This bug was fixed in the package linux-armadaxp - 3.2.0-1661.85 --------------- linux-armadaxp (3.2.0-1661.85) precise; urgency=low [ Ike Panhc ] * Release Tracking Bug - LP: #1532929 * Rebase to Ubuntu-3.2.0-98.138 [ Ubuntu: 3.2.0-98.138 ] * Release Tracking Bug - LP: #1532774 * Revert "xhci: don't finish a TD if we get a short transfer event mid TD" - LP: #1529077 * PCI: Fix devfn for VPD access through function 0 - LP: #1524292 * PCI: Use function 0 VPD for identical functions, regular VPD for others - LP: #1524292 * mac80211: fix driver RSSI event calculations - LP: #1524292 * HID: core: Avoid uninitialized buffer access - LP: #1524292 * wm831x_power: Use IRQF_ONESHOT to request threaded IRQs - LP: #1524292 * mwifiex: fix mwifiex_rdeeprom_read() - LP: #1524292 * mtd: mtdpart: fix add_mtd_partitions error path - LP: #1524292 * devres: fix a for loop bounds check - LP: #1524292 * packet: fix match_fanout_group() - LP: #1524292 * Btrfs: added helper btrfs_next_item() - LP: #1524292 * Btrfs: fix file corruption and data loss after cloning inline extents - LP: #1524292 * iommu/vt-d: Fix ATSR handling for Root-Complex integrated endpoints - LP: #1524292 * ARM: pxa: remove incorrect __init annotation on pxa27x_set_pwrmode - LP: #1524292 * Btrfs: don't use ram_bytes for uncompressed inline items - LP: #1524292 * Btrfs: fix truncation of compressed and inlined extents - LP: #1524292 * ext4, jbd2: ensure entering into panic after recording an error in superblock - LP: #1524292 * Bluetooth: ath3k: Add new AR3012 0930:021c id - LP: #1502781, #1524292 * Bluetooth: ath3k: Add support of AR3012 0cf3:817b device - LP: #1506615, #1524292 * staging: rtl8712: Add device ID for Sitecom WLA2100 - LP: #1524292 * ACPI: Use correct IRQ when uninstalling ACPI interrupt handler - LP: #1524292 * MIPS: atomic: Fix comment describing atomic64_add_unless's return value. - LP: #1524292 * ALSA: hda - Disable 64bit address for Creative HDA controllers - LP: #1524292 * megaraid_sas: Do not use PAGE_SIZE for max_sectors - LP: #1524292 * can: Use correct type in sizeof() in nla_put() - LP: #1524292 * mtd: blkdevs: fix potential deadlock + lockdep warnings - LP: #1524292 * crypto: algif_hash - Only export and import on sockets with data - LP: #1524292 * megaraid_sas : SMAP restriction--do not access user memory from IOCTL code - LP: #1524292 * recordmcount: Fix endianness handling bug for nop_mcount - LP: #1524292 * ipv6: fix tunnel error handling - LP: #1524292 * ALSA: hda - Apply pin fixup for HP ProBook 6550b - LP: #1524292 * firewire: ohci: fix JMicron JMB38x IT context discovery - LP: #1524292 * scsi: restart list search after unlock in scsi_remove_target - LP: #1524292 * x86/cpu: Call verify_cpu() after having entered long mode too - LP: #1524292 * Btrfs: fix race leading to incorrect item deletion when dropping extents - LP: #1524292 * Btrfs: fix race leading to BUG_ON when running delalloc for nodatacow - LP: #1524292 * perf: Fix inherited events vs. tracepoint filters - LP: #1524292 * scsi_sysfs: Fix queue_ramp_up_period return code - LP: #1524292 * Btrfs: fix race when listing an inode's xattrs - LP: #1524292 * net: fix a race in dst_release() - LP: #1524292 * FS-Cache: Increase reference of parent after registering, netfs success - LP: #1524292 * FS-Cache: Don't override netfs's primary_index if registering failed - LP: #1524292 * FS-Cache: Handle a write to the page immediately beyond the EOF marker - LP: #1524292 * binfmt_elf: Don't clobber passed executable's file header - LP: #1524292 * fs: make dumpable=2 require fully qualified