Changelog
linux (3.14.9-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8
- Target/iscsi,iser: Avoid accepting transport connections during stop
stage
- iser-target: Fix multi network portal shutdown regression
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9
- target: Fix NULL pointer dereference for XCOPY in target_put_sess_cmd
(regression in 3.14.6)
- iscsi-target: Reject mutual authentication with reflected CHAP_C
- ima: audit log files opened with O_DIRECT flag
- ima: introduce ima_kernel_read() (regression in 3.10)
- evm: prohibit userspace writing 'security.evm' HMAC value
- net: Use netlink_ns_capable to verify the permisions of netlink messages
(CVE-2014-0181)
- netlink: Only check file credentials for implicit destinations
- qlcnic: info leak in qlcnic_dcb_peer_app_info()
- ipv6: Fix regression caused by efe4208 in udp_v6_mcast_next()
(regression in 3.13)
- netlink: rate-limit leftover bytes warning and print process name
- bridge: Prevent insertion of FDB entry with disallowed vlan
- net: tunnels - enable module autoloading
- [sparc] net: filter: fix typo in sparc BPF JIT
- sfc: PIO:Restrict to 64bit arch and use 64-bit writes.
(regression in 3.13)
- ipv4: fix a race in ip4_datagram_release_cb()
- sctp: Fix sk_ack_backlog wrap-around problem
- udp: ipv4: do not waste time in __udp4_lib_mcast_demux_lookup
(regression in 3.13)
- USB: cdc-acm: Fix various bugs in power management
- USB: cdc-acm: fix I/O after failed open
- [x86] hv: use correct order when freeing monitor_pages
- ASoC: dapm: Make sure to always update the DAPM graph in _put_volsw()
(regression in 3.12)
- lzo: properly check for overruns (CVE-2014-4608)
- lz4: ensure length does not wrap (CVE-2014-4608)
- ALSA: compress: Cancel the optimization of compiler and fix the size of
struct for all platform.
- ALSA: control: Protect user controls against concurrent access
(CVE-2014-4652)
- ALSA: control: Fix replacing user controls (CVE-2014-4654, CVE-2014-4655)
- ALSA: control: Don't access controls outside of protected regions
(CVE-2014-4653)
- ALSA: control: Make sure that id->index does not overflow;
Handle numid overflow (CVE-2014-4656)
[ Ben Hutchings ]
* aufs: Update to aufs3.14-20140616:
- tiny, no msg in spinlock regeion
- minor bugfix, correct error value in link(2)
- O_TMPFILE support
- bugfix, handling an error in opening a FIFO
- propagate aufs file references to new vmas created by remap_file_pages()
* linux-image: Make initramfs support unconditional
* [x86] x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508)
* [rt] Fix latency histogram after "hrtimer: Set expiry time before
switch_hrtimer_base()" in 3.14.6
[ Aurelien Jarno ]
* [arm64] Enable COMPAT to support 32-bit binaries.
* [mips,mipsel] Enable initramfs for all flavours, but keep the disk
related drivers built-in for now.
-- Ben Hutchings <email address hidden> Mon, 30 Jun 2014 13:57:11 +0100