CVE-2014-2523

Bug #1295090 reported by John Johansen
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Medium
Unassigned
Precise
Fix Released
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
Invalid
Medium
Unassigned
Wily
Invalid
Medium
Unassigned
Xenial
Invalid
Medium
Unassigned
Yakkety
Invalid
Medium
Unassigned
linux-armadaxp (Ubuntu)
Invalid
Medium
Unassigned
Precise
Fix Released
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
Invalid
Medium
Unassigned
Wily
Invalid
Medium
Unassigned
Xenial
Invalid
Medium
Unassigned
Yakkety
Invalid
Medium
Unassigned
linux-ec2 (Ubuntu)
Invalid
Medium
Unassigned
Precise
Invalid
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
Invalid
Medium
Unassigned
Wily
Invalid
Medium
Unassigned
Xenial
Invalid
Medium
Unassigned
Yakkety
Invalid
Medium
Unassigned
linux-flo (Ubuntu)
New
Medium
Unassigned
Precise
Invalid
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
Won't Fix
Medium
Unassigned
Wily
New
Medium
Unassigned
Xenial
New
Medium
Unassigned
Yakkety
New
Medium
Unassigned
linux-fsl-imx51 (Ubuntu)
Invalid
Medium
Unassigned
Precise
Invalid
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
Invalid
Medium
Unassigned
Wily
Invalid
Medium
Unassigned
Xenial
Invalid
Medium
Unassigned
Yakkety
Invalid
Medium
Unassigned
linux-goldfish (Ubuntu)
New
Medium
Unassigned
Precise
Invalid
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
Won't Fix
Medium
Unassigned
Wily
New
Medium
Unassigned
Xenial
New
Medium
Unassigned
Yakkety
New
Medium
Unassigned
linux-lts-backport-maverick (Ubuntu)
Won't Fix
Undecided
Unassigned
Lucid
Won't Fix
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned
Quantal
Won't Fix
Undecided
Unassigned
Saucy
Won't Fix
Undecided
Unassigned
Trusty
Won't Fix
Undecided
Unassigned
Utopic
Won't Fix
Undecided
Unassigned
Vivid
Won't Fix
Undecided
Unassigned
Wily
Won't Fix
Undecided
Unassigned
Xenial
Won't Fix
Undecided
Unassigned
Yakkety
Won't Fix
Undecided
Unassigned
linux-lts-backport-natty (Ubuntu)
Won't Fix
Undecided
Unassigned
Lucid
Won't Fix
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned
Quantal
Won't Fix
Undecided
Unassigned
Saucy
Won't Fix
Undecided
Unassigned
Trusty
Won't Fix
Undecided
Unassigned
Utopic
Won't Fix
Undecided
Unassigned
Vivid
Won't Fix
Undecided
Unassigned
Wily
Won't Fix
Undecided
Unassigned
Xenial
Won't Fix
Undecided
Unassigned
Yakkety
Won't Fix
Undecided
Unassigned
linux-lts-quantal (Ubuntu)
Invalid
Medium
Unassigned
Precise
Fix Released
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
Invalid
Medium
Unassigned
Wily
Invalid
Medium
Unassigned
Xenial
Invalid
Medium
Unassigned
Yakkety
Invalid
Medium
Unassigned
linux-lts-raring (Ubuntu)
Invalid
Medium
Unassigned
Precise
Fix Released
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
Invalid
Medium
Unassigned
Wily
Invalid
Medium
Unassigned
Xenial
Invalid
Medium
Unassigned
Yakkety
Invalid
Medium
Unassigned
linux-lts-saucy (Ubuntu)
