This bug was fixed in the package linux-ec2 - 2.6.32-375.92
--------------- linux-ec2 (2.6.32-375.92) lucid; urgency=low
[ Stefan Bader ]
* Rebased to Ubuntu-2.6.32-71.138 * Xen: x86, 64-bit: Move K8 B step iret fixup to fault entry asm - LP: #1403918 * Xen: x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels - LP: #1403918 * Xen: x86-32, espfix: Remove filter for espfix32 due to race - LP: #1403918 * Xen: x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack - LP: #1403918 * Xen: x86, espfix: Make espfix64 a Kconfig option, fix UML - LP: #1403918 * Xen: x86, espfix: Make it possible to disable 16-bit support - LP: #1403918 * Xen: x86_64/entry/xen: Do not invoke espfix64 on Xen - LP: #1403918 * Xen: [Config] Enable CONFIG_X86_16BIT * Rebased to Ubuntu-2.6.32-72.139 * Release Tracking Bug - LP: #1411354
[ Ubuntu: 2.6.32-72.139 ]
* isofs: Fix infinite looping over CE entries - LP: #1407947 - CVE-2014-9420 * x86/tls: Validate TLS entries to protect espfix - LP: #1403852 - CVE-2014-8133
[ Ubuntu: 2.6.32-71.138 ]
* [Config] updateconfigs CONFIG_X86_16BIT=y after v2.6.32.65 update * KVM: x86: Check non-canonical addresses upon WRMSR - LP: #1384539 - CVE-2014-3610 * KVM: x86: Improve thread safety in pit - LP: #1384540 - CVE-2014-3611 * net:socket: set msg_namelen to 0 if msg_name is passed as NULL in msghdr struct from userland. - LP: #1335478 * x86, 64-bit: Move K8 B step iret fixup to fault entry asm - LP: #1403918 * x86-64: Adjust frame type at paranoid_exit: - LP: #1403918 * x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels - LP: #1403918 * x86-32, espfix: Remove filter for espfix32 due to race - LP: #1403918 * x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack - LP: #1403918 * x86, espfix: Move espfix definitions into a separate header file - LP: #1403918 * x86, espfix: Fix broken header guard - LP: #1403918 * x86, espfix: Make espfix64 a Kconfig option, fix UML - LP: #1403918 * x86, espfix: Make it possible to disable 16-bit support - LP: #1403918 * x86_64/entry/xen: Do not invoke espfix64 on Xen - LP: #1403918 * x86/espfix/xen: Fix allocation of pages for paravirt page tables - LP: #1403918 * x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C - LP: #1403918 * x86_64, traps: Rework bad_iret - LP: #1403918 -- Stefan Bader <email address hidden> Thu, 18 Dec 2014 18:20:27 +0100
This bug was fixed in the package linux-ec2 - 2.6.32-375.92
---------------
linux-ec2 (2.6.32-375.92) lucid; urgency=low
[ Stefan Bader ]
* Rebased to Ubuntu- 2.6.32- 71.138 2.6.32- 72.139
* Xen: x86, 64-bit: Move K8 B step iret fixup to fault entry asm
- LP: #1403918
* Xen: x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
- LP: #1403918
* Xen: x86-32, espfix: Remove filter for espfix32 due to race
- LP: #1403918
* Xen: x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit
stack
- LP: #1403918
* Xen: x86, espfix: Make espfix64 a Kconfig option, fix UML
- LP: #1403918
* Xen: x86, espfix: Make it possible to disable 16-bit support
- LP: #1403918
* Xen: x86_64/entry/xen: Do not invoke espfix64 on Xen
- LP: #1403918
* Xen: [Config] Enable CONFIG_X86_16BIT
* Rebased to Ubuntu-
* Release Tracking Bug
- LP: #1411354
[ Ubuntu: 2.6.32-72.139 ]
* isofs: Fix infinite looping over CE entries
- LP: #1407947
- CVE-2014-9420
* x86/tls: Validate TLS entries to protect espfix
- LP: #1403852
- CVE-2014-8133
[ Ubuntu: 2.6.32-71.138 ]
* [Config] updateconfigs CONFIG_X86_16BIT=y after v2.6.32.65 update
* KVM: x86: Check non-canonical addresses upon WRMSR
- LP: #1384539
- CVE-2014-3610
* KVM: x86: Improve thread safety in pit
- LP: #1384540
- CVE-2014-3611
* net:socket: set msg_namelen to 0 if msg_name is passed as NULL in
msghdr struct from userland.
- LP: #1335478
* x86, 64-bit: Move K8 B step iret fixup to fault entry asm
- LP: #1403918
* x86-64: Adjust frame type at paranoid_exit:
- LP: #1403918
* x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
- LP: #1403918
* x86-32, espfix: Remove filter for espfix32 due to race
- LP: #1403918
* x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
- LP: #1403918
* x86, espfix: Move espfix definitions into a separate header file
- LP: #1403918
* x86, espfix: Fix broken header guard
- LP: #1403918
* x86, espfix: Make espfix64 a Kconfig option, fix UML
- LP: #1403918
* x86, espfix: Make it possible to disable 16-bit support
- LP: #1403918
* x86_64/entry/xen: Do not invoke espfix64 on Xen
- LP: #1403918
* x86/espfix/xen: Fix allocation of pages for paravirt page tables
- LP: #1403918
* x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C
- LP: #1403918
* x86_64, traps: Rework bad_iret
- LP: #1403918
-- Stefan Bader <email address hidden> Thu, 18 Dec 2014 18:20:27 +0100