UbuntuUpdates.org

Package "linux-source-3.13.0"

Name: linux-source-3.13.0

Description:

Linux kernel source for version 3.13.0 with Ubuntu patches
Latest version: 3.13.0-170.220
Release: trusty (14.04)
Level: updates
Repository: main
Head package: linux

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "linux-source-3.13.0"

All arch deb package
APT INSTALL

Other versions of "linux-source-3.13.0" in Trusty

Repository Area Version
base main 3.13.0-24.46
security main 3.13.0-170.220

Changelog

Version: 3.13.0-165.215 2019-02-04 10:08:04 UTC

  linux (3.13.0-165.215) trusty; urgency=medium

  * linux: 3.13.0-165.215 -proposed tracker (LP: #1811856)

  * CVE-2018-17972
    - proc: restrict kernel stack dumps to root

  * CVE-2018-18281
    - mremap: properly flush TLB before releasing the page

  * 29d6d30f5c8aa58b04f40a58442df3bcaae5a1d5 in btrfs_kernel_fixes failed on T
    (LP: #1809868)
    - Btrfs: send, don't send rmdir for same target multiple times

  * CVE-2018-9568
    - net: Set sk_prot_creator when cloning sockets to the right proto

  * CVE-2018-1066
    - cifs: empty TargetInfo leads to crash on recovery

 -- Khalid Elmously <email address hidden> Wed, 16 Jan 2019 06:19:08 +0000
Source diff to previous version
1809868 29d6d30f5c8aa58b04f40a58442df3bcaae5a1d5 in btrfs_kernel_fixes failed on T
CVE-2018-17972 An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may i
CVE-2018-18281 Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes en
CVE-2018-9568 In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no add
CVE-2018-1066 The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker

Version: 3.13.0-164.214 2018-12-20 09:13:16 UTC

  linux (3.13.0-164.214) trusty; urgency=medium

  * linux: 3.13.0-164.214 -proposed tracker (LP: #1806428)

  * CVE-2018-12896
    - posix-timers: Sanitize overrun handling

  * CVE-2018-16276
    - USB: yurex: fix out-of-bounds uaccess in read handler

  * CVE-2018-10902
    - ALSA: rawmidi: Change resized buffers atomically

  * CVE-2018-18386
    - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)

  * CVE-2017-5753
    - x86/spectre_v1: Disable compiler optimizations over
      array_index_mask_nospec()
    - x86/speculation: Fix up array_index_nospec_mask() asm constraint
    - ALSA: opl3: Hardening for potential Spectre v1
    - ALSA: asihpi: Hardening for potential Spectre v1
    - ALSA: hdspm: Hardening for potential Spectre v1
    - ALSA: rme9652: Hardening for potential Spectre v1
    - ALSA: control: Hardening for potential Spectre v1
    - ALSA: seq: oss: Hardening for potential Spectre v1
    - ALSA: hda: Hardening for potential Spectre v1
    - net: atm: Fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
    - perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
    - kernel/sys.c: fix potential Spectre v1 issue
    - HID: hiddev: fix potential Spectre v1
    - atm: zatm: Fix potential Spectre v1
    - net: cxgb3_main: fix potential Spectre v1
    - netlink: Fix spectre v1 gadget in netlink_create()
    - net: socket: fix potential spectre v1 gadget in socketcall
    - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
    - ext4: fix spectre gadget in ext4_mb_regular_allocator()
    - fs/quota: Fix spectre gadget in do_quotactl
    - misc: hmc6352: fix potential Spectre v1
    - tty: vt_ioctl: fix potential Spectre v1

  * CVE-2018-18710
    - cdrom: fix improper type cast, which can leat to information leak.

  * CVE-2018-18690
    - xfs: don't fail when converting shortform attr to long form during
      ATTR_REPLACE

  * CVE-2018-14734
    - infiniband: fix a possible use-after-free bug

  * CVE-2017-2647 // CVE-2017-2647 / CVE-2017-6951
    - keys: Guard against null match function in keyring_search_aux()

 -- Khalid Elmously <email address hidden> Wed, 05 Dec 2018 06:47:30 +0000
Source diff to previous version
CVE-2018-12896 An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by th
CVE-2018-16276 An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/write
CVE-2018-10902 It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_
CVE-2018-18386 drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage o
CVE-2017-5753 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker wi
CVE-2018-18710 An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by lo
CVE-2018-18690 In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the ne
CVE-2018-14734 drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup ste
CVE-2017-2647 The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and s
CVE-2017-6951 The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL

Version: 3.13.0-163.213 2018-12-03 10:06:48 UTC

  linux (3.13.0-163.213) trusty; urgency=medium

  * linux: 3.13.0-163.213 -proposed tracker (LP: #1802769)

  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
    - mount: Retest MNT_LOCKED in do_umount
    - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts

  * dev test in ubuntu_stress_smoke_test cause kernel oops on T-3.13
    (LP: #1797546)
    - drm: fix NULL pointer access by wrong ioctl

  * Packaging resync (LP: #1786013)
    - [Package] add support for specifying the primary makefile

 -- Thadeu Lima de Souza Cascardo <email address hidden> Tue, 13 Nov 2018 13:30:30 -0200
Source diff to previous version
1789161 Bypass of mount visibility through userns + mount propagation
1797546 dev test in ubuntu_stress_smoke_test cause kernel oops on T-3.13
1786013 Packaging resync

Version: 3.13.0-162.212 2018-11-13 19:07:19 UTC

  linux (3.13.0-162.212) trusty; urgency=medium

  * linux: 3.13.0-162.212 -proposed tracker (LP: #1799399)

