CVE-2014-4943

Bug #1341472 reported by Luis Henriques
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
High
Unassigned
Precise
Fix Released
High
Unassigned
Trusty
Fix Released
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-armadaxp (Ubuntu)
Invalid
High
Unassigned
Precise
Fix Released
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-ec2 (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-flo (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-fsl-imx51 (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-goldfish (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-lts-quantal (Ubuntu)
Invalid
High
Unassigned
Precise
Fix Released
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-lts-raring (Ubuntu)
Invalid
High
Unassigned
Precise
Fix Released
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-lts-saucy (Ubuntu)
Invalid
High
Unassigned
Precise
Fix Released
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-lts-trusty (Ubuntu)
Invalid
High
Unassigned
Precise
Fix Released
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-lts-utopic (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-lts-vivid (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Fix Committed
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-mako (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-manta (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-mvl-dove (Ubuntu)
Invalid
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned
linux-raspi2 (Ubuntu)
New
High
Unassigned
Precise
Invalid
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
New
High
Unassigned
Xenial
New
High
Unassigned
linux-ti-omap4 (Ubuntu)
Invalid
High
Unassigned
Precise
Fix Released
High
Unassigned
Trusty
Invalid
High
Unassigned
Vivid
Invalid
High
Unassigned
Wily
Invalid
High
Unassigned
Xenial
Invalid
High
Unassigned

Bug Description

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.

Break-Fix: - 3cf521f7dc87c031617fd47e4b7aa2593c2f3daf

Andy Whitcroft (apw)
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Saucy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-trusty (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-trusty (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-trusty (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Utopic):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-trusty (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-64.128

---------------
linux (2.6.32-64.128) lucid; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux (2.6.32-64.127) lucid; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-2.6.32-62.126 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338946

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux (2.6.32-63.126) lucid; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1335875

  [ Upstream Kernel Changes ]

  * net: check net.core.somaxconn sysctl values
    - LP: #1321293
  * sysctl net: Keep tcp_syn_retries inside the boundary
    - LP: #1321293
  * ethtool: Report link-down while interface is down
    - LP: #1335049
  * futex: Prevent attaching to kernel threads
    - LP: #1335049
  * auditsc: audit_krule mask accesses need bounds checking
    - LP: #1335049
  * net: fix regression introduced in 2.6.32.62 by sysctl fixes
    - LP: #1335049
  * Linux 2.6.32.63
    - LP: #1335049
  * lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c
    - LP: #1335313
    - CVE-2014-4608
  * lib/lzo: Update LZO compression to current upstream version
    - LP: #1335313
    - CVE-2014-4608
  * lzo: properly check for overruns
    - LP: #1335313
    - CVE-2014-4608
 -- Luis Henriques <email address hidden> Mon, 14 Jul 2014 16:33:33 +0100

Changed in linux (Ubuntu Lucid):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ec2 - 2.6.32-368.84

---------------
linux-ec2 (2.6.32-368.84) lucid; urgency=low

  [ Andy Whitcroft ]

  * pull in missing CVE changelog
  * Ubuntu-2.6.32-368.84

  [ Ubuntu: 2.6.32-64.128 ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux-ec2 (2.6.32-368.83) lucid; urgency=low

  [ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-64.127
  * Release Tracking Bug
    - LP: #1339215

  [ Ubuntu: 2.6.32-64.127 ]

  * Merged back Ubuntu-2.6.32-62.126 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux-ec2 (2.6.32-367.82) lucid; urgency=low

  [ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-63.126
  * Release Tracking Bug
    - LP: #1336142

  [ Ubuntu: 2.6.32-63.126 ]

  * net: check net.core.somaxconn sysctl values
    - LP: #1321293
  * sysctl net: Keep tcp_syn_retries inside the boundary
    - LP: #1321293
  * ethtool: Report link-down while interface is down
    - LP: #1335049
  * futex: Prevent attaching to kernel threads
    - LP: #1335049
  * auditsc: audit_krule mask accesses need bounds checking
    - LP: #1335049
  * net: fix regression introduced in 2.6.32.62 by sysctl fixes
    - LP: #1335049
  * Linux 2.6.32.63
    - LP: #1335049
  * lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c
    - LP: #1335313
    - CVE-2014-4608
  * lib/lzo: Update LZO compression to current upstream version
    - LP: #1335313
    - CVE-2014-4608
  * lzo: properly check for overruns
    - LP: #1335313
    - CVE-2014-4608
 -- Andy Whitcroft <email address hidden> Mon, 14 Jul 2014 17:31:51 +0100

Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.2.0-67.101

---------------
linux (3.2.0-67.101) precise; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux (3.2.0-67.100) precise; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-3.2.0-65.99 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338654

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux (3.2.0-66.99) precise; urgency=low

  * Release Tracking Bug
    - LP: #1335906

  [ Upstream Kernel Changes ]

  * skbuff: export skb_copy_ubufs
    - LP: #1298119
    - CVE-2014-0131
  * skbuff: add an api to orphan frags
    - LP: #1298119
    - CVE-2014-0131
  * skbuff: skb_segment: orphan frags before copying
    - LP: #1298119
    - CVE-2014-0131
  * lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c
    - CVE-2014-4608
  * lib/lzo: Update LZO compression to current upstream version
    - CVE-2014-4608
  * lzo: properly check for overruns
    - CVE-2014-4608
  * KVM: x86 emulator: add support for vector alignment
    - LP: #1330177
  * KVM: x86: emulate movdqa
    - LP: #1330177
 -- Luis Henriques <email address hidden> Mon, 14 Jul 2014 16:07:35 +0100

Changed in linux (Ubuntu Precise):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-quantal - 3.5.0-54.81~precise1

---------------
linux-lts-quantal (3.5.0-54.81~precise1) precise; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux-lts-quantal (3.5.0-54.80~precise1) precise; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-lts-3.5.0-52.79 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338611

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux-lts-quantal (3.5.0-53.79~precise1) precise; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1336400

  [ Upstream Kernel Changes ]

  * skbuff: export skb_copy_ubufs
    - LP: #1298119
    - CVE-2014-0131
  * skbuff: add an api to orphan frags
    - LP: #1298119
    - CVE-2014-0131
  * skbuff: skb_segment: orphan frags before copying
    - LP: #1298119
    - CVE-2014-0131
  * media-device: fix infoleak in ioctl media_enum_entities()
    - LP: #1333609
    - CVE-2014-1739
  * auditsc: audit_krule mask accesses need bounds checking
    - LP: #1325941
    - CVE-2014-3917
  * userns: Allow chown and setgid preservation
    - LP: #1329103
    - CVE-2014-4014
  * fs,userns: Change inode_capable to capable_wrt_inode_uidgid
    - LP: #1329103
    - CVE-2014-4014
  * target/rd: Refactor rd_build_device_space + rd_release_device_space
    - LP: #1333612
    - CVE-2014-4027
  * lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c
    - CVE-2014-4608
  * lib/lzo: Update LZO compression to current upstream version
    - CVE-2014-4608
  * lzo: properly check for overruns
    - CVE-2014-4608
 -- Luis Henriques <email address hidden> Mon, 14 Jul 2014 15:28:36 +0100

Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (7.9 KiB)

This bug was fixed in the package linux-lts-saucy - 3.11.0-26.45~precise1

---------------
linux-lts-saucy (3.11.0-26.45~precise1) precise; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux (3.11.0-26.44) saucy; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-3.11.0-24.42 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338556

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux (3.11.0-25.43) saucy; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1336203

  [ Upstream Kernel Changes ]