path - LP: #1524292 - CVE-2006-2451, allowing local users to gain root privileges. * fs: if a coredump already exists, unlink and recreate with O_EXCL - LP: #1524292 * irda: precedence bug in irlmp_seq_hb_idx() - LP: #1524292 * RDS-TCP: Recover correctly from pskb_pull()/pksb_trim() failure in rds_tcp_data_recv - LP: #1524292 * ipmr: fix possible race resulting from improper usage of IP_INC_STATS_BH() in preemptible context. - LP: #1524292 * net: avoid NULL deref in inet_ctl_sock_destroy() - LP: #1524292 * splice: sendfile() at once fails for big files - LP: #1524292 * Linux 3.2.74 - LP: #1524292 * fuse: break infinite loop in fuse_fill_write_pages() - LP: #1530842 * sctp: translate host order to network order when setting a hmacid - LP: #1530842 * ALSA: usb-audio: add packet size quirk for the Medeli DD305 - LP: #1530842 * ALSA: usb-audio: prevent CH345 multiport output SysEx corruption - LP: #1530842 * ALSA: usb-audio: work around CH345 input SysEx corruption - LP: #1530842 * USB: serial: option: add support for Novatel MiFi USB620L - LP: #1530842 * USB: serial: ti_usb_3410_5052: add Abbott strip port ID to combined table as well. - LP: #1530842 * USB: ti_usb_3410_502: Fix ID table size - LP: #1530842 * USB: ti_usb_3410_5052: Add Honeywell HGI80 ID - LP: #1530842 * usb: musb: core: fix order of arguments to ulpi write callback - LP: #1530842 * ASoC: wm8962: correct addresses for HPF_C_0/1 - LP: #1530842 * net: fix __netdev_update_features return on ndo_set_features failure - LP: #1530842 * FS-Cache: Add missing initialization of ret in cachefiles_write_page() - LP: #1530842 * mac80211: mesh: fix call_rcu() usage - LP: #1530842 * macvlan: fix leak in macvlan_handle_frame - LP: #1530842 * xhci: Add XHCI_INTEL_HOST quirk - LP: #1530842 * xhci: Workaround to get Intel xHCI reset working more reliably - LP: #1530842 * USB: option: add XS Stick W100-2 from 4G Systems - LP: #1530842 * usblp: do not set TASK_INTERRUPTIBLE before lock - LP: #1530842 * mac: validate mac_partition is within sector - LP: #1530842 * ip6mr: call del_timer_sync() in ip6mr_free_table() - LP: #1530842 * net: ip6mr: fix static mfc/dev leaks on table destruction - LP: #1530842 * can: sja1000: clear interrupts on start - LP: #1530842 * USB: cp210x: Remove CP2110 ID from compatibility list - LP: #1530842 * USB: cdc-acm - Add IGNORE_DEVICE quirk - LP: #1530842 * USB: cdc_acm: Ignore Infineon Flash Loader utility - LP: #1530842 * unix: avoid use-after-free in ep_remove_wait_queue - LP: #1530842 * fix sysvfs symlinks - LP: #1530842 * vfs: Make sendfile(2) killable even better - LP: #1530842 * vfs: Avoid softlockups with sendfile(2) - LP: #1530842 * broadcom: fix PHY_ID_BCM5481 entry in the id table - LP: #1530842 * ring-buffer: Update read stamp with first real commit on page - LP: #1530842 * ext4: Fix handling of extended tv_sec - LP: #1530842 * jbd2: Fix unreclaimed pages after truncate in data=journal mode - LP: #1530842 * RDS: fix race condition when sending a message on unbound socket - LP: #1530842 * nfs: if we have no valid attrs, then don't declare the attribute cache valid - LP: #1530842 * drm/ttm: Fixed a read/write lock imbalance - LP: #1530842 * AHCI: Fix softreset failed issue of Port Multiplier - LP: #1530842 * sata_sil: disable trim - LP: #1530842 * wan/x25: Fix use-after-free in x25_asy_open_tty() - LP: #1530842 * USB: whci-hcd: add check for dma mapping error - LP: #1530842 * usb: Use the USB_SS_MULT() macro to decode burst multiplier for log message - LP: #1530842 * dm btree: fix leak of bufio-backed block in btree_split_sibling