Invalid
Medium
Unassigned
Precise
Fix Released
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
Invalid
Medium
Unassigned
Wily
Invalid
Medium
Unassigned
Xenial
Invalid
Medium
Unassigned
Yakkety
Invalid
Medium
Unassigned
linux-lts-trusty (Ubuntu)
Invalid
Medium
Unassigned
Precise
Invalid
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
Invalid
Medium
Unassigned
Wily
Invalid
Medium
Unassigned
Xenial
Invalid
Medium
Unassigned
Yakkety
Invalid
Medium
Unassigned
linux-lts-utopic (Ubuntu)
Invalid
Medium
Unassigned
Precise
Invalid
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
Invalid
Medium
Unassigned
Wily
Invalid
Medium
Unassigned
Xenial
Invalid
Medium
Unassigned
Yakkety
Invalid
Medium
Unassigned
linux-lts-vivid (Ubuntu)
Invalid
Medium
Unassigned
Precise
Invalid
Medium
Unassigned
Trusty
Fix Committed
Medium
Unassigned
Vivid
Invalid
Medium
Unassigned
Wily
Invalid
Medium
Unassigned
Xenial
Invalid
Medium
Unassigned
Yakkety
Invalid
Medium
Unassigned
linux-lts-wily (Ubuntu)
Invalid
Medium
Unassigned
Precise
Invalid
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
Invalid
Medium
Unassigned
Wily
Invalid
Medium
Unassigned
Xenial
Invalid
Medium
Unassigned
Yakkety
Invalid
Medium
Unassigned
linux-lts-xenial (Ubuntu)
Invalid
Medium
Unassigned
Precise
Invalid
Medium
Unassigned
Trusty
Fix Committed
Medium
Unassigned
Vivid
New
Undecided
Unassigned
Wily
Invalid
Medium
Unassigned
Xenial
Invalid
Medium
Unassigned
Yakkety
Invalid
Medium
Unassigned
linux-mako (Ubuntu)
New
Medium
Unassigned
Precise
Invalid
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
New
Medium
Unassigned
Wily
New
Medium
Unassigned
Xenial
New
Medium
Unassigned
Yakkety
New
Medium
Unassigned
linux-manta (Ubuntu)
Invalid
Medium
Unassigned
Precise
Invalid
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
Won't Fix
Medium
Unassigned
Wily
New
Medium
Unassigned
Xenial
Invalid
Medium
Unassigned
Yakkety
Invalid
Medium
Unassigned
linux-mvl-dove (Ubuntu)
Invalid
Medium
Unassigned
Precise
Invalid
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
Invalid
Medium
Unassigned
Wily
Invalid
Medium
Unassigned
Xenial
Invalid
Medium
Unassigned
Yakkety
Invalid
Medium
Unassigned
linux-raspi2 (Ubuntu)
Fix Committed
Medium
Unassigned
Precise
Invalid
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
Invalid
Medium
Unassigned
Wily
Invalid
Medium
Unassigned
Xenial
Fix Committed
Medium
Unassigned
Yakkety
Fix Committed
Medium
Unassigned
linux-snapdragon (Ubuntu)
Invalid
Medium
Unassigned
Precise
Invalid
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
New
Undecided
Unassigned
Wily
Invalid
Medium
Unassigned
Xenial
Invalid
Medium
Unassigned
Yakkety
Invalid
Medium
Unassigned
linux-ti-omap4 (Ubuntu)
Invalid
Medium
Unassigned
Precise
Fix Released
Medium
Unassigned
Trusty
Invalid
Medium
Unassigned
Vivid
Invalid
Medium
Unassigned
Wily
Invalid
Medium
Unassigned
Xenial
Invalid
Medium
Unassigned
Yakkety
Invalid
Medium
Unassigned

