Trusty update to 3.13.11-ckt27 stable release

Bug #1500810 reported by Luis Henriques on 2015-09-29
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Trusty
Undecided
Unassigned

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from Linus' tree or in a minimally
       backported form of that patch. The 3.13.11-ckt27 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://kernel.ubuntu.com/ubuntu/linux.git

    TEST CASE: TBD

       The following patches are in the 3.13.11-ckt27 stable release:

md/raid10: always set reshape_safe when initializing reshape_position.
md: flush ->event_work before stopping array.
ipv6: addrconf: validate new MTU before applying it
virtio-net: drop NETIF_F_FRAGLIST
RDS: verify the underlying transport exists before creating a connection
xen/gntdev: convert priv->lock to a mutex
xen/gntdevt: Fix race condition in gntdev_release()
PCI: Restore PCI_MSIX_FLAGS_BIRMASK definition
nfsd: Drop BUG_ON and ignore SECLABEL on absent filesystem
crypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer
xen-blkfront: don't add indirect pages to list when !feature_persistent
xen-blkback: replace work_pending with work_busy in purge_persistent_gnt()
USB: sierra: add 1199:68AB device ID
regmap: regcache-rbtree: Clean new present bits on present bitmap resize
target/iscsi: Fix double free of a TUR followed by a solicited NOPOUT
rbd: fix copyup completion race
md/raid1: extend spinlock to protect raid1_end_read_request against inconsistencies
target: REPORT LUNS should return LUN 0 even for dynamic ACLs
MIPS: Fix sched_getaffinity with MT FPAFF enabled
xhci: fix off by one error in TRB DMA address boundary check
perf: Fix fasync handling on inherited events
mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations
MIPS: Make set_pte() SMP safe.
ipc: modify message queue accounting to not take kernel data structures into account
ocfs2: fix BUG in ocfs2_downconvert_thread_do_work()
fsnotify: fix oops in fsnotify_clear_marks_by_group_flags()
KVM: x86: Use adjustment in guest cycles when handling MSR_IA32_TSC_ADJUST
localmodconfig: Use Kbuild files too
dm thin metadata: delete btrees when releasing metadata snapshot
dm btree: add ref counting ops for the leaves of top level btrees
drm/radeon: add new OLAND pci id
libiscsi: Fix host busy blocking during connection teardown
libfc: Fix fc_exch_recv_req() error path
libfc: Fix fc_fcp_cleanup_each_cmd()
EDAC, ppc4xx: Access mci->csrows array elements properly
crypto: caam - fix memory corruption in ahash_final_ctx
mm/hwpoison: fix page refcount of unknown non LRU page
ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits
ipc/sem.c: change memory barrier in sem_lock() to smp_rmb()
ipc/sem.c: update/correct memory barriers
Add factory recertified Crucial M500s to blacklist
arm64: KVM: Fix host crash when injecting a fault into a 32bit guest
batman-adv: protect tt_local_entry from concurrent delete events
ip6_gre: release cached dst on tunnel removal
net: Fix RCU splat in af_key
rds: fix an integer overflow test in rds_info_getsockopt()
udp: fix dst races with multicast early demux
sparc64: Fix userspace FPU register corruptions.
ipv6: lock socket in ip6_datagram_connect()
rtnetlink: verify IFLA_VF_INFO attributes before passing them to driver
net/tipc: initialize security state for new connection socket
net: pktgen: fix race between pktgen_thread_worker() and kthread_stop()
net: call rcu_read_lock early in process_backlog
net: Fix skb csum races when peeking
netlink: don't hold mutex in rcu callback when releasing mmapd ring
Linux 3.13.11-ckt27

The following patches from 3.13.11-ckt27 were already applied to the Trusty kernel:

net: Fix skb_set_peeked use-after-free bug
net: gso: use feature flag argument in all protocol gso handlers

CVE References

Luis Henriques (henrix) on 2015-09-29
tags: added: kernel-stable-tracking-bug
Luis Henriques (henrix) on 2015-09-29
description: updated
Changed in linux (Ubuntu):
status: New → Invalid
Luis Henriques (henrix) on 2015-09-29
Changed in linux (Ubuntu Trusty):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (5.6 KiB)

This bug was fixed in the package linux - 3.13.0-66.108

---------------
linux (3.13.0-66.108) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1503713

  [ Andy Whitcroft ]

  * Revert "SAUCE: aufs3: mmap: Fix races in madvise_remove() and
    sys_msync()"
    - LP: #1503655

  [ Ben Hutchings ]

  * SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
    - LP: #1503655
    - CVE-2015-7312

linux (3.13.0-66.107) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1503021

  [ Ben Hutchings ]

  * SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
    - CVE-2015-7312

  [ John Johansen ]

  * SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
    - LP: #1496430

  [ Upstream Kernel Changes ]

  * mmc: sdhci-pci: set the clear transfer mode register quirk for O2Micro
    - LP: #1472843
  * mmc: sdhci: Add a quirk for AMD SDHC transfer mode register need to be
    cleared for cmd without data
    - LP: #1472843
  * n_tty: Fix poll() when TIME_CHAR and MIN_CHAR == 0
    - LP: #1397976
  * net: make skb_gso_segment error handling more robust
    - LP: #1497048
  * net: gso: use feature flag argument in all protocol gso handlers
    - LP: #1497048
  * md/raid10: always set reshape_safe when initializing reshape_position.
    - LP: #1500810
  * md: flush ->event_work before stopping array.
    - LP: #1500810
  * ipv6: addrconf: validate new MTU before applying it
    - LP: #1500810
  * virtio-net: drop NETIF_F_FRAGLIST
    - LP: #1500810
  * RDS: verify the underlying transport exists before creating a
    connection
    - LP: #1500810
  * xen/gntdev: convert priv->lock to a mutex
    - LP: #1500810
  * xen/gntdevt: Fix race condition in gntdev_release()
    - LP: #1500810
  * PCI: Restore PCI_MSIX_FLAGS_BIRMASK definition
    - LP: #1500810
  * nfsd: Drop BUG_ON and ignore SECLABEL on absent filesystem
    - LP: #1500810
  * crypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer
    - LP: #1500810
  * xen-blkfront: don't add indirect pages to list when !feature_persistent
    - LP: #1500810
  * xen-blkback: replace work_pending with work_busy in
    purge_persistent_gnt()
    - LP: #1500810
  * USB: sierra: add 1199:68AB device ID
    - LP: #1500810
  * regmap: regcache-rbtree: Clean new present bits on present bitmap
    resize
    - LP: #1500810
  * target/iscsi: Fix double free of a TUR followed by a solicited NOPOUT
    - LP: #1500810
  * rbd: fix copyup completion race
    - LP: #1500810
  * md/raid1: extend spinlock to protect raid1_end_read_request against
    inconsistencies
    - LP: #1500810
  * target: REPORT LUNS should return LUN 0 even for dynamic ACLs
    - LP: #1500810
  * MIPS: Fix sched_getaffinity with MT FPAFF enabled
    - LP: #1500810
  * xhci: fix off by one error in TRB DMA address boundary check
    - LP: #1500810
  * perf: Fix fasync handling on inherited events
    - LP: #1500810
  * mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations
    - LP: #1500810
  * MIPS: Make set_pte() SMP safe.
    - LP: #1500810
  * ipc: modify message queue accounting to not take kernel data structures
    into account
    - ...

Read more...

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers