[ubuntu/lucid-security] linux 2.6.32-61.124 (Accepted)
Adam Conrad
adconrad at 0c3.net
Thu Jun 5 19:33:13 UTC 2014
linux (2.6.32-61.124) lucid; urgency=low
[ Luis Henriques ]
* Revert "sysctl net: Keep tcp_syn_retries inside the boundary"
- LP: #1326473
* Revert "net: check net.core.somaxconn sysctl values"
- LP: #1326473
[ Upstream Kernel Changes ]
* futex-prevent-requeue-pi-on-same-futex.patch futex: Forbid uaddr ==
uaddr2 in futex_requeue(..., requeue_pi=1)
- LP: #1326367
- CVE-2014-3153
* futex: Validate atomic acquisition in futex_lock_pi_atomic()
- LP: #1326367
- CVE-2014-3153
* futex: Always cleanup owner tid in unlock_pi
- LP: #1326367
- CVE-2014-3153
* futex: Make lookup_pi_state more robust
- LP: #1326367
- CVE-2014-3153
linux (2.6.32-61.123) lucid; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1321646
[ Upstream Kernel Changes ]
* mm: try_to_unmap_cluster() should lock_page() before mlocking
- LP: #1316268
- CVE-2014-3122
* ipc/msg: fix race around refcount
- LP: #1248713
- CVE-2013-4483
* scsi: fix missing include linux/types.h in scsi_netlink.h
- LP: #1321293
* Fix lockup related to stop_machine being stuck in __do_softirq.
- LP: #1321293
* x86, ptrace: fix build breakage with gcc 4.7 (second try)
- LP: #1321293
* ipvs: fix CHECKSUM_PARTIAL for TCP, UDP
- LP: #1321293
* intel-iommu: Flush unmaps at domain_exit
- LP: #1321293
* staging: comedi: ni_65xx: (bug fix) confine insn_bits to one subdevice
- LP: #1321293
* kernel/kmod.c: check for NULL in call_usermodehelper_exec()
- LP: #1321293
* HID: check for NULL field when setting values
- LP: #1321293
* crypto: api - Fix race condition in larval lookup
- LP: #1321293
* ipv6: tcp: fix panic in SYN processing
- LP: #1321293
* tcp: must unclone packets before mangling them
- LP: #1321293
* net: do not call sock_put() on TIMEWAIT sockets
- LP: #1321293
* net: heap overflow in __audit_sockaddr()
- LP: #1321293
* proc connector: fix info leaks
- LP: #1321293
* can: dev: fix nlmsg size calculation in can_get_size()
- LP: #1321293
* net: vlan: fix nlmsg size calculation in vlan_get_size()
- LP: #1321293
* connector: use nlmsg_len() to check message length
- LP: #1321293
* net: dst: provide accessor function to dst->xfrm
- LP: #1321293
* sctp: Use software crc32 checksum when xfrm transform will happen.
- LP: #1321293
* sctp: Perform software checksum if packet has to be fragmented.
- LP: #1321293
* davinci_emac.c: Fix IFF_ALLMULTI setup
- LP: #1321293
* resubmit bridge: fix message_age_timer calculation
- LP: #1321293
* ipv6 mcast: use in6_dev_put in timer handlers instead of __in6_dev_put
- LP: #1321293
* ipv4 igmp: use in_dev_put in timer handlers instead of __in_dev_put
- LP: #1321293
* dm9601: fix IFF_ALLMULTI handling
- LP: #1321293
* bonding: Fix broken promiscuity reference counting issue
- LP: #1321293
* ll_temac: Reset dma descriptors indexes on ndo_open
- LP: #1321293
* tcp: fix tcp_md5_hash_skb_data()
- LP: #1321293
* ipv6: fix possible crashes in ip6_cork_release()
- LP: #1321293
* ip_tunnel: fix kernel panic with icmp_dest_unreach
- LP: #1321293
* net: sctp: fix NULL pointer dereference in socket destruction
- LP: #1321293
* packet: packet_getname_spkt: make sure string is always 0-terminated
- LP: #1321293
* neighbour: fix a race in neigh_destroy()
- LP: #1321293
* net: Swap ver and type in pppoe_hdr
- LP: #1321293
* sunvnet: vnet_port_remove must call unregister_netdev
- LP: #1321293
* ifb: fix rcu_sched self-detected stalls
- LP: #1321293
* dummy: fix oops when loading the dummy failed
- LP: #1321293
* ifb: fix oops when loading the ifb failed
- LP: #1321293
* vlan: fix a race in egress prio management
- LP: #1321293
* arcnet: cleanup sizeof parameter
- LP: #1321293
* sysctl net: Keep tcp_syn_retries inside the boundary
- LP: #1321293
* sctp: fully initialize sctp_outq in sctp_outq_init
- LP: #1321293
* net_sched: Fix stack info leak in cbq_dump_wrr().
- LP: #1321293
* af_key: more info leaks in pfkey messages
- LP: #1321293
* net_sched: info leak in atm_tc_dump_class()
- LP: #1321293
* htb: fix sign extension bug
- LP: #1321293
* net: check net.core.somaxconn sysctl values
- LP: #1321293
* tcp: cubic: fix bug in bictcp_acked()
- LP: #1321293
* ipv6: don't stop backtracking in fib6_lookup_1 if subtree does not
match
- LP: #1321293
* ipv6: drop packets with multiple fragmentation headers
- LP: #1321293
* ipv6: Don't depend on per socket memory for neighbour discovery
messages
- LP: #1321293
* ICMPv6: treat dest unreachable codes 5 and 6 as EACCES, not EPROTO
- LP: #1321293
* tipc: fix lockdep warning during bearer initialization
- LP: #1321293
* net: Fix "ip rule delete table 256"
- LP: #1321293
* ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
- LP: #1321293
* random32: fix off-by-one in seeding requirement
- LP: #1321293
* bonding: fix two race conditions in bond_store_updelay/downdelay
- LP: #1321293
* isdnloop: use strlcpy() instead of strcpy()
- LP: #1321293
* ipv4: fix possible seqlock deadlock
- LP: #1321293
* net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
sockaddr_storage)
- LP: #1321293
* net: clamp ->msg_namelen instead of returning an error
- LP: #1321293
* ipv6: fix leaking uninitialized port number of offender sockaddr
- LP: #1321293
* atm: idt77252: fix dev refcnt leak
- LP: #1321293
* net: core: Always propagate flag changes to interfaces
- LP: #1321293
* bridge: flush br's address entry in fdb when remove the bridge dev
- LP: #1321293
* inet: fix possible seqlock deadlocks
- LP: #1321293
* ipv6: fix possible seqlock deadlock in ip6_finish_output2
- LP: #1321293
* {pktgen, xfrm} Update IPv4 header total len and checksum after
tranformation
- LP: #1321293
* net: drop_monitor: fix the value of maxattr
- LP: #1321293
* net: unix: allow bind to fail on mutex lock
- LP: #1321293
* drivers/net/hamradio: Integer overflow in hdlcdrv_ioctl()
- LP: #1321293
* net: llc: fix use after free in llc_ui_recvmsg
- LP: #1321293
* inet_diag: fix inet_diag_dump_icsk() timewait socket state logic
- LP: #1321293
* net: fix 'ip rule' iif/oif device rename
- LP: #1321293
* tg3: Fix deadlock in tg3_change_mtu()
- LP: #1321293
* bonding: 802.3ad: make aggregator_identifier bond-private
- LP: #1321293
* net: sctp: fix sctp_connectx abi for ia32 emulation/compat mode
- LP: #1321293
* virtio-net: alloc big buffers also when guest can receive UFO
- LP: #1321293
* tg3: Don't check undefined error bits in RXBD
- LP: #1321293
* net: sctp: fix skb leakage in COOKIE ECHO path of chunk->auth_chunk
- LP: #1321293
* net: socket: error on a negative msg_namelen
- LP: #1321293
* netlink: don't compare the nul-termination in nla_strcmp
- LP: #1321293
* isdnloop: several buffer overflows
- LP: #1321293
* isdnloop: Validate NUL-terminated strings from user.
- LP: #1321293
* sctp: unbalanced rcu lock in ip_queue_xmit()
- LP: #1321293
* ipv6: udp packets following an UFO enqueued packet need also be handled
by UFO
- LP: #1321293
* inet: fix possible memory corruption with UDP_CORK and UFO
- LP: #1321293
* x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround
- LP: #1321293
* gianfar: disable TX vlan based on kernel 2.6.x
- LP: #1321293
* powernow-k6: set transition latency value so ondemand governor can be
used
- LP: #1321293
* powernow-k6: disable cache when changing frequency
- LP: #1321293
* powernow-k6: correctly initialize default parameters
- LP: #1321293
* powernow-k6: reorder frequencies
- LP: #1321293
* tcp: fix tcp_trim_head() to adjust segment count with skb MSS
- LP: #1321293
* tcp_cubic: limit delayed_ack ratio to prevent divide error
- LP: #1321293
* tcp_cubic: fix the range of delayed_ack
- LP: #1321293
* qeth: avoid buffer overflow in snmp ioctl
- LP: #1321293
* s390: fix kernel crash due to linkage stack instructions
- LP: #1321293
* Linux 2.6.32.62
- LP: #1321293
Date: 2014-06-04 23:00:13.633556+00:00
Changed-By: Brad Figg <brad.figg at canonical.com>
Signed-By: Adam Conrad <adconrad at 0c3.net>
https://launchpad.net/ubuntu/lucid/+source/linux/2.6.32-61.124
-------------- next part --------------
Sorry, changesfile not available.
More information about the Lucid-changes
mailing list