Bug Description

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

Break-Fix: - b22f5126a24b3b2f15448c3f2a254fc10cbc2b92

Revision history for this message
John Johansen (jjohansen) wrote :

CVE-2014-2523

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
Changed in linux-armadaxp (Ubuntu Saucy):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Saucy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Trusty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Trusty):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Trusty):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Quantal):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Trusty):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Trusty):
status: New → Fix Committed
description: updated
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Saucy):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Saucy):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Saucy):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Trusty):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Trusty):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu):
status: New → Won't Fix
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-58.120

---------------
linux (2.6.32-58.120) lucid; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1300852

  [ Upstream Kernel Changes ]

  * netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
    - LP: #1295090
    - CVE-2014-2523
  * net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
    - LP: #1293714
    - CVE-2014-0101
 -- Brad Figg <email address hidden> Tue, 01 Apr 2014 08:40:02 -0700

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ec2 - 2.6.32-363.76

---------------
linux-ec2 (2.6.32-363.76) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Rebase to Ubuntu-2.6.32-58.120
  * Release Tracking Bug
    - LP: #1301071

  [ Ubuntu: 2.6.32-58.120 ]

  * netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
    - LP: #1295090
    - CVE-2014-2523
  * net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
    - LP: #1293714
    - CVE-2014-0101
 -- Stefan Bader <email address hidden> Wed, 02 Apr 2014 13:42:12 +0200

Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-lts-saucy (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Saucy):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
no longer affects: linux-armadaxp (Ubuntu Quantal)
no longer affects: linux-ec2 (Ubuntu Quantal)
no longer affects: linux-lts-saucy (Ubuntu Quantal)
no longer affects: linux-lts-quantal (Ubuntu Quantal)
no longer affects: linux-mvl-dove (Ubuntu Quantal)
no longer affects: linux (Ubuntu Quantal)
no longer affects: linux-fsl-imx51 (Ubuntu Quantal)
no longer affects: linux-ti-omap4 (Ubuntu Quantal)
no longer affects: linux-lts-raring (Ubuntu Quantal)
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (6.8 KiB)

This bug was fixed in the package linux-lts-quantal - 3.5.0-51.76~precise1

---------------
linux-lts-quantal (3.5.0-51.76~precise1) precise; urgency=low

  [ Brad Figg ]

  * Revert "rtlwifi: Set the link state"

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - re-used previous tracking bug

linux (3.5.0-51.75) quantal; urgency=low

  [ Kamal Mostafa ]

  * Merged back Ubuntu-3.5.0-49.74 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1317333

  [ Upstream Kernel Changes ]

  * ipv6: don't set DST_NOCOUNT for remotely added routes
    - LP: #1293726
    - CVE-2014-2309
  * vhost: fix total length when packets are too short
    - LP: #1312984
    - CVE-2014-0077
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

linux (3.5.0-50.74) quantal; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1313852

  [ Upstream Kernel Changes ]

  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * vhost: validate vhost_get_vq_desc return value
    - LP: #1298117
    - CVE-2014-0055
  * netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
    - LP: #1295090
    - CVE-2014-2523
  * ALSA: oxygen: Xonar DG(X): capture from I2S channel 1, not 2
    - LP: #1310783
  * ALSA: oxygen: Xonar DG(X): modify DAC routing
    - LP: #1310783
  * mac80211: fix AP powersave TX vs. wakeup race
    - LP: #1310783
  * iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when assoc fails
    - LP: #1310783
  * ath9k: protect tid->sched check
    - LP: #1310783
  * ath9k: Fix ETSI compliance for AR9462 2.0
    - LP: #1310783
  * genirq: Remove racy waitqueue_active check
    - LP: #1310783
  * sched: Fix double normalization of vruntime
    - LP: #1310783
  * cpuset: fix a race condition in __cpuset_node_allowed_softwall()
    - LP: #1310783
  * firewire: net: fix use after free
    - LP: #1310783
  * mwifiex: do not advertise usb autosuspend support
    - LP: #1310783
  * NFS: Fix a delegation callback race
    - LP: #1310783
  * can: flexcan: fix shutdown: first disable chip, then all interrupts
    - LP: #1310783
  * can: flexcan: flexcan_open(): fix error path if flexcan_chip_start()
    fails
    - LP: #1310783
  * tracing: Do not add event files for modules that fail tracepoints
    - LP: #1310783
  * ocfs2: fix quota file corruption
    - LP: #1310783
  * rapidio/tsi721: fix tasklet termination in dma channel release
    - LP: #1310783
  * ALSA: usb-audio: Add quirk for Logitech Webcam C500
    - LP: #1310783
  * drm/radeon: TTM must be init with cpu-visible VRAM, v2
    - LP: #1310783
  * drm/radeon/atom: select the proper number of lanes in transmitter setup
    - LP: #1310783
  * powerpc: Align p_dyn, p_rela and p_st symbols
    - LP: #1310783
  * libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus
    SpinPoint M8 (2BA30001)
    ...

Read more...

Changed in linux-lts-quantal (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (17.9 KiB)

This bug was fixed in the package linux-lts-raring - 3.8.0-41.60~precise1

---------------
linux-lts-raring (3.8.0-41.60~precise1) precise; urgency=low

  [ Kamal Mostafa ]

  * Revert "rtlwifi: Set the link state"
    - LP: #1289429
    - LP: #1319735
  * Release Tracking Bug
    - re-used previous tracking bug

linux-lts-raring (3.8.0-41.59~precise1) precise; urgency=low

  [ Kamal Mostafa ]

  * Merged back Ubuntu-3.8.0-39.58 security release
  * Revert: "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1317242
  * Release Tracking Bug
    - LP: #1317246

  [ Upstream Kernel Changes ]

  * Input: ALPS - add support for "Dolphin" devices
    - LP: #1256213
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1317242
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1317242
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1317242
    - LP: #1316735
    - CVE-2014-1738
  * Linux 3.8.13.23
    - LP: #1317242

linux-lts-raring (3.8.0-40.58~precise1) precise; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1314348

  [ Upstream Kernel Changes ]

  * Revert "sparc64: Fix __copy_{to,from}_user_inatomic defines."
    - LP: #1313767
  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * 6lowpan: fix lockdep splats
    - LP: #1307561
  * 9p/trans_virtio.c: Fix broken zero-copy on vmalloc() buffers
    - LP: #1307561
  * ipv4: Fix runtime WARNING in rtmsg_ifa()
    - LP: #1307561
  * net: fix 'ip rule' iif/oif device rename
    - LP: #1307561
  * net: qmi_wwan: add Netgear Aircard 340U
    - LP: #1307561
  * tcp: tsq: fix nonagle handling
    - LP: #1307561
  * tg3: Fix deadlock in tg3_change_mtu()
    - LP: #1307561
  * net: asix: add missing flag to struct driver_info
    - LP: #1307561
  * bonding: 802.3ad: make aggregator_identifier bond-private
    - LP: #1307561
  * ipv4: fix counter in_slow_tot
    - LP: #1307561
  * net: sctp: fix sctp_connectx abi for ia32 emulation/compat mode
    - LP: #1307561
  * net: add and use skb_gso_transport_seglen()
    - LP: #1307561
  * net: core: introduce netif_skb_dev_features
    - LP: #1307561
  * net: ip, ipv6: handle gso skbs in forwarding path
    - LP: #1307561
  * net: use __GFP_NORETRY for high order allocations
    - LP: #1307561
  * net-tcp: fastopen: fix high order allocations
    - LP: #1307561
  * virtio-net: alloc big buffers also when guest can receive UFO
    - LP: #1307561
  * ipv6: reuse ip6_frag_id from ip6_ufo_append_data
    - LP: #1307561
  * sfc: check for NULL efx->ptp_data in efx_ptp_event
    - LP: #1307561
  * ipv6: ipv6_find_hdr restore prev functionality
    - LP: #1307561
  * tg3: Don't check undefined error bits in RXBD
    - LP: #1307561
  * net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
    - LP: #1307561
  * mac80211: send control port protocol frames to the VO queue
    - LP: #1307561
  * mac80211: fix AP powersave TX vs. wakeup race
    - LP: #1307561
  * iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when asso...

Changed in linux-lts-raring (Ubuntu Precise):
status: Won't Fix → Fix Released
Revision history for this message
Malcolm Scott (malcscott) wrote :

Would someone mind explaining, please, why this remote code execution vulnerability was only just now fixed in precise despite being fixed upstream in January?

Changed in linux-lts-saucy (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Saucy):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (6.7 KiB)

This bug was fixed in the package linux-ti-omap4 - 3.5.0-242.58

---------------
linux-ti-omap4 (3.5.0-242.58) quantal; urgency=low

  * Release Tracking Bug
    - LP: #1317330

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.5.0-51.75

  [ Ubuntu: 3.5.0-51.75 ]

  * Merged back Ubuntu-3.5.0-49.74 security release
  * Revert "n_tty: Fix n_tty_write crash when echoing in raw mode"
    - LP: #1314762
  * Release Tracking Bug
    - LP: #1317227
  * ipv6: don't set DST_NOCOUNT for remotely added routes
    - LP: #1293726
    - CVE-2014-2309
  * vhost: fix total length when packets are too short
    - LP: #1312984
    - CVE-2014-0077
  * n_tty: Fix n_tty_write crash when echoing in raw mode
    - LP: #1314762
    - CVE-2014-0196
  * floppy: ignore kernel-only members in FDRAWCMD ioctl input
    - LP: #1316729
    - CVE-2014-1737
  * floppy: don't write kernel-only members to FDRAWCMD ioctl output
    - LP: #1316735
    - CVE-2014-1738

