This bug was fixed in the package linux - 2.6.32-65.131 --------------- linux (2.6.32-65.131) lucid; urgency=low
[ Joseph Salisbury ] * Release Tracking Bug - LP: #1357394 [ Upstream Kernel Changes ] * x86_32, entry: Store badsys error code in %eax - LP: #1334989 - CVE-2014-4508 linux (2.6.32-65.129) lucid; urgency=low [ Brad Figg ] * Release Tracking Bug - LP: #1355445 [ Upstream Kernel Changes ] * fix autofs/afs/etc. magic mountpoint breakage - CVE-2014-0203 * ALSA: control: Don't access controls outside of protected regions - LP: #1339297 - CVE-2014-4653 * ALSA: control: Fix replacing user controls - LP: #1339303, #1339304 - CVE-2014-4655 * ALSA: control: Handle numid overflow - LP: #1339306 - CVE-2014-4656 * ALSA: control: Make sure that id->index does not overflow - LP: #1339306 - CVE-2014-4656 * sctp: Fix sk_ack_backlog wrap-around problem - LP: #1336135 - CVE-2014-4667 * x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508) - LP: #1334989 - CVE-2014-4508 * ALSA: control: Protect user controls against concurrent access - LP: #1339294 - CVE-2014-4652 * net: sctp: inherit auth_capable on INIT collisions - LP: #1349804 - CVE-2014-5077 -- Kamal Mostafa <ka...@canonical.com> Fri, 15 Aug 2014 11:22:44 -0700 ** Changed in: linux (Ubuntu Lucid) Status: Fix Committed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-0203 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-4508 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-4652 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-4653 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-4655 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-4656 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-4667 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-armadaxp in Ubuntu. https://bugs.launchpad.net/bugs/1349804 Title: CVE-2014-5077 Status in “linux” package in Ubuntu: Fix Committed Status in “linux-armadaxp” package in Ubuntu: Invalid Status in “linux-ec2” package in Ubuntu: Invalid Status in “linux-fsl-imx51” package in Ubuntu: Invalid Status in “linux-lts-backport-maverick” package in Ubuntu: New Status in “linux-lts-backport-natty” package in Ubuntu: New Status in “linux-lts-quantal” package in Ubuntu: Invalid Status in “linux-lts-raring” package in Ubuntu: Invalid Status in “linux-lts-saucy” package in Ubuntu: Invalid Status in “linux-mvl-dove” package in Ubuntu: Invalid Status in “linux-ti-omap4” package in Ubuntu: Invalid Status in “linux” source package in Lucid: Fix Released Status in “linux-armadaxp” source package in Lucid: Invalid Status in “linux-ec2” source package in Lucid: Fix Committed Status in “linux-fsl-imx51” source package in Lucid: Invalid Status in “linux-lts-backport-maverick” source package in Lucid: New Status in “linux-lts-backport-natty” source package in Lucid: New Status in “linux-lts-quantal” source package in Lucid: Invalid Status in “linux-lts-raring” source package in Lucid: Invalid Status in “linux-lts-saucy” source package in Lucid: Invalid Status in “linux-mvl-dove” source package in Lucid: Invalid Status in “linux-ti-omap4” source package in Lucid: Invalid Status in “linux” source package in Precise: Fix Committed Status in “linux-armadaxp” source package in Precise: Fix Committed Status in “linux-ec2” source package in Precise: Invalid Status in “linux-fsl-imx51” source package in Precise: Invalid Status in “linux-lts-backport-maverick” source package in Precise: New Status in “linux-lts-backport-natty” source package in Precise: New Status in “linux-lts-quantal” source package in Precise: Invalid Status in “linux-lts-raring” source package in Precise: Invalid Status in “linux-lts-saucy” source package in Precise: Invalid Status in “linux-mvl-dove” source package in Precise: Invalid Status in “linux-ti-omap4” source package in Precise: Fix Committed Status in “linux” source package in Trusty: New Status in “linux-armadaxp” source package in Trusty: Invalid Status in “linux-ec2” source package in Trusty: Invalid Status in “linux-fsl-imx51” source package in Trusty: Invalid Status in “linux-lts-backport-maverick” source package in Trusty: New Status in “linux-lts-backport-natty” source package in Trusty: New Status in “linux-lts-quantal” source package in Trusty: Invalid Status in “linux-lts-raring” source package in Trusty: Invalid Status in “linux-lts-saucy” source package in Trusty: Invalid Status in “linux-mvl-dove” source package in Trusty: Invalid Status in “linux-ti-omap4” source package in Trusty: Invalid Status in “linux” source package in Utopic: Fix Committed Status in “linux-armadaxp” source package in Utopic: Invalid Status in “linux-ec2” source package in Utopic: Invalid Status in “linux-fsl-imx51” source package in Utopic: Invalid Status in “linux-lts-backport-maverick” source package in Utopic: New Status in “linux-lts-backport-natty” source package in Utopic: New Status in “linux-lts-quantal” source package in Utopic: Invalid Status in “linux-lts-raring” source package in Utopic: Invalid Status in “linux-lts-saucy” source package in Utopic: Invalid Status in “linux-mvl-dove” source package in Utopic: Invalid Status in “linux-ti-omap4” source package in Utopic: Invalid Bug description: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. Break-Fix: - 1be9a950c646c9092fb3618197f7b6bfb50e82aa To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1349804/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp