Changelog
linux (3.2.54-1) wheezy; urgency=high
* New upstream stable update:
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54
- NFSv4: Fix a use-after-free situation in _nfs4_proc_getlk()
- USB: mos7840: fix tiocmget error handling
- ALSA: 6fire: Fix probe of multiple cards
- can: c_can: Fix RX message handling, handle lost message before EOB
- dm mpath: fix race condition between multipath_dtr and pg_init_done
- ext4: avoid bh leak in retry path of ext4_expand_extra_isize_ea()
- KVM: IOMMU: hva align mapping page size
- crypto: s390 - Fix aes-cbc IV corruption
- audit: printk USER_AVC messages when audit isn't enabled
- audit: fix info leak in AUDIT_GET requests
- audit: use nlmsg_len() to get message payload length
- PM / hibernate: Avoid overflow in hibernate_preallocate_memory()
- blk-core: Fix memory corruption if blkcg_init_queue fails
- block: fix a probe argument to blk_register_region
- SUNRPC: Fix a data corruption issue when retransmitting RPC calls
- mwifiex: correct packet length for packets from SDIO interface
- vsprintf: check real user/group id for %pK
- ipc, msg: fix message length check for negative values
- hwmon: (lm90) Fix max6696 alarm handling
- rtlwifi: rtl8192cu: Fix more pointer arithmetic errors
- setfacl removes part of ACL when setting POSIX ACLs to Samba
- nfsd: make sure to balance get/put_write_access
- nfsd4: fix xdr decoding of large non-write compounds (regression
in 3.2.49)
- NFSv4 wait on recovery for async session errors
- powerpc/signals: Mark VSX not saved with small contexts
- iscsi-target: fix extract_param to handle buffer length corner case
- iscsi-target: chap auth shouldn't match username with trailing garbage
- configfs: fix race between dentry put and lookup
- [powerpc] signals: Improved mark VSX not saved with small contexts fix
- mac80211: don't attempt to reorder multicast frames
- Staging: zram: Fix access of NULL pointer
- Staging: zram: Fix memory leak by refcount mismatch
- irq: Enable all irqs unconditionally in irq_resume
- tracing: Allow events to have NULL strings
- [armhf/omap] Staging: tidspbridge: disable driver
- cpuset: Fix memory allocator deadlock
- crypto: authenc - Find proper IV address in ablkcipher callback
- crypto: scatterwalk - Set the chain pointer indication bit
- [s390] crypto: s390 - Fix aes-xts parameter corruption
- crypto: ccm - Fix handling of zero plaintext when computing mac
- net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST
(fixes regression in 3.2.17)
- hpsa: do not discard scsi status on aborted commands
- hpsa: return 0 from driver probe function on success, not 1
- [arm] 7912/1: check stack pointer in get_wchan
- [arm] 7913/1: fix framepointer check in unwind_frame
- ALSA: memalloc.h - fix wrong truncation of dma_addr_t
- dm snapshot: avoid snapshot space leak on crash
- dm table: fail dm_table_create on dm_round_up overflow
- hwmon: (w83l786ng) Fix fan speed control mode setting and reporting
- hwmon: (w83l768ng) Fix fan speed control range
- futex: fix handling of read-only-mapped hugepages
- KVM: Improve create VCPU parameter (CVE-2013-4587)
- [x86] KVM: Fix potential divide by 0 in lapic (CVE-2013-6367)
- net: Fix "ip rule delete table 256" (Closes: #724783)
- 6lowpan: Uncompression of traffic class field was incorrect
- ipv4: fix possible seqlock deadlock
- inet: prevent leakage of uninitialized memory to user in recv syscalls
- net: rework recvmsg handler msg_name and msg_namelen logic
- net: add BUG_ON if kernel advertises msg_namelen >
sizeof(struct sockaddr_storage)
- inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
functions
- ipv6: fix leaking uninitialized port number of offender sockaddr
- net: core: Always propagate flag changes to interfaces
- packet: fix use after free race in send path when dev is released
- inet: fix possible seqlock deadlocks
- ipv6: fix possible seqlock deadlock in ip6_finish_output2
- ftrace: Check module functions being traced on reload
- ftrace: Fix function graph with loading of modules
- mmc: block: fix a bug of error handling in MMC driver
[ Ben Hutchings ]
* SCSI: virtio_scsi: fix memory leak on full queue condition
(Closes: #730138)
* drm, agp: Update to 3.4.76:
- drm/radeon: fix asic gfx values for scrapper asics
- drm/edid: add quirk for BPC in Samsung NP700G7A-S01PL notebook
- drm/radeon: fixup bad vram size on SI
[ dann frazier ]
* ath9k_htc: properly set MAC address and BSSID mask (CVE-2013-4579)
* KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368)
* x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround (CVE-2014-1438)
* hamradio/yam: fix info leak in ioctl (CVE-2014-1446)
-- dann frazier <email address hidden> Wed, 29 Jan 2014 13:42:01 -0700