP: #1305522

  [ Upstream Kernel Changes ]

  * Revert "offb: Add palette hack for little endian"
    - LP: #1333430
  * Revert "net: mvneta: fix usage as a module on RGMII configurations"
    - LP: #1333837
  * Revert "USB: serial: add usbid for dell wwan card to sierra.c"
    - LP: #1333837
  * Revert "macvlan : fix checksums error when we are in bridge mode"
    - LP: #1333838
  * serial: uart: add hw flow control support configuration
    - LP: #1328295
  * mm/numa: Remove BUG_ON() in __handle_mm_fault()
    - LP: #1323165
  * Tools: hv: Handle the case when the target file exists correctly
    - LP: #1306215
  * Documentation/devicetree/bindings: add documentation for the APM X-Gene
    SoC RTC DTS binding
    - LP: #1274305
  * drivers/rtc: add APM X-Gene SoC RTC driver
    - LP: #1274305
  * arm64: add APM X-Gene SoC RTC DTS entry
    - LP: #1274305
  * powerpc/perf: Add Power8 cache & TLB events
    - LP: #1328914
  * powerpc/perf: Configure BH...

Changed in linux (Ubuntu Trusty):
status: New → Fix Released
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Saucy):
status: New → Invalid
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Saucy):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Utopic):
importance: Undecided → High
Changed in linux (Ubuntu Precise):
importance: Undecided → High
Changed in linux (Ubuntu Saucy):
importance: Undecided → High
Changed in linux (Ubuntu Trusty):
importance: Undecided → High
Changed in linux (Ubuntu Lucid):
importance: Undecided → High
Changed in linux (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Saucy):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Utopic):
importance: Undecided → High
description: updated
no longer affects: linux-armadaxp (Ubuntu Saucy)
no longer affects: linux-ec2 (Ubuntu Saucy)
no longer affects: linux-lts-saucy (Ubuntu Saucy)
no longer affects: linux-lts-quantal (Ubuntu Saucy)
no longer affects: linux-mvl-dove (Ubuntu Saucy)
no longer affects: linux (Ubuntu Saucy)
no longer affects: linux-fsl-imx51 (Ubuntu Saucy)
no longer affects: linux-ti-omap4 (Ubuntu Saucy)
no longer affects: linux-lts-raring (Ubuntu Saucy)
Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Utopic):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
description: updated
information type: Private Security → Public Security
tags: added: kernel-cve-tracking-bug
Changed in linux (Ubuntu Utopic):
status: Fix Committed → Invalid
Changed in linux (Ubuntu):
status: Fix Committed → Invalid
no longer affects: linux-lts-trusty (Ubuntu Lucid)
no longer affects: linux-lts-trusty (Ubuntu Saucy)
no longer affects: linux-armadaxp (Ubuntu Lucid)
no longer affects: linux-ec2 (Ubuntu Lucid)
no longer affects: linux-goldfish (Ubuntu Lucid)
no longer affects: linux-lts-saucy (Ubuntu Lucid)
no longer affects: linux-lts-quantal (Ubuntu Lucid)
no longer affects: linux-mvl-dove (Ubuntu Lucid)
no longer affects: linux-ti-omap4 (Ubuntu Lucid)
no longer affects: linux-lts-vivid (Ubuntu Lucid)
no longer affects: linux (Ubuntu Lucid)
no longer affects: linux-mako (Ubuntu Lucid)
no longer affects: linux-fsl-imx51 (Ubuntu Lucid)
no longer affects: linux-lts-utopic (Ubuntu Lucid)
no longer affects: linux-flo (Ubuntu Lucid)
no longer affects: linux-lts-raring (Ubuntu Lucid)
no longer affects: linux-manta (Ubuntu Lucid)
Changed in linux-lts-trusty (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Wily):
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Trusty):
status: New → Fix Committed
importance: Undecided → High
Changed in linux-mako (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Andy Whitcroft (apw) on 2015-05-21
Changed in linux-flo (Ubuntu Utopic):
status: Invalid → Fix Committed
Changed in linux-mako (Ubuntu Utopic):
status: Invalid → Fix Committed
Changed in linux-manta (Ubuntu Utopic):
status: Invalid → Fix Committed
Changed in linux-goldfish (Ubuntu Utopic):
status: Invalid → Fix Committed
Steve Beattie (sbeattie) on 2016-01-27
no longer affects: linux-lts-trusty (Ubuntu Utopic)
no longer affects: linux-armadaxp (Ubuntu Utopic)
no longer affects: linux-ec2 (Ubuntu Utopic)
no longer affects: linux-goldfish (Ubuntu Utopic)
no longer affects: linux-lts-saucy (Ubuntu Utopic)
no longer affects: linux-lts-quantal (Ubuntu Utopic)
no longer affects: linux-raspi2 (Ubuntu Utopic)
no longer affects: linux-mvl-dove (Ubuntu Utopic)
no longer affects: linux-ti-omap4 (Ubuntu Utopic)
no longer affects: linux-lts-vivid (Ubuntu Utopic)
no longer affects: linux (Ubuntu Utopic)
no longer affects: linux-mako (Ubuntu Utopic)
no longer affects: linux-fsl-imx51 (Ubuntu Utopic)
no longer affects: linux-lts-utopic (Ubuntu Utopic)
no longer affects: linux-flo (Ubuntu Utopic)
no longer affects: linux-lts-raring (Ubuntu Utopic)
no longer affects: linux-manta (Ubuntu Utopic)
Changed in linux-raspi2 (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-raspi2 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-raspi2 (Ubuntu Wily):
importance: Undecided → High
Changed in linux-raspi2 (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Steve Beattie (sbeattie) on 2016-01-27
Changed in linux-raspi2 (Ubuntu Xenial):
importance: Undecided → High
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers