This bug was fixed in the package linux-ec2 - 2.6.32-368.84
--------------- linux-ec2 (2.6.32-368.84) lucid; urgency=low
[ Andy Whitcroft ]
* pull in missing CVE changelog * Ubuntu-2.6.32-368.84
[ Ubuntu: 2.6.32-64.128 ]
* l2tp: Privilege escalation in ppp over l2tp sockets - LP: #1341472 - CVE-2014-4943
linux-ec2 (2.6.32-368.83) lucid; urgency=low
[ Stefan Bader ]
* Rebased to Ubuntu-2.6.32-64.127 * Release Tracking Bug - LP: #1339215
[ Ubuntu: 2.6.32-64.127 ]
* Merged back Ubuntu-2.6.32-62.126 security release * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)" - LP: #1337339 * ptrace,x86: force IRET path after a ptrace_stop() - LP: #1337339 - CVE-2014-4699
linux-ec2 (2.6.32-367.82) lucid; urgency=low
* Rebased to Ubuntu-2.6.32-63.126 * Release Tracking Bug - LP: #1336142
[ Ubuntu: 2.6.32-63.126 ]
* net: check net.core.somaxconn sysctl values - LP: #1321293 * sysctl net: Keep tcp_syn_retries inside the boundary - LP: #1321293 * ethtool: Report link-down while interface is down - LP: #1335049 * futex: Prevent attaching to kernel threads - LP: #1335049 * auditsc: audit_krule mask accesses need bounds checking - LP: #1335049 * net: fix regression introduced in 2.6.32.62 by sysctl fixes - LP: #1335049 * Linux 2.6.32.63 - LP: #1335049 * lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c - LP: #1335313 - CVE-2014-4608 * lib/lzo: Update LZO compression to current upstream version - LP: #1335313 - CVE-2014-4608 * lzo: properly check for overruns - LP: #1335313 - CVE-2014-4608 -- Andy Whitcroft <email address hidden> Mon, 14 Jul 2014 17:31:51 +0100
This bug was fixed in the package linux-ec2 - 2.6.32-368.84
---------------
linux-ec2 (2.6.32-368.84) lucid; urgency=low
[ Andy Whitcroft ]
* pull in missing CVE changelog 2.6.32- 368.84
* Ubuntu-
[ Ubuntu: 2.6.32-64.128 ]
* l2tp: Privilege escalation in ppp over l2tp sockets
- LP: #1341472
- CVE-2014-4943
linux-ec2 (2.6.32-368.83) lucid; urgency=low
[ Stefan Bader ]
* Rebased to Ubuntu- 2.6.32- 64.127
* Release Tracking Bug
- LP: #1339215
[ Ubuntu: 2.6.32-64.127 ]
* Merged back Ubuntu- 2.6.32- 62.126 security release
* Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
- LP: #1337339
* ptrace,x86: force IRET path after a ptrace_stop()
- LP: #1337339
- CVE-2014-4699
linux-ec2 (2.6.32-367.82) lucid; urgency=low
[ Stefan Bader ]
* Rebased to Ubuntu- 2.6.32- 63.126
* Release Tracking Bug
- LP: #1336142
[ Ubuntu: 2.6.32-63.126 ]
* net: check net.core.somaxconn sysctl values s_safe. c
- LP: #1321293
* sysctl net: Keep tcp_syn_retries inside the boundary
- LP: #1321293
* ethtool: Report link-down while interface is down
- LP: #1335049
* futex: Prevent attaching to kernel threads
- LP: #1335049
* auditsc: audit_krule mask accesses need bounds checking
- LP: #1335049
* net: fix regression introduced in 2.6.32.62 by sysctl fixes
- LP: #1335049
* Linux 2.6.32.63
- LP: #1335049
* lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompres
- LP: #1335313
- CVE-2014-4608
* lib/lzo: Update LZO compression to current upstream version
- LP: #1335313
- CVE-2014-4608
* lzo: properly check for overruns
- LP: #1335313
- CVE-2014-4608
-- Andy Whitcroft <email address hidden> Mon, 14 Jul 2014 17:31:51 +0100