[Precise/lts-backport-quantal][CVEs][PATCH 0/5] Set of CVE

Luis Henriques luis.henriques at canonical.com
Wed Jun 25 11:59:13 UTC 2014 

Following this email, I'm sending a few CVE fixes for the last SRU
cycle that will include Precise/lts-backport-quantal before it EOLs:

* CVE-2014-1739

  This is a clean cherry-pick of:
  e6a623460e5f "[media] media-device: fix infoleak in ioctl media_enum_entities()"

* CVE-2014-3917

  Another clean cherry-pick:
  a3c549311995 "auditsc: audit_krule mask accesses need bounds checking"

* CVE-2014-4014

  The first patch (7fa294c8991c "userns: Allow chown and setgid
  preservation") is actually a prereq for the actual fix (23adbe12ef7d
  "fs,userns: Change inode_capable to capable_wrt_inode_uidgid").

  The backport of this fix was taken from the 3.10 stable kernel,
  which included a backport provided by upstream.

* CVE-2014-4027

  A backport of 4442dc8a92b8 "target/rd: Refactor
  rd_build_device_space + rd_release_device_space".  Basically, the
  backport drops a hunk related to NULLIO, which isn't available in
  3.5 kernel (it was introduced in commit 52c07423a819 "target/rd: Add
  ramdisk bit for NULLIO operation" in 3.10)

For convenience, a pull can also be done from my precise git tree:

The following changes since commit c1b88d5971fc0687f8c0d7426e8595d4b64d1a2e:

  UBUNTU: Ubuntu-lts-3.5.0-52.78 (2014-06-11 17:40:01 +0100)

are available in the git repository at:

  git://kernel.ubuntu.com/henrix/ubuntu-precise.git lts-backport-quantal

for you to fetch changes up to 042b7ff1888ea0e6315af12e9edd79d29be32a89:

  target/rd: Refactor rd_build_device_space + rd_release_device_space (2014-06-25 12:26:25 +0100)

----------------------------------------------------------------
Andy Lutomirski (2):
  auditsc: audit_krule mask accesses need bounds checking
  fs,userns: Change inode_capable to capable_wrt_inode_uidgid

Eric W. Biederman (1):
  userns: Allow chown and setgid preservation

Nicholas Bellinger (1):
  target/rd: Refactor rd_build_device_space + rd_release_device_space

Salva Peiró (1):
  [media] media-device: fix infoleak in ioctl media_enum_entities()

 drivers/media/media-device.c    |   1 +
 drivers/target/target_core_rd.c | 104 ++++++++++++++++++++++++----------------
 fs/attr.c                       |  11 +++--
 fs/inode.c                      |  10 ++--
 fs/namei.c                      |  11 +++--
 include/linux/capability.h      |   2 +-
 kernel/auditsc.c                |  27 +++++++----
 kernel/capability.c             |  18 +++----
 8 files changed, 111 insertions(+), 73 deletions(-)

-- 
1.9.1

More information about the kernel-team mailing list