Kernel SRU Workflow

Comment 5 for bug 1806428

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-12-20:

This bug was fixed in the package linux - 3.13.0-164.214

---------------
linux (3.13.0-164.214) trusty; urgency=medium

* linux: 3.13.0-164.214 -proposed tracker (LP: #1806428)

* CVE-2018-12896
- posix-timers: Sanitize overrun handling

* CVE-2018-16276
- USB: yurex: fix out-of-bounds uaccess in read handler

* CVE-2018-10902
- ALSA: rawmidi: Change resized buffers atomically

* CVE-2018-18386
- n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)

  * CVE-2017-5753
    - x86/spectre_v1: Disable compiler optimizations over
      array_index_mask_nospec()
    - x86/speculation: Fix up array_index_nospec_mask() asm constraint
    - ALSA: opl3: Hardening for potential Spectre v1
    - ALSA: asihpi: Hardening for potential Spectre v1
    - ALSA: hdspm: Hardening for potential Spectre v1
    - ALSA: rme9652: Hardening for potential Spectre v1
    - ALSA: control: Hardening for potential Spectre v1
    - ALSA: seq: oss: Hardening for potential Spectre v1
    - ALSA: hda: Hardening for potential Spectre v1
    - net: atm: Fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
    - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
    - kernel/sys.c: fix potential Spectre v1 issue
    - HID: hiddev: fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - net: cxgb3_main: fix potential Spectre v1
    - netlink: Fix spectre v1 gadget in netlink_create()
    - net: socket: fix potential spectre v1 gadget in socketcall
    - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
    - ext4: fix spectre gadget in ext4_mb_regular_allocator()
    - fs/quota: Fix spectre gadget in do_quotactl
    - misc: hmc6352: fix potential Spectre v1
    - tty: vt_ioctl: fix potential Spectre v1

* CVE-2018-18710
- cdrom: fix improper type cast, which can leat to information leak.

  * CVE-2018-18690
    - xfs: don't fail when converting shortform attr to long form during
      ATTR_REPLACE

* CVE-2018-14734
- infiniband: fix a possible use-after-free bug

* CVE-2017-2647 // CVE-2017-2647 / CVE-2017-6951
- keys: Guard against null match function in keyring_search_aux()

-- Khalid Elmously <email address hidden> Wed, 05 Dec 2018 06:47:30 +0000

This bug was fixed in the package linux - 3.13.0-164.214

---------------
linux (3.13.0-164.214) trusty; urgency=medium

* linux: 3.13.0-164.214 -proposed tracker (LP: #1806428)

* CVE-2018-12896
    - posix-timers: Sanitize overrun handling

* CVE-2018-16276
    - USB: yurex: fix out-of-bounds uaccess in read handler

* CVE-2018-10902
    - ALSA: rawmidi: Change resized buffers atomically

* CVE-2018-18386
    - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)

* CVE-2018-18710
    - cdrom: fix improper type cast, which can leat to information leak.

* CVE-2018-18690
    - xfs: don't fail when converting shortform attr to long form during
      ATTR_REPLACE

* CVE-2018-14734
    - infiniband: fix a possible use-after-free bug

* CVE-2017-2647 // CVE-2017-2647 / CVE-2017-6951
    - keys: Guard against null match function in keyring_search_aux()

-- Khalid Elmously <khalid.elmously@canonical.com>  Wed, 05 Dec 2018 06:47:30 +0000