  * cfg80211: free sme on connection failures
    - LP: #1335084
  * sched: Sanitize irq accounting madness
    - LP: #1335084
  * sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri check
    - LP: #1335084
  * net: cpsw: fix null dereference at probe
    - LP: #1335084
  * mac80211: fix suspend vs. association race
    - LP: #1335084
  * mac80211: fix on-channel remain-on-channel
    - LP: #1335084
  * af_iucv: wrong mapping of sent and confirmed skbs
    - LP: #1335084
  * net: filter: s390: fix JIT address randomization
    - LP: #1335084
  * perf: Limit perf_event_attr::sample_period to 63 bits
    - LP: #1335084
  * perf: Prevent false warning in perf_swevent_add
    - LP: #1335084
  * drm/gf119-/disp: fix nasty bug which can clobber SOR0's clock setup
    - LP: #1335084
  * drm/radeon: also try GART for CPU accessed buffers
    - LP: #1335084
  * drm/radeon: handle non-VGA class pci devices with ATRM
    - LP: #1335084
  * drm/radeon: fix register typo on si
    - LP: #1335084
  * drm/radeon: avoid segfault on device open when accel is not working.
    - LP: #1335084
  * can: peak_pci: prevent use after free at netdev removal
    - LP: #1335084
  * nfsd4: remove lockowner when removing lock stateid
    - LP: #1335084
  * nfsd4: warn on finding lockowner without stateid's
    - LP: #1335084
  * hwpoison, hugetlb: lock_page/unlock_page does not match for handling a
    free hugepage
    - LP: #1335084
  * mm/memory-failure.c: fix memory leak by race between poison and
    unpoison
    - LP: #1335084
  * netfilter: ipv4: defrag: set local_df flag on defragmented skb
    - LP: #1335084
  * ARM: OMAP3: clock: Back-propagate rate change from cam_mclk to dpll4_m5
    on all OMAP3 platforms
    - LP: #1335084
  * dma: dw: allow shared interrupts
    - LP: #1335084
  * dmaengine: dw: went back to plain {request,free}_irq() calls
    - LP: #1335084
  * ARM: omap5: hwmod_data: Correct IDLEMODE for McPDM
    - LP: #1335084
  * Input: synaptics - add min/max quirk for the ThinkPad W540
    - LP: #1335084
  * futex: Add another early deadlock detection check
    - LP: #1335084
  * futex: Prevent attaching to kernel threads
    - LP: #1335084
  * ARM: OMAP4: Fix the boot regression with CPU_IDLE enabled
    - LP: #1335084
  * cpufreq: remove race while accessing cur_policy
    - LP: #1335084
  * cpufreq: cpu0: drop wrong devm usage
    - LP: #1335084
  * A...

Read more...

Changed in linux-lts-saucy (Ubuntu Precise):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (35.8 KiB)

This bug was fixed in the package linux-lts-trusty - 3.13.0-32.57~precise1

---------------
linux-lts-trusty (3.13.0-32.57~precise1) precise; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux (3.13.0-32.56) trusty; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-3.13.0-30.55 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338524

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699
  * hpsa: add new Smart Array PCI IDs (May 2014)
    - LP: #1337516

linux (3.13.0-31.55) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1336278

  [ Andy Whitcroft ]

  * [Config] switch hyper-keyboard to virtual
    - LP: #1325306
  * [Packaging] linux-udeb-flavour -- standardise on linux prefix

  [ dann frazier ]

  * [Config] CONFIG_GPIO_DWAPB=m
    - LP: #1334823

  [ Feng Kan ]

  * SAUCE: (no-up) arm64: dts: Add Designware GPIO dts binding to APM
    X-Gene platform
    - LP: #1334823

  [ John Johansen ]

  * SAUCE: (no-up) apparmor: fix apparmor spams log with warning message
    - LP: #1308761

  [ Kamal Mostafa ]

  * [Config] updateconfigs ACPI_PROCFS_POWER=y after v3.13.11.4 rebase

  [ Loc Ho ]

  * SAUCE: (no-up) phy-xgene: Use correct tuning for Mustang
    - LP: #1335636

  [ Michael Ellerman ]

  * SAUCE: (no-up) powerpc/perf: Ensure all EBB register state is cleared
    on fork()
    - LP: #1328914

  [ Ming Lei ]

  * Revert "SAUCE: (no-up) rtc: Add X-Gene SoC Real Time Clock Driver"
    - LP: #1274305

  [ Suman Tripathi ]

  * SAUCE: (no-up) libahci: Implement the function ahci_restart_engine to
    restart the port dma engine.
    - LP: #1335645
  * SAUCE: (no-up) ata: Fix the dma state machine lockup for the IDENTIFY
    DEVICE PIO mode command.
    - LP: #1335645

  [ Tim Gardner ]

  * [Config] CONFIG_POWERNV_CPUFREQ=y for powerpc, ppc64el
    - LP: #1324571
  * [Debian] Add UTS_UBUNTU_RELEASE_ABI to utsrelease.h
    - LP: #1327619
  * [Config] CONFIG_HAVE_MEMORYLESS_NODES=y
    - LP: #1332063
  * [Config] CONFIG_HID_RMI=m
    - LP: #1305522

  [ Upstream Kernel Changes ]

  * Revert "offb: Add palette hack for little endian"
    - LP: #1333430
  * Revert "net: mvneta: fix usage as a module on RGMII configurations"
    - LP: #1333837
  * Revert "USB: serial: add usbid for dell wwan card to sierra.c"
    - LP: #1333837
  * Revert "macvlan : fix checksums error when we are in bridge mode"
    - LP: #1333838
  * serial: uart: add hw flow control support configuration
    - LP: #1328295
  * mm/numa: Remove BUG_ON() in __handle_mm_fault()
    - LP: #1323165
  * Tools: hv: Handle the case when the target file exists correctly
    - LP: #1306215
  * Documentation/devicetree/bindings: add documentation for the APM X-Gene
    SoC RTC DTS binding
    - LP: #1274305
  * drivers/rtc: add APM X-Gene SoC RTC driver
    - LP: #1274305
  * arm64: add APM X-Gene SoC RTC DTS entry
    - LP: #1274305
  * powerpc/perf: Add Power8 cache & TLB events
    - LP...

Changed in linux-lts-trusty (Ubuntu Precise):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (15.7 KiB)

This bug was fixed in the package linux-lts-raring - 3.8.0-44.66~precise1

---------------
linux-lts-raring (3.8.0-44.66~precise1) precise; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux-lts-raring (3.8.0-44.65~precise1) precise; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-lts-3.8.0-42.63 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338579

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux-lts-raring (3.8.0-43.64~precise1) precise; urgency=low

  [ Kamal Mostafa ]

  * Revert "ARM: OMAP3: clock: Back-propagate rate change from
    cam_mclk to dpll4_m5 on all OMAP3 platforms"
  * Release Tracking Bug
    - re-used previous tracking bug

linux-lts-raring (3.8.0-43.63~precise1) precise; urgency=low

  [ Kamal Mostafa ]

  * [Config] add debian/gbp.conf
  * Release Tracking Bug
    - LP: #1335912

  [ Upstream Kernel Changes ]

  * Revert "USB: serial: add usbid for dell wwan card to sierra.c"
    - LP: #1333900
  * Revert "macvlan : fix checksums error when we are in bridge mode"
    - LP: #1333900
  * auditsc: audit_krule mask accesses need bounds checking
    - LP: #1325941
    - CVE-2014-3917
  * fs, userns: Change inode_capable to capable_wrt_inode_uidgid
    - LP: #1329103
    - CVE-2014-4014
  * ACPI / EC: Clear stale EC events on Samsung systems
    - LP: #1333900
  * ACPI / EC: Process rather than discard events in acpi_ec_clear
    - LP: #1333900
  * mac80211: fix software remain-on-channel implementation
    - LP: #1333900
  * mac80211: exclude AP_VLAN interfaces from tx power calculation
    - LP: #1333900
  * parisc: fix epoll_pwait syscall on compat kernel
    - LP: #1333900
  * ALSA: hda/realtek - Add support of ALC288 codec
    - LP: #1333900
  * user namespace: fix incorrect memory barriers
    - LP: #1333900
  * mlx4_en: don't use napi_synchronize inside mlx4_en_netpoll
    - LP: #1333900
  * mei: ignore client writing state during cb completion
    - LP: #1333900
  * staging: r8712u: Fix case where ethtype was never obtained and always
    be checked against 0
    - LP: #1333900
  * USB: serial: ftdi_sio: add id for Brainboxes serial cards
    - LP: #1333900
  * usb: option driver, add support for Telit UE910v2
    - LP: #1333900
  * USB: cp210x: Add 8281 (Nanotec Plug & Drive)
    - LP: #1333900
  * USB: pl2303: add ids for Hewlett-Packard HP POS pole displays
    - LP: #1333900
  * USB: usb_wwan: fix handling of missing bulk endpoints
    - LP: #1333900
  * USB: fix crash during hotplug of PCI USB controller card
    - LP: #1333900
  * USB: cdc-acm: Remove Motorola/Telit H24 serial interfaces from ACM
    driver
    - LP: #1333900
  * drm/radeon: memory leak on bo reservation failure. v2
    - LP: #1333900
  * drm/radeon/si: make sure mc ucode is loaded before checking the size
    - LP: #1333900
  * mm/hugetlb.c: add cond_resched_lock() in return_unused_surplus_pages()
    - LP: #1333900
  * mm: use paravirt friendly ops for NUMA hinti...

