This bug was fixed in the package linux-lts-utopic - 3.16.0-76.98~14.04.1
--------------- linux-lts-utopic (3.16.0-76.98~14.04.1) trusty; urgency=low
[ Luis Henriques ]
* Release Tracking Bug - LP: #1596019
[ Upstream Kernel Changes ]
* netfilter: x_tables: validate e->target_offset early - LP: #1555338 - CVE-2016-3134 * netfilter: x_tables: make sure e->next_offset covers remaining blob size - LP: #1555338 - CVE-2016-3134 * netfilter: x_tables: fix unconditional helper - LP: #1555338 - CVE-2016-3134 * netfilter: x_tables: don't move to non-existent next rule - LP: #1595350 * netfilter: x_tables: validate targets of jumps - LP: #1595350 * netfilter: x_tables: add and use xt_check_entry_offsets - LP: #1595350 * netfilter: x_tables: kill check_entry helper - LP: #1595350 * netfilter: x_tables: assert minimum target size - LP: #1595350 * netfilter: x_tables: add compat version of xt_check_entry_offsets - LP: #1595350 * netfilter: x_tables: check standard target size too - LP: #1595350 * netfilter: x_tables: check for bogus target offset - LP: #1595350 * netfilter: x_tables: validate all offsets and sizes in a rule - LP: #1595350 * netfilter: x_tables: don't reject valid target size on some architectures - LP: #1595350 * netfilter: arp_tables: simplify translate_compat_table args - LP: #1595350 * netfilter: ip_tables: simplify translate_compat_table args - LP: #1595350 * netfilter: ip6_tables: simplify translate_compat_table args - LP: #1595350 * netfilter: x_tables: xt_compat_match_from_user doesn't need a retval - LP: #1595350 * netfilter: x_tables: do compat validation via translate_table - LP: #1595350 * netfilter: x_tables: introduce and use xt_copy_counters_from_user - LP: #1595350
linux-lts-utopic (3.16.0-75.97~14.04.1) trusty; urgency=low
[ Kamal Mostafa ]
* Release Tracking Bug - LP: #1595703
[ Serge Hallyn ]
* SAUCE: add a sysctl to disable unprivileged user namespace unsharing - LP: #1555338, #1595350
linux-lts-utopic (3.16.0-74.96~14.04.1) trusty; urgency=low
* Release Tracking Bug - LP: #1591324
* [debian] getabis: Only git add $abidir if running in local repo - LP: #1584890 * [debian] getabis: Fix inconsistent compiler versions check - LP: #1584890
[ Tim Gardner ]
* [Config] Remove arc4 from nic-modules - LP: #1582991
* Revert "usb: hub: do not clear BOS field during reset device" - LP: #1582864 * mm/balloon_compaction: redesign ballooned pages management - LP: #1572562 * mm/balloon_compaction: fix deflation when compaction is disabled - LP: #1572562 * ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS - LP: #1580379 - CVE-2016-4569 * ALSA: timer: Fix leak in events via snd_timer_user_ccallback - LP: #1581866 - CVE-2016-4578 * ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt - LP: #1581866 - CVE-2016-4578 * net: fix a kernel infoleak in x25 module - LP: #1585366 - CVE-2016-4580 * get_rock_ridge_filename(): handle malformed NM entries - LP: #1583962 - CVE-2016-4913 * netfilter: Set /proc/net entries owner to root in namespace - LP: #1584953 * USB: usbfs: fix potential infoleak in devio - LP: #1578493 - CVE-2016-4482 * IB/security: Restrict use of the write() interface - LP: #1580372 - CVE-2016-4565
-- Luis Henriques <email address hidden> Fri, 24 Jun 2016 17:17:07 +0100
This bug was fixed in the package linux-lts-utopic - 3.16.0- 76.98~14. 04.1
--------------- 76.98~14. 04.1) trusty; urgency=low
linux-lts-utopic (3.16.0-
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1596019
[ Upstream Kernel Changes ]
* netfilter: x_tables: validate e->target_offset early entry_offsets entry_offsets compat_ table args compat_ table args compat_ table args match_from_ user doesn't need a retval counters_ from_user
- LP: #1555338
- CVE-2016-3134
* netfilter: x_tables: make sure e->next_offset covers remaining blob
size
- LP: #1555338
- CVE-2016-3134
* netfilter: x_tables: fix unconditional helper
- LP: #1555338
- CVE-2016-3134
* netfilter: x_tables: don't move to non-existent next rule
- LP: #1595350
* netfilter: x_tables: validate targets of jumps
- LP: #1595350
* netfilter: x_tables: add and use xt_check_
- LP: #1595350
* netfilter: x_tables: kill check_entry helper
- LP: #1595350
* netfilter: x_tables: assert minimum target size
- LP: #1595350
* netfilter: x_tables: add compat version of xt_check_
- LP: #1595350
* netfilter: x_tables: check standard target size too
- LP: #1595350
* netfilter: x_tables: check for bogus target offset
- LP: #1595350
* netfilter: x_tables: validate all offsets and sizes in a rule
- LP: #1595350
* netfilter: x_tables: don't reject valid target size on some
architectures
- LP: #1595350
* netfilter: arp_tables: simplify translate_
- LP: #1595350
* netfilter: ip_tables: simplify translate_
- LP: #1595350
* netfilter: ip6_tables: simplify translate_
- LP: #1595350
* netfilter: x_tables: xt_compat_
- LP: #1595350
* netfilter: x_tables: do compat validation via translate_table
- LP: #1595350
* netfilter: x_tables: introduce and use xt_copy_
- LP: #1595350
linux-lts-utopic (3.16.0- 75.97~14. 04.1) trusty; urgency=low
[ Kamal Mostafa ]
* Release Tracking Bug
- LP: #1595703
[ Serge Hallyn ]
* SAUCE: add a sysctl to disable unprivileged user namespace unsharing
- LP: #1555338, #1595350
linux-lts-utopic (3.16.0- 74.96~14. 04.1) trusty; urgency=low
[ Kamal Mostafa ]
* Release Tracking Bug
- LP: #1591324
[ Kamal Mostafa ]
* [debian] getabis: Only git add $abidir if running in local repo
- LP: #1584890
* [debian] getabis: Fix inconsistent compiler versions check
- LP: #1584890
[ Tim Gardner ]
* [Config] Remove arc4 from nic-modules
- LP: #1582991
[ Upstream Kernel Changes ]
* Revert "usb: hub: do not clear BOS field during reset device" compaction: redesign ballooned pages management compaction: fix deflation when compaction is disabled IOCTL_PARAMS user_ccallback user_tinterrupt ridge_filename( ): handle malformed NM entries
- LP: #1582864
* mm/balloon_
- LP: #1572562
* mm/balloon_
- LP: #1572562
* ALSA: timer: Fix leak in SNDRV_TIMER_
- LP: #1580379
- CVE-2016-4569
* ALSA: timer: Fix leak in events via snd_timer_
- LP: #1581866
- CVE-2016-4578
* ALSA: timer: Fix leak in events via snd_timer_
- LP: #1581866
- CVE-2016-4578
* net: fix a kernel infoleak in x25 module
- LP: #1585366
- CVE-2016-4580
* get_rock_
- LP: #1583962
- CVE-2016-4913
* netfilter: Set /proc/net entries owner to root in namespace
- LP: #1584953
* USB: usbfs: fix potential infoleak in devio
- LP: #1578493
- CVE-2016-4482
* IB/security: Restrict use of the write() interface
- LP: #1580372
- CVE-2016-4565
-- Luis Henriques <email address hidden> Fri, 24 Jun 2016 17:17:07 +0100