error path - LP: #1530842 * ipv4: igmp: Allow removing groups from a removed interface - LP: #1530842 * locking: Add WARN_ON_ONCE lock assertion - LP: #1530842 * drm: Fix an unwanted master inheritance v2 - LP: #1530842 * sched/core: Remove false-positive warning from wake_up_process() - LP: #1530842 * sched/core: Clear the root_domain cpumasks in init_rootdomain() - LP: #1530842 * usb: xhci: fix config fail of FS hub behind a HS hub with MTT - LP: #1530842 * ALSA: rme96: Fix unexpected volume reset after rate changes - LP: #1530842 * 9p: ->evict_inode() should kick out ->i_data, not ->i_mapping - LP: #1530842 * ipmi: move timer init to before irq is setup - LP: #1530842 * dm btree: fix bufio buffer leaks in dm_btree_del() error path - LP: #1530842 * vgaarb: fix signal handling in vga_get() - LP: #1530842 * parisc iommu: fix panic due to trying to allocate too large region - LP: #1530842 * mm, vmstat: allow WQ concurrency to discover memory reclaim doesn't make any progress - LP: #1530842 * mm: hugetlb: call huge_pte_alloc() only if ptep is null - LP: #1530842 * sh64: fix __NR_fgetxattr - LP: #1530842 * snmp: Remove duplicate OUTMCAST stat increment - LP: #1530842 * tcp: initialize tp->copied_seq in case of cross SYN connection - LP: #1530842 * net, scm: fix PaX detected msg_controllen overflow in scm_detach_fds - LP: #1530842 * net: ipmr: fix static mfc/dev leaks on table destruction - LP: #1530842 * ipv6: distinguish frag queues by device for multicast and link-local packets - LP: #1530842 * dccp: remove unnecessary codes in ipv6.c - LP: #1530842 * ipv6: add complete rcu protection around np->opt - LP: #1530842 * ipv6: sctp: implement sctp_v6_destroy_sock() - LP: #1530842 * atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation - LP: #1530842 * sctp: update the netstamp_needed counter when copying sockets - LP: #1530842 * ipv6: sctp: clone options to avoid use after free - LP: #1530842 * net: add validation for the socket syscall protocol argument - LP: #1530842 * sh_eth: fix kernel oops in skb_put() - LP: #1530842 * pptp: verify sockaddr_len in pptp_bind() and pptp_connect() - LP: #1530842 * bluetooth: Validate socket address length in sco_sock_bind(). - LP: #1530842 * af_unix: Revert 'lock_interruptible' in stream receive code - LP: #1530842 * af_unix: fix a fatal race with bit fields - LP: #1530842 * isdn_ppp: Add checks for allocation failure in isdn_ppp_open() - LP: #1530842 * ppp, slip: Validate VJ compression slot parameters completely - LP: #1530842 * Linux 3.2.75 - LP: #1530842 * KVM: x86: Reload pit counters for all channels when restoring state - LP: #1530956 - CVE-2015-7513 [ Ubuntu: 3.2.0-97.137 ] * xen: Add RING_COPY_REQUEST() - CVE-2015-8550 * xen-netback: don't use last request to determine minimum Tx credit - CVE-2015-8550 * xen-netback: use RING_COPY_REQUEST() throughout - CVE-2015-8550 * xen-blkback: only read request operation from shared ring once - CVE-2015-8550 * xen/pciback: Save xen_pci_op commands before processing it - CVE-2015-8550 * xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553 * xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI or MSI-X enabled - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553 * xen/pciback: Do not install an IRQ handler for MSI interrupts. - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553 * xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled. - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553 * xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set. - CVE-2015-8551, CVE-2015-8552, CVE-2015-8553 -- Ike Panhc