Changed in linux-lts-raring (Ubuntu Precise):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (7.9 KiB)

This bug was fixed in the package linux - 3.11.0-26.45

---------------
linux (3.11.0-26.45) saucy; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux (3.11.0-26.44) saucy; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-3.11.0-24.42 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338556

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux (3.11.0-25.43) saucy; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1336203

  [ Upstream Kernel Changes ]

  * cfg80211: free sme on connection failures
    - LP: #1335084
  * sched: Sanitize irq accounting madness
    - LP: #1335084
  * sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri check
    - LP: #1335084
  * net: cpsw: fix null dereference at probe
    - LP: #1335084
  * mac80211: fix suspend vs. association race
    - LP: #1335084
  * mac80211: fix on-channel remain-on-channel
    - LP: #1335084
  * af_iucv: wrong mapping of sent and confirmed skbs
    - LP: #1335084
  * net: filter: s390: fix JIT address randomization
    - LP: #1335084
  * perf: Limit perf_event_attr::sample_period to 63 bits
    - LP: #1335084
  * perf: Prevent false warning in perf_swevent_add
    - LP: #1335084
  * drm/gf119-/disp: fix nasty bug which can clobber SOR0's clock setup
    - LP: #1335084
  * drm/radeon: also try GART for CPU accessed buffers
    - LP: #1335084
  * drm/radeon: handle non-VGA class pci devices with ATRM
    - LP: #1335084
  * drm/radeon: fix register typo on si
    - LP: #1335084
  * drm/radeon: avoid segfault on device open when accel is not working.
    - LP: #1335084
  * can: peak_pci: prevent use after free at netdev removal
    - LP: #1335084
  * nfsd4: remove lockowner when removing lock stateid
    - LP: #1335084
  * nfsd4: warn on finding lockowner without stateid's
    - LP: #1335084
  * hwpoison, hugetlb: lock_page/unlock_page does not match for handling a
    free hugepage
    - LP: #1335084
  * mm/memory-failure.c: fix memory leak by race between poison and
    unpoison
    - LP: #1335084
  * netfilter: ipv4: defrag: set local_df flag on defragmented skb
    - LP: #1335084
  * ARM: OMAP3: clock: Back-propagate rate change from cam_mclk to dpll4_m5
    on all OMAP3 platforms
    - LP: #1335084
  * dma: dw: allow shared interrupts
    - LP: #1335084
  * dmaengine: dw: went back to plain {request,free}_irq() calls
    - LP: #1335084
  * ARM: omap5: hwmod_data: Correct IDLEMODE for McPDM
    - LP: #1335084
  * Input: synaptics - add min/max quirk for the ThinkPad W540
    - LP: #1335084
  * futex: Add another early deadlock detection check
    - LP: #1335084
  * futex: Prevent attaching to kernel threads
    - LP: #1335084
  * ARM: OMAP4: Fix the boot regression with CPU_IDLE enabled
    - LP: #1335084
  * cpufreq: remove race while accessing cur_policy
    - LP: #1335084
  * cpufreq: cpu0: drop wrong devm usage
    - LP: #1335084
  * ARM: imx: fix error handling in ipu devic...

Read more...

