Lucid update to 2.6.32.65 stable release

Bug #1403918 reported by Luis Henriques on 2014-12-18
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from Linus' tree or in a minimally
       backported form of that patch. The 2.6.32.65 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

       The following patches are in the 2.6.32.65 stable release:

x86, 64-bit: Move K8 B step iret fixup to fault entry asm
x86-64: Adjust frame type at paranoid_exit:
x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
x86-32, espfix: Remove filter for espfix32 due to race
x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
x86, espfix: Move espfix definitions into a separate header file
x86, espfix: Fix broken header guard
x86, espfix: Make espfix64 a Kconfig option, fix UML
x86, espfix: Make it possible to disable 16-bit support
x86_64/entry/xen: Do not invoke espfix64 on Xen
x86/espfix/xen: Fix allocation of pages for paravirt page tables
x86_64, traps: Stop using IST for #SS
x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C
x86_64, traps: Rework bad_iret

The following patches from the stable release have been dropped (some were actually already applied to Lucid):

net: sendmsg: fix failed backport of "fix NULL pointer dereference"
net/l2tp: don't fall back on UDP [get|set]sockopt
ALSA: control: Don't access controls outside of protected regions
ALSA: control: Fix replacing user controls
USB: whiteheat: Added bounds checking for bulk command response
net: sctp: fix panic on duplicate ASCONF chunks
net: sctp: fix remote memory pressure from excessive queueing
udf: Avoid infinite loop when processing indirect ICBs
net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet
mac80211: fix fragmentation code, particularly for encryption
ttusb-dec: buffer overflow in ioctl
vlan: Don't propagate flag changes on down interfaces.
sctp: Fix double-free introduced by bad backport in 2.6.32.62
md/raid6: Fix misapplied backport in 2.6.32.64
block: add missing blk_queue_dead() checks
block: Fix blk_execute_rq_nowait() dead queue handling
cciss: Fix misapplied "cciss: fix info leak in cciss_ioctl32_passthru()"
proc connector: Delete spurious memset in proc_exit_connector()
Linux 2.6.32.65

CVE References

Luis Henriques (henrix) on 2014-12-18
tags: added: kernel-stable-tracking-bug
Luis Henriques (henrix) on 2014-12-18
description: updated
Luis Henriques (henrix) on 2014-12-18
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-71.138

---------------
linux (2.6.32-71.138) lucid; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1403943

  [ Luis Henriques ]

  * [Config] updateconfigs CONFIG_X86_16BIT=y after v2.6.32.65 update

  [ Upstream Kernel Changes ]

  * KVM: x86: Check non-canonical addresses upon WRMSR
    - LP: #1384539
    - CVE-2014-3610
  * KVM: x86: Improve thread safety in pit
    - LP: #1384540
    - CVE-2014-3611
  * net:socket: set msg_namelen to 0 if msg_name is passed as NULL in
    msghdr struct from userland.
    - LP: #1335478
  * x86, 64-bit: Move K8 B step iret fixup to fault entry asm
    - LP: #1403918
  * x86-64: Adjust frame type at paranoid_exit:
    - LP: #1403918
  * x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
    - LP: #1403918
  * x86-32, espfix: Remove filter for espfix32 due to race
    - LP: #1403918
  * x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
    - LP: #1403918
  * x86, espfix: Move espfix definitions into a separate header file
    - LP: #1403918
  * x86, espfix: Fix broken header guard
    - LP: #1403918
  * x86, espfix: Make espfix64 a Kconfig option, fix UML
    - LP: #1403918
  * x86, espfix: Make it possible to disable 16-bit support
    - LP: #1403918
  * x86_64/entry/xen: Do not invoke espfix64 on Xen
    - LP: #1403918
  * x86/espfix/xen: Fix allocation of pages for paravirt page tables
    - LP: #1403918
  * x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C
    - LP: #1403918
  * x86_64, traps: Rework bad_iret
    - LP: #1403918
 -- Luis Henriques <email address hidden> Thu, 18 Dec 2014 16:22:56 +0000

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers