** Description changed:
+ SRU Justification
- SRU Justification
+ Impact:
+ The upstream process for stable tree updates is quite similar
+ in scope to the Ubuntu SRU process, e.g., each patch has to
+ demonstrably fix a bug, and each patch is vetted by upstream
+ by originating either directly from Linus' tree or in a minimally
+ backported form of that patch. The 2.6.32.62 upstream stable
+ patch set is now available. It should be included in the Ubuntu
+ kernel as well.
- Impact:
- The upstream process for stable tree updates is quite similar
- in scope to the Ubuntu SRU process, e.g., each patch has to
- demonstrably fix a bug, and each patch is vetted by upstream
- by originating either directly from Linus' tree or in a minimally
- backported form of that patch. The 2.6.32.62 upstream stable
- patch set is now available. It should be included in the Ubuntu
- kernel as well.
+ git://git.kernel.org/
- git://git.kernel.org/
+ TEST CASE: TBD
- TEST CASE: TBD
+ The following patches are in the 2.6.32.62 stable release:
- The following patches are in the 2.6.32.62 stable release:
+ Linux 2.6.32.62
+ s390: fix kernel crash due to linkage stack instructions
+ qeth: avoid buffer overflow in snmp ioctl
+ tcp_cubic: fix the range of delayed_ack
+ tcp_cubic: limit delayed_ack ratio to prevent divide error
+ tcp: fix tcp_trim_head() to adjust segment count with skb MSS
+ powernow-k6: reorder frequencies
+ powernow-k6: correctly initialize default parameters
+ powernow-k6: disable cache when changing frequency
+ powernow-k6: set transition latency value so ondemand governor can be used
+ gianfar: disable TX vlan based on kernel 2.6.x
+ x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround
+ inet: fix possible memory corruption with UDP_CORK and UFO
+ ipv6: udp packets following an UFO enqueued packet need also be handled by UFO
+ sctp: unbalanced rcu lock in ip_queue_xmit()
+ isdnloop: Validate NUL-terminated strings from user.
+ isdnloop: several buffer overflows
+ netlink: don't compare the nul-termination in nla_strcmp
+ net: socket: error on a negative msg_namelen
+ net: sctp: fix skb leakage in COOKIE ECHO path of chunk->auth_chunk
+ tg3: Don't check undefined error bits in RXBD
+ virtio-net: alloc big buffers also when guest can receive UFO
+ net: sctp: fix sctp_connectx abi for ia32 emulation/compat mode
+ bonding: 802.3ad: make aggregator_identifier bond-private
+ tg3: Fix deadlock in tg3_change_mtu()
+ net: fix 'ip rule' iif/oif device rename
+ inet_diag: fix inet_diag_dump_icsk() timewait socket state logic
+ net: llc: fix use after free in llc_ui_recvmsg
+ drivers/net/hamradio: Integer overflow in hdlcdrv_ioctl()
+ net: unix: allow bind to fail on mutex lock
+ net: drop_monitor: fix the value of maxattr
+ {pktgen, xfrm} Update IPv4 header total len and checksum after tranformation
+ ipv6: fix possible seqlock deadlock in ip6_finish_output2
+ inet: fix possible seqlock deadlocks
+ bridge: flush br's address entry in fdb when remove the bridge dev
+ net: core: Always propagate flag changes to interfaces
+ atm: idt77252: fix dev refcnt leak
+ ipv6: fix leaking uninitialized port number of offender sockaddr
+ net: clamp ->msg_namelen instead of returning an error
+ net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
sockaddr_storage)
+ ipv4: fix possible seqlock deadlock
+ isdnloop: use strlcpy() instead of strcpy()
+ bonding: fix two race conditions in bond_store_updelay/downdelay
+ random32: fix off-by-one in seeding requirement
+ ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
+ net: Fix "ip rule delete table 256"
+ tipc: fix lockdep warning during bearer initialization
+ ICMPv6: treat dest unreachable codes 5 and 6 as EACCES, not EPROTO
+ ipv6: Don't depend on per socket memory for neighbour discovery messages
+ ipv6: drop packets with multiple fragmentation headers
+ ipv6: don't stop backtracking in fib6_lookup_1 if subtree does not match
+ tcp: cubic: fix bug in bictcp_acked()
+ net: check net.core.somaxconn sysctl values
+ htb: fix sign extension bug
+ net_sched: info leak in atm_tc_dump_class()
+ af_key: more info leaks in pfkey messages
+ net_sched: Fix stack info leak in cbq_dump_wrr().
+ sctp: fully initialize sctp_outq in sctp_outq_init
+ sysctl net: Keep tcp_syn_retries inside the boundary
+ arcnet: cleanup sizeof parameter
+ vlan: fix a race in egress prio management
+ ifb: fix oops when loading the ifb failed
+ dummy: fix oops when loading the dummy failed
+ ifb: fix rcu_sched self-detected stalls
+ sunvnet: vnet_port_remove must call unregister_netdev
+ net: Swap ver and type in pppoe_hdr
+ neighbour: fix a race in neigh_destroy()
+ packet: packet_getname_spkt: make sure string is always 0-terminated
+ net: sctp: fix NULL pointer dereference in socket destruction
+ ip_tunnel: fix kernel panic with icmp_dest_unreach
+ ipv6: fix possible crashes in ip6_cork_release()
+ tcp: fix tcp_md5_hash_skb_data()
+ ll_temac: Reset dma descriptors indexes on ndo_open
+ bonding: Fix broken promiscuity reference counting issue
+ dm9601: fix IFF_ALLMULTI handling
+ ipv4 igmp: use in_dev_put in timer handlers instead of __in_dev_put
+ ipv6 mcast: use in6_dev_put in timer handlers instead of __in6_dev_put
+ resubmit bridge: fix message_age_timer calculation
+ davinci_emac.c: Fix IFF_ALLMULTI setup
+ sctp: Perform software checksum if packet has to be fragmented.
+ sctp: Use software crc32 checksum when xfrm transform will happen.
+ net: dst: provide accessor function to dst->xfrm
+ connector: use nlmsg_len() to check message length
+ net: vlan: fix nlmsg size calculation in vlan_get_size()
+ can: dev: fix nlmsg size calculation in can_get_size()
+ proc connector: fix info leaks
+ net: heap overflow in __audit_sockaddr()
+ net: do not call sock_put() on TIMEWAIT sockets
+ tcp: must unclone packets before mangling them
+ ipv6: tcp: fix panic in SYN processing
+ crypto: api - Fix race condition in larval lookup
+ HID: check for NULL field when setting values
+ kernel/kmod.c: check for NULL in call_usermodehelper_exec()
+ staging: comedi: ni_65xx: (bug fix) confine insn_bits to one subdevice
+ intel-iommu: Flush unmaps at domain_exit
+ ipvs: fix CHECKSUM_PARTIAL for TCP, UDP
+ x86, ptrace: fix build breakage with gcc 4.7 (second try)
+ Fix lockup related to stop_machine being stuck in __do_softirq.
+ scsi: fix missing include linux/types.h in scsi_netlink.h
+
+ The following patches from 2.6.32.62 stable release were not applied as
+ they were already present in Lucid kernel:
+
+ Revert "x86, ptrace: fix build breakage with gcc 4.7"
+ cciss: fix info leak in cciss_ioctl32_passthru()
+ cpqarray: fix info leak in ida_locked_ioctl()
+ drivers/cdrom/cdrom.c: use kzalloc() for failing hardware
+ sctp: deal with multiple COOKIE_ECHO chunks
+ sctp: Use correct sideffect command in duplicate cookie handling
+ ipv6: ip6_sk_dst_check() must not assume ipv6 dst
+ af_key: fix info leaks in notify messages
+ af_key: initialize satype in key_notify_policy_flush()
+ block: do not pass disk names as format strings
+ b43: stop format string leaking into error msgs
+ HID: validate HID report id size
+ HID: zeroplus: validate output report details
+ HID: pantherlord: validate output report details
+ HID: LG: validate HID output report details
+ HID: provide a helper for validating hid reports
+ farsync: fix info leak in ioctl
+ wanxl: fix info leak in ioctl
+ ipv6: remove max_addresses check from ipv6_create_tempaddr
+ inet: prevent leakage of uninitialized memory to user in recv syscalls
+ net: rework recvmsg handler msg_name and msg_namelen logic
+ inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
functions
+ hamradio/yam: fix info leak in ioctl
+ rds: prevent dereference of a NULL device
+ net: rose: restore old recvmsg behavior
+ net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
+ rds: prevent dereference of a NULL device in rds_iw_laddr_check
+ aacraid: prevent invalid pointer dereference
+ vm: add vm_iomap_memory() helper function
+ Fix a few incorrectly checked [io_]remap_pfn_range() calls
+ libertas: potential oops in debugfs
+ n_tty: Fix n_tty_write crash when echoing in raw mode
+ exec/ptrace: fix get_dumpable() incorrect tests
+ ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET
pending data
+ dm snapshot: fix data corruption
+ crypto: ansi_cprng - Fix off by one error in non-block size request
+ uml: check length in exitcode_proc_write()
+ KVM: Improve create VCPU parameter (CVE-2013-4587)
+ KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
+ xfs: underflow bug in xfs_attrlist_by_handle()
+ aacraid: missing capable() check in compat ioctl
+ SELinux: Fix kernel BUG on empty security contexts.
+ netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
+ floppy: don't write kernel-only members to FDRAWCMD ioctl output
+ floppy: ignore kernel-only members in FDRAWCMD ioctl input
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1321293
Title:
Lucid update to 2.6.32.62 stable release
Status in “linux” package in Ubuntu:
New
Status in “linux” source package in Lucid:
New
Bug description:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from Linus' tree or in a minimally
backported form of that patch. The 2.6.32.62 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
git://git.kernel.org/
TEST CASE: TBD
The following patches are in the 2.6.32.62 stable release:
Linux 2.6.32.62
s390: fix kernel crash due to linkage stack instructions
qeth: avoid buffer overflow in snmp ioctl
tcp_cubic: fix the range of delayed_ack
tcp_cubic: limit delayed_ack ratio to prevent divide error
tcp: fix tcp_trim_head() to adjust segment count with skb MSS
powernow-k6: reorder frequencies
powernow-k6: correctly initialize default parameters
powernow-k6: disable cache when changing frequency
powernow-k6: set transition latency value so ondemand governor can be used
gianfar: disable TX vlan based on kernel 2.6.x
x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround
inet: fix possible memory corruption with UDP_CORK and UFO
ipv6: udp packets following an UFO enqueued packet need also be handled by UFO
sctp: unbalanced rcu lock in ip_queue_xmit()
isdnloop: Validate NUL-terminated strings from user.
isdnloop: several buffer overflows
netlink: don't compare the nul-termination in nla_strcmp
net: socket: error on a negative msg_namelen
net: sctp: fix skb leakage in COOKIE ECHO path of chunk->auth_chunk
tg3: Don't check undefined error bits in RXBD
virtio-net: alloc big buffers also when guest can receive UFO
net: sctp: fix sctp_connectx abi for ia32 emulation/compat mode
bonding: 802.3ad: make aggregator_identifier bond-private
tg3: Fix deadlock in tg3_change_mtu()
net: fix 'ip rule' iif/oif device rename
inet_diag: fix inet_diag_dump_icsk() timewait socket state logic
net: llc: fix use after free in llc_ui_recvmsg
drivers/net/hamradio: Integer overflow in hdlcdrv_ioctl()
net: unix: allow bind to fail on mutex lock
net: drop_monitor: fix the value of maxattr
{pktgen, xfrm} Update IPv4 header total len and checksum after tranformation
ipv6: fix possible seqlock deadlock in ip6_finish_output2
inet: fix possible seqlock deadlocks
bridge: flush br's address entry in fdb when remove the bridge dev
net: core: Always propagate flag changes to interfaces
atm: idt77252: fix dev refcnt leak
ipv6: fix leaking uninitialized port number of offender sockaddr
net: clamp ->msg_namelen instead of returning an error
net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct
sockaddr_storage)
ipv4: fix possible seqlock deadlock
isdnloop: use strlcpy() instead of strcpy()
bonding: fix two race conditions in bond_store_updelay/downdelay
random32: fix off-by-one in seeding requirement
ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv
net: Fix "ip rule delete table 256"
tipc: fix lockdep warning during bearer initialization
ICMPv6: treat dest unreachable codes 5 and 6 as EACCES, not EPROTO
ipv6: Don't depend on per socket memory for neighbour discovery messages
ipv6: drop packets with multiple fragmentation headers
ipv6: don't stop backtracking in fib6_lookup_1 if subtree does not match
tcp: cubic: fix bug in bictcp_acked()
net: check net.core.somaxconn sysctl values
htb: fix sign extension bug
net_sched: info leak in atm_tc_dump_class()
af_key: more info leaks in pfkey messages
net_sched: Fix stack info leak in cbq_dump_wrr().
sctp: fully initialize sctp_outq in sctp_outq_init
sysctl net: Keep tcp_syn_retries inside the boundary
arcnet: cleanup sizeof parameter
vlan: fix a race in egress prio management
ifb: fix oops when loading the ifb failed
dummy: fix oops when loading the dummy failed
ifb: fix rcu_sched self-detected stalls
sunvnet: vnet_port_remove must call unregister_netdev
net: Swap ver and type in pppoe_hdr
neighbour: fix a race in neigh_destroy()
packet: packet_getname_spkt: make sure string is always 0-terminated
net: sctp: fix NULL pointer dereference in socket destruction
ip_tunnel: fix kernel panic with icmp_dest_unreach
ipv6: fix possible crashes in ip6_cork_release()
tcp: fix tcp_md5_hash_skb_data()
ll_temac: Reset dma descriptors indexes on ndo_open
bonding: Fix broken promiscuity reference counting issue
dm9601: fix IFF_ALLMULTI handling
ipv4 igmp: use in_dev_put in timer handlers instead of __in_dev_put
ipv6 mcast: use in6_dev_put in timer handlers instead of __in6_dev_put
resubmit bridge: fix message_age_timer calculation
davinci_emac.c: Fix IFF_ALLMULTI setup
sctp: Perform software checksum if packet has to be fragmented.
sctp: Use software crc32 checksum when xfrm transform will happen.
net: dst: provide accessor function to dst->xfrm
connector: use nlmsg_len() to check message length
net: vlan: fix nlmsg size calculation in vlan_get_size()
can: dev: fix nlmsg size calculation in can_get_size()
proc connector: fix info leaks
net: heap overflow in __audit_sockaddr()
net: do not call sock_put() on TIMEWAIT sockets
tcp: must unclone packets before mangling them
ipv6: tcp: fix panic in SYN processing
crypto: api - Fix race condition in larval lookup
HID: check for NULL field when setting values
kernel/kmod.c: check for NULL in call_usermodehelper_exec()
staging: comedi: ni_65xx: (bug fix) confine insn_bits to one subdevice
intel-iommu: Flush unmaps at domain_exit
ipvs: fix CHECKSUM_PARTIAL for TCP, UDP
x86, ptrace: fix build breakage with gcc 4.7 (second try)
Fix lockup related to stop_machine being stuck in __do_softirq.
scsi: fix missing include linux/types.h in scsi_netlink.h
The following patches from 2.6.32.62 stable release were not applied
as they were already present in Lucid kernel:
Revert "x86, ptrace: fix build breakage with gcc 4.7"
cciss: fix info leak in cciss_ioctl32_passthru()
cpqarray: fix info leak in ida_locked_ioctl()
drivers/cdrom/cdrom.c: use kzalloc() for failing hardware
sctp: deal with multiple COOKIE_ECHO chunks
sctp: Use correct sideffect command in duplicate cookie handling
ipv6: ip6_sk_dst_check() must not assume ipv6 dst
af_key: fix info leaks in notify messages
af_key: initialize satype in key_notify_policy_flush()
block: do not pass disk names as format strings
b43: stop format string leaking into error msgs
HID: validate HID report id size
HID: zeroplus: validate output report details
HID: pantherlord: validate output report details
HID: LG: validate HID output report details
HID: provide a helper for validating hid reports
farsync: fix info leak in ioctl
wanxl: fix info leak in ioctl
ipv6: remove max_addresses check from ipv6_create_tempaddr
inet: prevent leakage of uninitialized memory to user in recv syscalls
net: rework recvmsg handler msg_name and msg_namelen logic
inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu
functions
hamradio/yam: fix info leak in ioctl
rds: prevent dereference of a NULL device
net: rose: restore old recvmsg behavior
net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
rds: prevent dereference of a NULL device in rds_iw_laddr_check
aacraid: prevent invalid pointer dereference
vm: add vm_iomap_memory() helper function
Fix a few incorrectly checked [io_]remap_pfn_range() calls
libertas: potential oops in debugfs
n_tty: Fix n_tty_write crash when echoing in raw mode
exec/ptrace: fix get_dumpable() incorrect tests
ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET
pending data
dm snapshot: fix data corruption
crypto: ansi_cprng - Fix off by one error in non-block size request
uml: check length in exitcode_proc_write()
KVM: Improve create VCPU parameter (CVE-2013-4587)
KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
xfs: underflow bug in xfs_attrlist_by_handle()
aacraid: missing capable() check in compat ioctl
SELinux: Fix kernel BUG on empty security contexts.
netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
floppy: don't write kernel-only members to FDRAWCMD ioctl output
floppy: ignore kernel-only members in FDRAWCMD ioctl input
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1321293/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