Changed in linux (Ubuntu Saucy):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (35.8 KiB)

This bug was fixed in the package linux - 3.13.0-32.57

---------------
linux (3.13.0-32.57) trusty; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux (3.13.0-32.56) trusty; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-3.13.0-30.55 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338524

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699
  * hpsa: add new Smart Array PCI IDs (May 2014)
    - LP: #1337516

linux (3.13.0-31.55) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1336278

  [ Andy Whitcroft ]

  * [Config] switch hyper-keyboard to virtual
    - LP: #1325306
  * [Packaging] linux-udeb-flavour -- standardise on linux prefix

  [ dann frazier ]

  * [Config] CONFIG_GPIO_DWAPB=m
    - LP: #1334823

  [ Feng Kan ]

  * SAUCE: (no-up) arm64: dts: Add Designware GPIO dts binding to APM
    X-Gene platform
    - LP: #1334823

  [ John Johansen ]

  * SAUCE: (no-up) apparmor: fix apparmor spams log with warning message
    - LP: #1308761

  [ Kamal Mostafa ]

  * [Config] updateconfigs ACPI_PROCFS_POWER=y after v3.13.11.4 rebase

  [ Loc Ho ]

  * SAUCE: (no-up) phy-xgene: Use correct tuning for Mustang
    - LP: #1335636

  [ Michael Ellerman ]

  * SAUCE: (no-up) powerpc/perf: Ensure all EBB register state is cleared
    on fork()
    - LP: #1328914

  [ Ming Lei ]

  * Revert "SAUCE: (no-up) rtc: Add X-Gene SoC Real Time Clock Driver"
    - LP: #1274305

  [ Suman Tripathi ]

  * SAUCE: (no-up) libahci: Implement the function ahci_restart_engine to
    restart the port dma engine.
    - LP: #1335645
  * SAUCE: (no-up) ata: Fix the dma state machine lockup for the IDENTIFY
    DEVICE PIO mode command.
    - LP: #1335645

  [ Tim Gardner ]

  * [Config] CONFIG_POWERNV_CPUFREQ=y for powerpc, ppc64el
    - LP: #1324571
  * [Debian] Add UTS_UBUNTU_RELEASE_ABI to utsrelease.h
    - LP: #1327619
  * [Config] CONFIG_HAVE_MEMORYLESS_NODES=y
    - LP: #1332063
  * [Config] CONFIG_HID_RMI=m
    - LP: #1305522

  [ Upstream Kernel Changes ]

  * Revert "offb: Add palette hack for little endian"
    - LP: #1333430
  * Revert "net: mvneta: fix usage as a module on RGMII configurations"
    - LP: #1333837
  * Revert "USB: serial: add usbid for dell wwan card to sierra.c"
    - LP: #1333837
  * Revert "macvlan : fix checksums error when we are in bridge mode"
    - LP: #1333838
  * serial: uart: add hw flow control support configuration
    - LP: #1328295
  * mm/numa: Remove BUG_ON() in __handle_mm_fault()
    - LP: #1323165
  * Tools: hv: Handle the case when the target file exists correctly
    - LP: #1306215
  * Documentation/devicetree/bindings: add documentation for the APM X-Gene
    SoC RTC DTS binding
    - LP: #1274305
  * drivers/rtc: add APM X-Gene SoC RTC driver
    - LP: #1274305
  * arm64: add APM X-Gene SoC RTC DTS entry
    - LP: #1274305
  * powerpc/perf: Add Power8 cache & TLB events
    - LP: #1328914
  * powerpc/perf: Configure BH...

