[ubuntu/saucy-security] linux 3.11.0-23.40 (Accepted)

Adam Conrad adconrad at 0c3.net
Thu Jun 5 19:36:51 UTC 2014


linux (3.11.0-23.40) saucy; urgency=low

  [ Upstream Kernel Changes ]

  * futex-prevent-requeue-pi-on-same-futex.patch futex: Forbid uaddr ==
    uaddr2 in futex_requeue(..., requeue_pi=1)
    - LP: #1326367
    - CVE-2014-3153
  * futex: Validate atomic acquisition in futex_lock_pi_atomic()
    - LP: #1326367
    - CVE-2014-3153
  * futex: Always cleanup owner tid in unlock_pi
    - LP: #1326367
    - CVE-2014-3153
  * futex: Make lookup_pi_state more robust
    - LP: #1326367
    - CVE-2014-3153

linux (3.11.0-23.39) saucy; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1321190

  [ Upstream Kernel Changes ]

  * Revert "net: mvneta: fix usage as a module on RGMII configurations"
    - LP: #1320892
  * Revert "USB: serial: add usbid for dell wwan card to sierra.c"
    - LP: #1320892
  * drm/i915: quirk invert brightness for Acer Aspire 5336
    - LP: #1320892
  * w1: fix w1_send_slave dropping a slave id
    - LP: #1320892
  * ARM: 7954/1: mm: remove remaining domain support from ARMv6
    - LP: #1320892
  * matroxfb: restore the registers M_ACCESS and M_PITCH
    - LP: #1320892
  * framebuffer: fix cfb_copyarea
    - LP: #1320892
  * mach64: use unaligned access
    - LP: #1320892
  * mach64: fix cursor when character width is not a multiple of 8 pixels
    - LP: #1320892
  * tgafb: potential NULL dereference in init
    - LP: #1320892
  * tgafb: fix mode setting with fbset
    - LP: #1320892
  * tgafb: fix data copying
    - LP: #1320892
  * hvc: ensure hvc_init is only ever called once in hvc_console.c
    - LP: #1320892
  * ARM: dts: Keep G3D regulator always on for exynos5250-arndale
    - LP: #1320892
  * ext4: fix error return from ext4_ext_handle_uninitialized_extents()
    - LP: #1320892
  * usb: dwc3: fix wrong bit mask in dwc3_event_devt
    - LP: #1320892
  * x86, cpufeature: Define the Intel MPX feature flag
    - LP: #1320892
  * x86, AVX-512: AVX-512 Feature Detection
    - LP: #1320892
  * s390/cio: fix driver callback initialization for ccw consoles
    - LP: #1320892
  * ARM: Fix default CPU selection for ARCH_MULTI_V5
    - LP: #1320892
  * omap3isp: preview: Fix the crop margins
    - LP: #1320892
  * fs: NULL dereference in posix_acl_to_xattr()
    - LP: #1320892
  * ACPICA: Restore code that repairs NULL package elements in return
    values.
    - LP: #1320892
  * media: gspca: sn9c20x: add ID for Genius Look 1320 V2
    - LP: #1320892
  * m88rs2000: add caps FE_CAN_INVERSION_AUTO
    - LP: #1320892
  * m88rs2000: prevent frontend crash on continuous transponder scans
    - LP: #1320892
  * tty: Set correct tty name in 'active' sysfs attribute
    - LP: #1320892
  * usb: musb: avoid NULL pointer dereference
    - LP: #1320892
  * Bluetooth: Fix removing Long Term Key
    - LP: #1320892
  * uvcvideo: Do not use usb_set_interface on bulk EP
    - LP: #1320892
  * usb: dwc3: fix randconfig build errors
    - LP: #1320892
  * usb: gadget: atmel_usba: fix crashed during stopping when DEBUG is
    enabled
    - LP: #1320892
  * rtlwifi: rtl8192cu: Fix too long disable of IRQs
    - LP: #1320892
  * rtlwifi: rtl8192se: Fix too long disable of IRQs
    - LP: #1320892
  * rtlwifi: rtl8188ee: Fix too long disable of IRQs
    - LP: #1320892
  * rtlwifi: rtl8723ae: Fix too long disable of IRQs
    - LP: #1320892
  * xhci: Prevent runtime pm from autosuspending during initialization
    - LP: #1320892
  * staging:serqt_usb2: Fix sparse warning restricted __le16 degrades to
    integer
    - LP: #1320892
  * Btrfs: skip submitting barrier for missing device
    - LP: #1320892
  * jffs2: remove from wait queue after schedule()
    - LP: #1320892
  * jffs2: avoid soft-lockup in jffs2_reserve_space_gc()
    - LP: #1320892
  * jffs2: Fix segmentation fault found in stress test
    - LP: #1320892
  * jffs2: Fix crash due to truncation of csize
    - LP: #1320892
  * mtd: atmel_nand: Disable subpage NAND write when using Atmel PMECC
    - LP: #1320892
  * iwlwifi: dvm: take mutex when sending SYNC BT config command
    - LP: #1320892
  * v4l2-compat-ioctl32: fix wrong VIDIOC_SUBDEV_G/S_EDID32 support
    - LP: #1320892
  * virtio_balloon: don't softlockup on huge balloon changes.
    - LP: #1320892
  * arm64: Make DMA coherent and strongly ordered mappings not executable
    - LP: #1320892
  * arm64: Do not synchronise I and D caches for special ptes
    - LP: #1320892
  * ARM: OMAP2+: INTC: Acknowledge stuck active interrupts
    - LP: #1320892
  * mtip32xx: Set queue bounce limit
    - LP: #1320892
  * mtip32xx: Unmap the DMA segments before completing the IO request
    - LP: #1320892
  * ext4: fix partial cluster handling for bigalloc file systems
    - LP: #1320892
  * staging: comedi: 8255_pci: initialize MITE data window
    - LP: #1320892
  * mei: fix memory leak of pending write cb objects
    - LP: #1320892
  * usb: gadget: tcm_usb_gadget: stop format strings
    - LP: #1320892
  * usb: phy: Add ulpi IDs for SMSC USB3320 and TI TUSB1210
    - LP: #1320892
  * USB: unbind all interfaces before rebinding any
    - LP: #1320892
  * IB/ipath: Fix potential buffer overrun in sending diag packet routine
    - LP: #1320892
  * IB/qib: Fix debugfs ordering issue with multiple HCAs
    - LP: #1320892
  * IB/qib: add missing braces in do_qib_user_sdma_queue_create()
    - LP: #1320892
  * IB/nes: Return an error on ib_copy_from_udata() failure instead of NULL
    - LP: #1320892
  * mfd: sec-core: Fix possible NULL pointer dereference when i2c_new_dummy
    error
    - LP: #1320892
  * regulator: arizona-ldo1: Correct default regulator init_data
    - LP: #1320892
  * ASoC: cs42l73: Fix mask bits for SOC_VALUE_ENUM_SINGLE
    - LP: #1320892
  * ASoC: cs42l52: Fix mask bits for SOC_VALUE_ENUM_SINGLE
    - LP: #1320892
  * ACPI / button: Add ACPI Button event via netlink routine
    - LP: #1320892
  * mfd: Include all drivers in subsystem menu
    - LP: #1320892
  * mfd: max8997: Fix possible NULL pointer dereference on i2c_new_dummy
    error
    - LP: #1320892
  * mfd: max77686: Fix possible NULL pointer dereference on i2c_new_dummy
    error
    - LP: #1320892
  * mfd: max8998: Fix possible NULL pointer dereference on i2c_new_dummy
    error
    - LP: #1320892
  * mfd: max8925: Fix possible NULL pointer dereference on i2c_new_dummy
    error
    - LP: #1320892
  * mfd: 88pm860x: Fix I2C device resource leak on regmap init fail
    - LP: #1320892
  * mfd: 88pm860x: Fix possible NULL pointer dereference on i2c_new_dummy
    error
    - LP: #1320892
  * mfd: max77693: Fix possible NULL pointer dereference on i2c_new_dummy
    error
    - LP: #1320892
  * mfd: 88pm800: Fix I2C device resource leak if probe fails
    - LP: #1320892
  * mfd: tps65910: Fix possible invalid pointer dereference on
    regmap_add_irq_chip fail
    - LP: #1320892
  * MIPS: KVM: Pass reserved instruction exceptions to guest
    - LP: #1320892
  * ASoC: cs42l51: Fix SOC_DOUBLE_R_SX_TLV shift values for ADC, PCM, and
    Analog kcontrols
    - LP: #1320892
  * mac80211: fix potential use-after-free
    - LP: #1320892
  * mac80211: fix suspend vs. authentication race
    - LP: #1320892
  * mac80211: fix WPA with VLAN on AP side with ps-sta again
    - LP: #1320892
  * pid: get pid_t ppid of task in init_pid_ns
    - LP: #1320892
  * audit: convert PPIDs to the inital PID namespace.
