Ubuntu
linux package

Lucid update to 2.6.32.63 stable release

Bug #1335049 reported by Luis Henriques
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned
Lucid
Fix Released
Undecided
Unassigned

Bug Description

SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from Linus' tree or in a minimally
       backported form of that patch. The 2.6.32.63 upstream stable
       patch set is now available. It should be included in the Ubuntu
       kernel as well.

       git://git.kernel.org/

    TEST CASE: TBD

       The following patches are in the 2.6.32.63 stable release:

Linux 2.6.32.63
net: fix regression introduced in 2.6.32.62 by sysctl fixes
auditsc: audit_krule mask accesses need bounds checking
futex: Prevent attaching to kernel threads
ethtool: Report link-down while interface is down

The following patches from 2.6.32.63 were not applied as they were already present in the Lucid kernel:

futex: Make lookup_pi_state more robust
futex: Always cleanup owner tid in unlock_pi
futex: Validate atomic acquisition in futex_lock_pi_atomic()
futex-prevent-requeue-pi-on-same-futex.patch futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1)

The following patch from 2.6.32.63 was dropped as one of futex patches in Lucid seem to implement a slightly different security fix that prevents it from being applied:

futex: Add another early deadlock detection check

See original description

CVE References

Luis Henriques (henrix)
tags: added: kernel-stable-tracking-bug
Luis Henriques (henrix)
description: updated
Luis Henriques (henrix)
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-64.128

---------------
linux (2.6.32-64.128) lucid; urgency=low

  [ Upstream Kernel Changes ]

  * l2tp: Privilege escalation in ppp over l2tp sockets
    - LP: #1341472
    - CVE-2014-4943

linux (2.6.32-64.127) lucid; urgency=low

  [ Luis Henriques ]

  * Merged back Ubuntu-2.6.32-62.126 security release
  * Revert "x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)"
    - LP: #1337339
  * Release Tracking Bug
    - LP: #1338946

  [ Upstream Kernel Changes ]

  * ptrace,x86: force IRET path after a ptrace_stop()
    - LP: #1337339
    - CVE-2014-4699

linux (2.6.32-63.126) lucid; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1335875

  [ Upstream Kernel Changes ]

  * net: check net.core.somaxconn sysctl values
    - LP: #1321293
  * sysctl net: Keep tcp_syn_retries inside the boundary
    - LP: #1321293
  * ethtool: Report link-down while interface is down
    - LP: #1335049
  * futex: Prevent attaching to kernel threads
    - LP: #1335049
  * auditsc: audit_krule mask accesses need bounds checking
    - LP: #1335049
  * net: fix regression introduced in 2.6.32.62 by sysctl fixes
    - LP: #1335049
  * Linux 2.6.32.63
    - LP: #1335049
  * lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c
    - LP: #1335313
    - CVE-2014-4608
  * lib/lzo: Update LZO compression to current upstream version
    - LP: #1335313
    - CVE-2014-4608
  * lzo: properly check for overruns
    - LP: #1335313
    - CVE-2014-4608
 -- Luis Henriques <email address hidden> Mon, 14 Jul 2014 16:33:33 +0100

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Mathew Hodson (mhodson)
Changed in linux (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.