  * packet socket panic in Trusty 3.13.0-157 and later (LP: #1800254)
    - SAUCE: (no-up) net/packet: fix erroneous dev_add_pack usage in fanout

  * Cleanup Meltdown/Spectre implementation (LP: #1779848)
    - x86/Documentation: Add PTI description
    - Revert "x86/cpu/AMD: Make the LFENCE instruction serialized"
    - x86/cpu/AMD: Make LFENCE a serializing instruction
    - x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
    - x86/pti: Document fix wrong index
    - x86/nospec: Fix header guards names
    - x86/bugs: Drop one "mitigation" from dmesg
    - x86/spectre: Check CONFIG_RETPOLINE in command line parser
    - x86/spectre: Simplify spectre_v2 command line parsing
    - x86/spectre: Fix an error message
    - SAUCE: x86/cpufeatures: Reorder spectre-related feature bits
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - SAUCE: x86/msr: Fix formatting of msr-index.h
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Mark constant arrays as __initconst
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
    - SAUCE: x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
    - x86/speculation: Use IBRS if available before calling into firmware
    - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
    - SAUCE: x86/bugs: Fix re-use of SPEC_CTRL MSR boot value
    - SAUCE: Move SSBD feature detection to common code
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86/speculation: Query individual feature flags when reloading
      microcode
    - xen: Add xen_arch_suspend()
    - x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
    - SAUCE: x86/pti: Evaluate X86_BUG_CPU_MELTDOWN when pti=auto
    - SAUCE: x86/speculation: Make use of indirect_branch_prediction_barrier()
    - SAUCE: x86/speculation: Cleanup IBPB runtime control handling
    - SAUCE: x86/speculation: Cleanup IBRS runtime control handling

  * CVE-2016-9588
    - kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)

  * CVE-2017-16649
    - net: cdc_ether: fix divide by 0 on bad descriptors

  * CVE-2018-9363
    - Bluetooth: hidp: buffer overflow in hidp_process_report

  * CVE-2017-13168
    - scsi: sg: mitigate read/write abuse

  * xattr length returned by vfs_getxattr() is not correct in Trusty kernel
    (LP: #1798013)
    - getxattr: use correct xattr length

  * CVE-2018-16658
    - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status

 -- Stefan Bader <email address hidden> Mon, 29 Oct 2018 11:31:15 +0100
Source diff to previous version
1800254 packet socket panic in Trusty 3.13.0-157 and later
1779848 Cleanup Meltdown/Spectre implementation
1798013 xattr length returned by vfs_getxattr() is not correct in Trusty kernel
CVE-2016-9588 arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (g
CVE-2017-16649 The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of servi
CVE-2018-9363 HID: Bluetooth: hidp: buffer overflow in hidp_process_report
CVE-2017-13168 An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.
CVE-2018-16658 An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by

Version: 3.13.0-161.211 2018-10-22 17:06:41 UTC

  linux (3.13.0-161.211) trusty; urgency=medium

  * linux: 3.13.0-161.211 -proposed tracker (LP: #1795595)

  * CVE-2017-0794
    - scsi: sg: protect accesses to 'reserved' page array
    - scsi: sg: reset 'res_in_use' after unlinking reserved array
    - scsi: sg: recheck MMAP_IO request length with lock held

  * CVE-2017-15299
    - KEYS: don't let add_key() update an uninstantiated key

  * CVE-2015-8539
    - KEYS: Fix handling of stored error in a negatively instantiated user key

  * CVE-2018-7566
    - ALSA: seq: Fix racy pool initializations
    - ALSA: seq: More protection for concurrent write and ioctl races

  * CVE-2018-1000004. // CVE-2018-7566
    - ALSA: seq: Don't allow resizing pool in use

  * CVE-2018-1000004
    - ALSA: seq: Make ioctls race-free

  * CVE-2017-18216
    - ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent

  * CVE-2016-7913
    - tuner-xc2028: Don't try to sleep twice
    - xc2028: avoid use after free
    - xc2028: unlock on error in xc2028_set_config()
    - xc2028: Fix use-after-free bug properly

  * The VM hang happens because of pending interrupts not reinjected when
    migrating the VM several times (LP: #1791286)
    - KVM: ioapic: merge ioapic_deliver into ioapic_service
    - KVM: ioapic: clear IRR for edge-triggered interrupts at delivery
    - KVM: ioapic: extract body of kvm_ioapic_set_irq
    - KVM: ioapic: reinject pending interrupts on KVM_SET_IRQCHIP

  * CVE-2018-5390
    - SAUCE: tcp: Correct the backport of the CVE-2018-5390 fix

  * CVE-2018-9518
    - NFC: llcp: Limit size of SDP URI

  * Improvements to the kernel source package preparation (LP: #1793461)
    - [Packaging] startnewrelease: add support for backport kernels

 -- Stefan Bader <email address hidden> Wed, 03 Oct 2018 16:41:42 +0200
1791286 The VM hang happens because of pending interrupts not reinjected when migrating the VM several times
1793461 Improvements to the kernel source package preparation
CVE-2017-0794 A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.
CVE-2017-15299 The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows loc
CVE-2015-8539 The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl command
CVE-2018-7566 The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
CVE-2018-1000004 In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadl
CVE-2017-18216 In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) becau
CVE-2016-7913 The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a
CVE-2018-5390 Linux Kernel TCP implementation vulnerable to Denial of Service
CVE-2018-9518 NFC: llcp: Limit size of SDP URI


About   -   Send Feedback to @ubuntu_updates