    - LP: #1320892
  * mfd: kempld-core: Fix potential hang-up during boot
    - LP: #1320892
  * Btrfs: fix deadlock with nested trans handles
    - LP: #1320892
  * powerpc/compat: 32-bit little endian machine name is ppcle, not ppc
    - LP: #1320892
  * KVM: PPC: Book3S HV: Fix KVM hang with CONFIG_KVM_XICS=n
    - LP: #1320892
  * gpio: mxs: Allow for recursive enable_irq_wake() call
    - LP: #1320892
  * x86, hyperv: Bypass the timer_irq_works() check
    - LP: #1320892
  * nfsd4: buffer-length check for SUPPATTR_EXCLCREAT
    - LP: #1320892
  * nfsd4: session needs room for following op to error out
    - LP: #1320892
  * nfsd4: leave reply buffer space for failed setattr
    - LP: #1320892
  * nfsd4: fix test_stateid error reply encoding
    - LP: #1320892
  * nfsd: notify_change needs elevated write count
    - LP: #1320892
  * dm cache: prevent corruption caused by discard_block_size >
    cache_block_size
    - LP: #1320892
  * dm transaction manager: fix corruption due to non-atomic transaction
    commit
    - LP: #1320892
  * dm: take care to copy the space map roots before locking the superblock
    - LP: #1320892
  * NFSD: Traverse unconfirmed client through hash-table
    - LP: #1320892
  * lockd: ensure we tear down any live sockets when socket creation fails
    during lockd_up
    - LP: #1320892
  * drm/i915/tv: fix gen4 composite s-video tv-out
    - LP: #1320892
  * dm thin: fix dangling bio in process_deferred_bios error path
    - LP: #1320892
  * saa7134: fix WARN_ON during resume
    - LP: #1320892
  * em28xx: fix PCTV 290e LNA oops
    - LP: #1320892
  * NFSv4: Fix a use-after-free problem in open()
    - LP: #1320892
  * nfsd4: fix setclientid encode size
    - LP: #1320892
  * MIPS: Hibernate: Flush TLB entries in swsusp_arch_resume()
    - LP: #1320892
  * ALSA: hda - Enable beep for ASUS 1015E
    - LP: #1320892
  * x86: Adjust irq remapping quirk for older revisions of 5500/5520
    chipsets
    - LP: #1320892
  * nfsd: check passed socket's net matches NFSd superblock's one
    - LP: #1320892
  * IB/mthca: Return an error on ib_copy_to_udata() failure
    - LP: #1320892
  * IB/ehca: Returns an error on ib_copy_to_udata() failure
    - LP: #1320892
  * ext4: fix premature freeing of partial clusters split across leaf
    blocks
    - LP: #1320892
  * drm/qxl: unset a pointer in sync_obj_unref
    - LP: #1320892
  * don't bother with {get,put}_write_access() on non-regular files
    - LP: #1320892
  * reiserfs: fix race in readdir
    - LP: #1320892
  * pid_namespace: pidns_get() should check task_active_pid_ns() != NULL
    - LP: #1320892
  * drm/vmwgfx: correct fb_fix_screeninfo.line_length
    - LP: #1320892
  * ALSA: hda - Fix silent speaker output due to mute LED fixup
    - LP: #1320892
  * drm/radeon: call drm_edid_to_eld when we update the edid
    - LP: #1320892
  * drm/radeon: fix typo in spectre_golden_registers
    - LP: #1320892
  * xfs: fix directory hash ordering bug
    - LP: #1320892
  * sh: fix format string bug in stack tracer
    - LP: #1320892
  * backing_dev: fix hung task on sync
    - LP: #1320892
  * bdi: avoid oops on device removal
    - LP: #1320892
  * ocfs2: dlm: fix lock migration crash
    - LP: #1320892