  [ Ubuntu: 3.5.0-50.74 ]

  * Release Tracking Bug
    - LP: #1313852
  * rds: prevent dereference of a NULL device in rds_iw_laddr_check
    - LP: #1302222
    - CVE-2014-2678
  * vhost: validate vhost_get_vq_desc return value
    - LP: #1298117
    - CVE-2014-0055
  * netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
    - LP: #1295090
    - CVE-2014-2523
  * ALSA: oxygen: Xonar DG(X): capture from I2S channel 1, not 2
    - LP: #1310783
  * ALSA: oxygen: Xonar DG(X): modify DAC routing
    - LP: #1310783
  * mac80211: fix AP powersave TX vs. wakeup race
    - LP: #1310783
  * iwlwifi: dvm: clear IWL_STA_UCODE_INPROGRESS when assoc fails
    - LP: #1310783
  * ath9k: protect tid->sched check
    - LP: #1310783
  * ath9k: Fix ETSI compliance for AR9462 2.0
    - LP: #1310783
  * genirq: Remove racy waitqueue_active check
    - LP: #1310783
  * sched: Fix double normalization of vruntime
    - LP: #1310783
  * cpuset: fix a race condition in __cpuset_node_allowed_softwall()
    - LP: #1310783
  * firewire: net: fix use after free
    - LP: #1310783
  * mwifiex: do not advertise usb autosuspend support
    - LP: #1310783
  * NFS: Fix a delegation callback race
    - LP: #1310783
  * can: flexcan: fix shutdown: first disable chip, then all interrupts
    - LP: #1310783
  * can: flexcan: flexcan_open(): fix error path if flexcan_chip_start()
    fails
    - LP: #1310783
  * tracing: Do not add event files for modules that fail tracepoints
    - LP: #1310783
  * ocfs2: fix quota file corruption
    - LP: #1310783
  * rapidio/tsi721: fix tasklet termination in dma channel release
    - LP: #1310783
  * ALSA: usb-audio: Add quirk for Logitech Webcam C500
    - LP: #1310783
  * drm/radeon: TTM must be init with cpu-visible VRAM, v2
    - LP: #1310783
  * drm/radeon/atom: select the proper number of lanes in transmitter setup
    - LP: #1310783
  * powerpc: Align p_dyn, p_rela and p_st symbols
    - LP: #1310783
  * libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for Seagate Momentus
    SpinPoint M8 (2BA30001)
    - LP: #1310783
  * usb: Add device quirk for Logitech HD Pro Webcams C920 and C930e
    - LP: #1310783
  * usb: Make DELAY_INIT quirk wait 100ms between Get Configuration
    requests
    - LP: #1310783
...

Read more...

Changed in linux-ti-omap4 (Ubuntu Saucy):
status: Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
no longer affects: linux-armadaxp (Ubuntu Saucy)
no longer affects: linux-ec2 (Ubuntu Saucy)
no longer affects: linux-lts-saucy (Ubuntu Saucy)
no longer affects: linux-lts-quantal (Ubuntu Saucy)
no longer affects: linux-mvl-dove (Ubuntu Saucy)
no longer affects: linux (Ubuntu Saucy)
no longer affects: linux-fsl-imx51 (Ubuntu Saucy)
no longer affects: linux-ti-omap4 (Ubuntu Saucy)
no longer affects: linux-lts-raring (Ubuntu Saucy)
Changed in linux-lts-trusty (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-trusty (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-utopic (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Vivid):
importance: Undecided → Medium
Changed in linux-flo (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Vivid):
importance: Undecided → Medium
Changed in linux-goldfish (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Vivid):
importance: Undecided → Medium
Changed in linux-mako (Ubuntu Utopic):
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Vivid):
importance: Undecided → Medium
Changed in linux-manta (Ubuntu Utopic):
importance: Undecided → Medium
Mathew Hodson (mhodson)
Changed in linux (Ubuntu Trusty):
status: Fix Committed → Invalid
Changed in linux (Ubuntu Utopic):
status: Fix Committed → Invalid
Changed in linux (Ubuntu Vivid):
status: Fix Committed → Invalid
no longer affects: linux-lts-trusty (Ubuntu Lucid)
no longer affects: linux-armadaxp (Ubuntu Lucid)
no longer affects: linux-ec2 (Ubuntu Lucid)
no longer affects: linux-goldfish (Ubuntu Lucid)
no longer affects: linux-lts-saucy (Ubuntu Lucid)
no longer affects: linux-lts-quantal (Ubuntu Lucid)
no longer affects: linux-mvl-dove (Ubuntu Lucid)
no longer affects: linux-ti-omap4 (Ubuntu Lucid)
no longer affects: linux (Ubuntu Lucid)
no longer affects: linux-mako (Ubuntu Lucid)
no longer affects: linux-fsl-imx51 (Ubuntu Lucid)
no longer affects: linux-lts-utopic (Ubuntu Lucid)
no longer affects: linux-flo (Ubuntu Lucid)
no longer affects: linux-lts-raring (Ubuntu Lucid)
no longer affects: linux-manta (Ubuntu Lucid)
Changed in linux-lts-vivid (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-vivid (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-vivid (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-vivid (Ubuntu Utopic):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-vivid (Ubuntu Trusty):
status: New → Fix Committed
importance: Undecided → Medium
no longer affects: linux-lts-trusty (Ubuntu Utopic)
no longer affects: linux-armadaxp (Ubuntu Utopic)
no longer affects: linux-ec2 (Ubuntu Utopic)
no longer affects: linux-goldfish (Ubuntu Utopic)
no longer affects: linux-lts-saucy (Ubuntu Utopic)
no longer affects: linux-lts-quantal (Ubuntu Utopic)
no longer affects: linux-mvl-dove (Ubuntu Utopic)
no longer affects: linux-ti-omap4 (Ubuntu Utopic)
no longer affects: linux-lts-vivid (Ubuntu Utopic)
no longer affects: linux (Ubuntu Utopic)
no longer affects: linux-mako (Ubuntu Utopic)
no longer affects: linux-fsl-imx51 (Ubuntu Utopic)
no longer affects: linux-lts-utopic (Ubuntu Utopic)
no longer affects: linux-flo (Ubuntu Utopic)
no longer affects: linux-lts-raring (Ubuntu Utopic)
no longer affects: linux-manta (Ubuntu Utopic)
Steve Beattie (sbeattie)
Changed in linux-lts-wily (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-wily (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-wily (Ubuntu Xenial):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-wily (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-wily (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Steve Beattie (sbeattie)
Changed in linux-raspi2 (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-raspi2 (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-raspi2 (Ubuntu Xenial):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-raspi2 (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-raspi2 (Ubuntu Vivid):
status: New → Invalid
importance: Undecided → Medium
Steve Beattie (sbeattie)
Changed in linux-raspi2 (Ubuntu Xenial):
status: Invalid → Fix Committed
Steve Beattie (sbeattie)
Changed in linux-lts-xenial (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-xenial (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-xenial (Ubuntu Xenial):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-xenial (Ubuntu Trusty):
status: New → Fix Committed
importance: Undecided → Medium
Steve Beattie (sbeattie)
Changed in linux-manta (Ubuntu Xenial):
status: New → Invalid
Steve Beattie (sbeattie)
Changed in linux-snapdragon (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-snapdragon (Ubuntu Wily):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-snapdragon (Ubuntu Xenial):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-snapdragon (Ubuntu Yakkety):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-snapdragon (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Revision history for this message
Andy Whitcroft (apw) wrote : Closing unsupported series nomination.

This bug was nominated against a series that is no longer supported, ie vivid. The bug task representing the vivid nomination is being closed as Won't Fix.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux-flo (Ubuntu Vivid):
status: New → Won't Fix
Andy Whitcroft (apw)
Changed in linux-goldfish (Ubuntu Vivid):
status: New → Won't Fix
Andy Whitcroft (apw)
Changed in linux-manta (Ubuntu Vivid):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.