Changed in linux (Ubuntu Trusty):
status: New → Fix Released
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Saucy):
status: New → Invalid
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Saucy):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Utopic):
importance: Undecided → High
Changed in linux (Ubuntu Precise):
importance: Undecided → High
Changed in linux (Ubuntu Saucy):
importance: Undecided → High
Changed in linux (Ubuntu Trusty):
importance: Undecided → High
Changed in linux (Ubuntu Lucid):
importance: Undecided → High
Changed in linux (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Saucy):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Saucy):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Utopic):
importance: Undecided → High
description: updated
no longer affects: linux-armadaxp (Ubuntu Saucy)
no longer affects: linux-ec2 (Ubuntu Saucy)
no longer affects: linux-lts-saucy (Ubuntu Saucy)
no longer affects: linux-lts-quantal (Ubuntu Saucy)
no longer affects: linux-mvl-dove (Ubuntu Saucy)
no longer affects: linux (Ubuntu Saucy)
no longer affects: linux-fsl-imx51 (Ubuntu Saucy)
no longer affects: linux-ti-omap4 (Ubuntu Saucy)
no longer affects: linux-lts-raring (Ubuntu Saucy)
Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Utopic):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
description: updated
information type: Private Security → Public Security
Mathew Hodson (mhodson)
tags: added: kernel-cve-tracking-bug
Mathew Hodson (mhodson)
Changed in linux (Ubuntu Utopic):
status: Fix Committed → Invalid
Changed in linux (Ubuntu):
status: Fix Committed → Invalid
no longer affects: linux-lts-trusty (Ubuntu Lucid)
no longer affects: linux-lts-trusty (Ubuntu Saucy)
no longer affects: linux-armadaxp (Ubuntu Lucid)
no longer affects: linux-ec2 (Ubuntu Lucid)
no longer affects: linux-goldfish (Ubuntu Lucid)
no longer affects: linux-lts-saucy (Ubuntu Lucid)
no longer affects: linux-lts-quantal (Ubuntu Lucid)
no longer affects: linux-mvl-dove (Ubuntu Lucid)
no longer affects: linux-ti-omap4 (Ubuntu Lucid)
no longer affects: linux-lts-vivid (Ubuntu Lucid)
no longer affects: linux (Ubuntu Lucid)
no longer affects: linux-mako (Ubuntu Lucid)
no longer affects: linux-fsl-imx51 (Ubuntu Lucid)
no longer affects: linux-lts-utopic (Ubuntu Lucid)
no longer affects: linux-flo (Ubuntu Lucid)
no longer affects: linux-lts-raring (Ubuntu Lucid)
no longer affects: linux-manta (Ubuntu Lucid)
Changed in linux-lts-trusty (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Trusty):
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Wily):
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Utopic):
importance: Undecided → High
Changed in linux-lts-trusty (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-raring (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-saucy (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-manta (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-vivid (Ubuntu Trusty):
status: New → Fix Committed
importance: Undecided → High
Changed in linux-mako (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-mako (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-utopic (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-goldfish (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Wily):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → High
Changed in linux-flo (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Andy Whitcroft (apw)
Changed in linux-flo (Ubuntu Utopic):
status: Invalid → Fix Committed
Changed in linux-mako (Ubuntu Utopic):
status: Invalid → Fix Committed
Changed in linux-manta (Ubuntu Utopic):
status: Invalid → Fix Committed
Changed in linux-goldfish (Ubuntu Utopic):
status: Invalid → Fix Committed
Steve Beattie (sbeattie)
no longer affects: linux-lts-trusty (Ubuntu Utopic)
no longer affects: linux-armadaxp (Ubuntu Utopic)
no longer affects: linux-ec2 (Ubuntu Utopic)
no longer affects: linux-goldfish (Ubuntu Utopic)
no longer affects: linux-lts-saucy (Ubuntu Utopic)
no longer affects: linux-lts-quantal (Ubuntu Utopic)
no longer affects: linux-raspi2 (Ubuntu Utopic)
no longer affects: linux-mvl-dove (Ubuntu Utopic)
no longer affects: linux-ti-omap4 (Ubuntu Utopic)
no longer affects: linux-lts-vivid (Ubuntu Utopic)
no longer affects: linux (Ubuntu Utopic)
no longer affects: linux-mako (Ubuntu Utopic)
no longer affects: linux-fsl-imx51 (Ubuntu Utopic)
no longer affects: linux-lts-utopic (Ubuntu Utopic)
no longer affects: linux-flo (Ubuntu Utopic)
no longer affects: linux-lts-raring (Ubuntu Utopic)
no longer affects: linux-manta (Ubuntu Utopic)
Changed in linux-raspi2 (Ubuntu Precise):
status: New → Invalid
importance: Undecided → High
Changed in linux-raspi2 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → High
Changed in linux-raspi2 (Ubuntu Wily):
importance: Undecided → High
Changed in linux-raspi2 (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → High
Steve Beattie (sbeattie)
Changed in linux-raspi2 (Ubuntu Xenial):
importance: Undecided → High
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.