  * ocfs2: dlm: fix recovery hung
    - LP: #1320892
  * ocfs2: do not put bh when buffer_uptodate failed
    - LP: #1320892
  * Skip intel_crt_init for Dell XPS 8700
    - LP: #1320892
  * dm cache: fix a lock-inversion
    - LP: #1320892
  * ARC: [nsimosci] Change .dts to use generic 8250 UART
    - LP: #1320892
  * ARC: [nsimosci] Unbork console
    - LP: #1320892
  * iscsi-target: Fix ERL=2 ASYNC_EVENT connection pointer bug
    - LP: #1320892
  * mm: try_to_unmap_cluster() should lock_page() before mlocking
    - LP: #1320892
  * mm: hugetlb: fix softlockup when a large number of hugepages are freed.
    - LP: #1320892
  * exit: call disassociate_ctty() before exit_task_namespaces()
    - LP: #1320892
  * wait: fix reparent_leader() vs EXIT_DEAD->EXIT_ZOMBIE race
    - LP: #1320892
  * hung_task: check the value of "sysctl_hung_task_timeout_sec"
    - LP: #1320892
  * ALSA: ice1712: Fix boundary checks in PCM pointer ops
    - LP: #1320892
  * lib/percpu_counter.c: fix bad percpu counter state during suspend
    - LP: #1320892
  * md/raid1: r1buf_pool_alloc: free allocate pages when subsequent
    allocation fails.
    - LP: #1320892
  * ALSA: hda - add headset mic detect quirk for a Dell laptop
    - LP: #1297581, #1320892
  * b43: Fix machine check error due to improper access of
    B43_MMIO_PSM_PHY_HDR
    - LP: #1320892
  * x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
    - LP: #1320892
  * target/tcm_fc: Fix use-after-free of ft_tpg
    - LP: #1320892
  * ib_srpt: Use correct ib_sg_dma primitives
    - LP: #1320892
  * brcmsmac: fix deadlock on missing firmware
    - LP: #1320892
  * Char: ipmi_bt_sm, fix infinite loop
    - LP: #1320892
  * mac80211: fix software remain-on-channel implementation
    - LP: #1320892
  * mac80211: exclude AP_VLAN interfaces from tx power calculation
    - LP: #1320892
  * parisc: fix epoll_pwait syscall on compat kernel
    - LP: #1320892
  * ALSA: hda/realtek - Add support of ALC288 codec
    - LP: #1320892
  * user namespace: fix incorrect memory barriers
    - LP: #1320892
  * tick-common: Fix wrong check in tick_check_replacement()
    - LP: #1320892
  * ALSA: hda/realtek - Add headset Mic support for Dell machine
    - LP: #1320892
  * mlx4_en: don't use napi_synchronize inside mlx4_en_netpoll
    - LP: #1320892
  * mei: me: do not load the driver if the FW doesn't support MEI interface
    - LP: #1320892
  * mei: ignore client writing state during cb completion
    - LP: #1320892
  * staging: r8712u: Fix case where ethtype was never obtained and always
    be checked against 0
    - LP: #1320892
  * USB: serial: ftdi_sio: add id for Brainboxes serial cards
    - LP: #1320892
  * usb: option driver, add support for Telit UE910v2
    - LP: #1320892
  * USB: cp210x: Add 8281 (Nanotec Plug & Drive)
    - LP: #1320892
  * USB: pl2303: add ids for Hewlett-Packard HP POS pole displays
    - LP: #1320892
  * USB: usb_wwan: fix handling of missing bulk endpoints
    - LP: #1320892
  * USB: fix crash during hotplug of PCI USB controller card
    - LP: #1320892
  * USB: cdc-acm: Remove Motorola/Telit H24 serial interfaces from ACM
    driver
    - LP: #1320892
  * Drivers: hv: vmbus: Negotiate version 3.0 when running on ws2012r2
    hosts
    - LP: #1320892
  * drm/radeon: add support for newer mc ucode on SI (v2)
    - LP: #1320892
  * drm/radeon: memory leak on bo reservation failure. v2
    - LP: #1320892
  * drm/radeon/si: make sure mc ucode is loaded before checking the size
    - LP: #1320892
  * mm/hugetlb.c: add cond_resched_lock() in return_unused_surplus_pages()
    - LP: #1320892
  * mm: use paravirt friendly ops for NUMA hinting ptes
    - LP: #1320892
  * coredump: fix va_list corruption
    - LP: #1320892
  * gpu: host1x: handle the correct # of syncpt regs
    - LP: #1320892
  * topology: Fix compilation warning when not in SMP
    - LP: #1320892
  * drm/tegra: Remove gratuitous pad field
    - LP: #1320892
  * ipmi: Fix a race restarting the timer
    - LP: #1320892
  * ipmi: Reset the KCS timeout when starting error recovery
    - LP: #1320892
  * ath9k: fix ready time of the multicast buffer queue
    - LP: #1320892
  * Linux 3.11.10.9
    - LP: #1320892
  * core, nfqueue, openvswitch: Orphan frags in skb_zerocopy and handle
    errors
    - LP: #1319933
  * KVM: ioapic: fix assignment of ioapic->rtc_status.pending_eoi
    (CVE-2014-0155)
    - LP: #1319933
  * iio: querying buffer scan_mask should return 0/1
    - LP: #1319933
  * pata_at91: fix ata_host_activate() failure handling
    - LP: #1319933
  * ext4: note the error in ext4_end_bio()
    - LP: #1319933
  * ext4: fix jbd2 warning under heavy xattr load
    - LP: #1319933
  * ext4: use i_size_read in ext4_unaligned_aio()
    - LP: #1319933
  * locks: allow __break_lease to sleep even when break_time is 0
    - LP: #1319933
  * usb: gadget: zero: Fix SuperSpeed enumeration for alternate setting 1
    - LP: #1319933
  * ahci: do not request irq for dummy port
    - LP: #1319933
  * genirq: Allow forcing cpu affinity of interrupts
    - LP: #1319933
  * irqchip: Gic: Support forced affinity setting
    - LP: #1319933
  * clocksource: Exynos_mct: Register clock event after request_irq()
    - LP: #1319933
  * nfsd: set timeparms.to_maxval in setup_callback_client
    - LP: #1319933
  * ahci: Do not receive interrupts sent by dummy ports
    - LP: #1319933
  * libata/ahci: accommodate tag ordered controllers
    - LP: #1319933
  * Input: synaptics - add min/max quirk for ThinkPad T431s, L440, L540, S1
    Yoga and X1
    - LP: #1319933
  * drm/radeon: fix count in cik_sdma_ring_test()
    - LP: #1319933
  * drm/radeon/pm: don't walk the crtc list before it has been initialized
    (v2)
    - LP: #1319933
  * drm/radeon: fix ATPX detection on non-VGA GPUs
    - LP: #1319933
  * mm: make fixup_user_fault() check the vma access rights too
    - LP: #1319933
  * ARM: 8027/1: fix do_div() bug in big-endian systems
    - LP: #1319933
  * ARM: 8030/1: ARM : kdump : add arch_crash_save_vmcoreinfo
    - LP: #1319933
  * USB: serial: fix sysfs-attribute removal deadlock
    - LP: #1319933
  * 8250_core: Fix unwanted TX chars write
    - LP: #1319933
  * serial: 8250: Fix thread unsafe __dma_tx_complete function
    - LP: #1319933
  * Btrfs: fix inode caching vs tree log
    - LP: #1319933
  * usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb
    - LP: #1319933
  * xhci: Switch Intel Lynx Point ports to EHCI on shutdown.
    - LP: #1319933
  * usb/xhci: fix compilation warning when !CONFIG_PCI && !CONFIG_PM
    - LP: #1319933
  * USB: io_ti: fix firmware download on big-endian machines
    - LP: #1319933
  * usb: qcserial: add Sierra Wireless EM7355
    - LP: #1319933
  * usb: qcserial: add Sierra Wireless MC73xx
    - LP: #1319933
  * usb: qcserial: add Sierra Wireless MC7305/MC7355
    - LP: #1319933
  * usb: option: add Olivetti Olicard 500
    - LP: #1319933
  * usb: option: add Alcatel L800MA
    - LP: #1319933
  * usb: option: add and update a number of CMOTech devices
    - LP: #1319933
  * crypto: crypto_wq - Fix late crypto work queue initialization
    - LP: #1319933
  * i2c: i801: Add Device IDs for Intel Wildcat Point-LP PCH
    - LP: #1319933
  * i2c: i801: enable Intel BayTrail SMBUS
    - LP: #1319933
  * ftrace/x86: One more missing sync after fixup of function modification
    failure
    - LP: #1319933
  * Bluetooth: Add support for Intel Bluetooth device [8087:0a2a]
    - LP: #1319933
  * ARM: 8007/1: Remove extraneous kcmp syscall ignore
    - LP: #1319933
  * ARM: mvebu: ensure the mdio node has a clock reference on Armada 370/XP
    - LP: #1319933
  * ARM: OMAP3: hwmod data: Correct clock domains for USB modules
    - LP: #1319933
  * ARM: OMAP4: Fix definition of IS_PM44XX_ERRATUM
    - LP: #1319933
  * xhci: extend quirk for Renesas cards
    - LP: #1319933
  * qla2xxx: fix error handling of qla2x00_mem_alloc()
    - LP: #1319933
  * arcmsr: upper 32 of dma address lost
    - LP: #1319933
  * ARM: 7840/1: LPAE: don't reject mapping /dev/mem above 4GB
    - LP: #1319933
  * s390/chsc: fix SEI usage on old FW levels
    - LP: #1319933
  * drm/i915: Don't check gmch state on inherited configs
    - LP: #1319933
  * drm/vmwgfx: Make sure user-space can't DMA across buffer object
    boundaries v2
    - LP: #1319933
  * s390/bpf,jit: initialize A register if 1st insn is BPF_S_LDX_B_MSH
    - LP: #1319933
  * arm: KVM: fix possible misalignment of PGDs and bounce page
    - LP: #1319933
  * KVM: ARM: vgic: Fix sgi dispatch problem
    - LP: #1319933
  * ftrace/module: Hardcode ftrace_module_init() call into load_module()
    - LP: #1319933
  * mpt2sas: Don't disable device twice at suspend.
    - LP: #1319933
  * virtio-scsi: Skip setting affinity on uninitialized vq
    - LP: #1319933
  * drivercore: deferral race condition fix
    - LP: #1319933
  * hrtimer: Prevent all reprogramming if hang detected
    - LP: #1319933
  * hrtimer: Prevent remote enqueue of leftmost timers
    - LP: #1319933
  * timer: Prevent overflow in apply_slack
    - LP: #1319933
  * ARC: Entry Handler tweaks: Optimize away redundant IRQ_DISABLE_SAVE
    - LP: #1319933
  * ARC: !PREEMPT: Ensure Return to kernel mode is IRQ safe
    - LP: #1319933
  * iser-target: Add missing se_cmd put for WRITE_PENDING in tx_comp_err
    - LP: #1319933
  * KVM: s390: Optimize ucontrol path
    - LP: #1319933
  * Linux 3.11.10.10
    - LP: #1319933

Date: 2014-06-04 21:01:17.089635+00:00
Changed-By: Brad Figg <brad.figg at canonical.com>
Signed-By: Adam Conrad <adconrad at 0c3.net>
https://launchpad.net/ubuntu/saucy/+source/linux/3.11.0-23.40
-------------- next part --------------
Sorry, changesfile not available.


More information about the Saucy-changes mailing list