lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20141213174939.GA7338@1wt.eu>
Date:	Sat, 13 Dec 2014 18:49:39 +0100
From:	Willy Tarreau <w@....eu>
To:	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Linux 2.6.32.65

I've just released Linux 2.6.32.65.

This version addresses the following list of security issues :
  CVE-2013-2147 (was incorrectly fixed in 2.6.32.61), CVE-2014-3184,
  CVE-2014-3185, CVE-2014-3687, CVE-2014-3688, CVE-2014-4653,
  CVE-2014-4654, CVE-2014-4655, CVE-2014-4943, CVE-2014-6410,
  CVE-2014-7841, CVE-2014-8709, CVE-2014-8884, CVE-2014-9090

and fixes various other bugs (see details below).

Special note: this version backports a new config entry CONFIG_X86_16BIT
which defaults to Y (compatibility mode). It makes it possible to disable
support for 16-bit applications (eg: dosemu/wine). Supporting such
applications requires a workaround known as "ESPFIX" for a processor bug,
which has been responsible for some of the last security issues affecting
2.6.32. Since the vast majority of users of 2.6.32 run it on servers
where 16-bit support is totally pointless, it is strongly recommended to
disable this option to stay safe and avoid upgrading again, should any
other bug in this area be discovered in the future.

The patch and changelog will appear soon at the following locations:
  https://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/
  https://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/patch-2.6.32.65.xz
  https://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/patch-2.6.32.65.gz
  https://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.65

The updated 2.6.32.y git tree can be found at:
   git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-2.6.32.y
  http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-2.6.32.y

The tree can be browsed on the gitweb interface:
  http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?h=linux-2.6.32.y

  Testing status (build/boot, OK/FAIL, otherwise not tested) :

         ARCH  |         CONFIGURATION
       --------+-----------------------------------
               |  allmodconfig     other-config
        x86_64 |    build:OK         boot:OK
          i386 |    build:OK           -

Thanks to all participants.
Willy

---------
 Documentation/x86/x86_64/mm.txt          |   2 +
 Makefile                                 |   2 +-
 arch/x86/Kconfig                         |  25 +++-
 arch/x86/include/asm/espfix.h            |  16 +++
 arch/x86/include/asm/irqflags.h          |   2 +-
 arch/x86/include/asm/page_32_types.h     |   1 -
 arch/x86/include/asm/page_64_types.h     |  11 +-
 arch/x86/include/asm/pgtable_64_types.h  |   2 +
 arch/x86/include/asm/setup.h             |   2 +
 arch/x86/include/asm/uaccess.h           |   1 -
 arch/x86/kernel/Makefile                 |   1 +
 arch/x86/kernel/dumpstack_64.c           |   1 -
 arch/x86/kernel/entry_32.S               |  17 ++-
 arch/x86/kernel/entry_64.S               |  98 +++++++++------
 arch/x86/kernel/espfix_64.c              | 208 +++++++++++++++++++++++++++++++
 arch/x86/kernel/ldt.c                    |   6 +
 arch/x86/kernel/paravirt_patch_64.c      |   2 -
 arch/x86/kernel/smpboot.c                |   7 ++
 arch/x86/kernel/traps.c                  |  67 ++++++++--
 arch/x86/mm/dump_pagetables.c            |  38 ++++--
 arch/x86/mm/extable.c                    |  31 -----
 block/blk-core.c                         |   4 +
 block/blk-exec.c                         |  15 ++-
 drivers/block/cciss.c                    |   2 +-
 drivers/connector/cn_proc.c              |   1 -
 drivers/md/raid5.c                       |   4 +-
 drivers/media/dvb/ttusb-dec/ttusbdecfe.c |   3 +
 drivers/net/pppol2tp.c                   |   4 +-
 drivers/usb/serial/whiteheat.c           |   7 +-
 fs/udf/inode.c                           |  35 +++---
 include/net/sctp/sctp.h                  |   5 +
 init/main.c                              |   4 +
 net/8021q/vlan_dev.c                     |  10 +-
 net/compat.c                             |   2 +-
 net/mac80211/tx.c                        |   2 +-
 net/sctp/associola.c                     |   2 +
 net/sctp/inqueue.c                       |  33 ++---
 net/sctp/sm_make_chunk.c                 |   3 +
 net/sctp/sm_statefuns.c                  |   4 +-
 sound/core/control.c                     |  31 +++--
 40 files changed, 523 insertions(+), 188 deletions(-)

Summary of changes from 2.6.32.64 to 2.6.32.65
==============================================
Andy Lutomirski (4):
      x86_64/entry/xen: Do not invoke espfix64 on Xen
      x86_64, traps: Stop using IST for #SS
      x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C
      x86_64, traps: Rework bad_iret

Ben Hutchings (4):
      sctp: Fix double-free introduced by bad backport in 2.6.32.62
      md/raid6: Fix misapplied backport in 2.6.32.64
      cciss: Fix misapplied "cciss: fix info leak in cciss_ioctl32_passthru()"
      proc connector: Delete spurious memset in proc_exit_connector()

Boris Ostrovsky (1):
      x86/espfix/xen: Fix allocation of pages for paravirt page tables

Brian Gerst (1):
      x86, 64-bit: Move K8 B step iret fixup to fault entry asm

Dan Carpenter (1):
      ttusb-dec: buffer overflow in ioctl

Daniel Borkmann (3):
      net: sctp: fix panic on duplicate ASCONF chunks
      net: sctp: fix remote memory pressure from excessive queueing
      net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet

H. Peter Anvin (7):
      x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
      x86-32, espfix: Remove filter for espfix32 due to race
      x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
      x86, espfix: Move espfix definitions into a separate header file
      x86, espfix: Fix broken header guard
      x86, espfix: Make espfix64 a Kconfig option, fix UML
      x86, espfix: Make it possible to disable 16-bit support

James Forshaw (1):
      USB: whiteheat: Added bounds checking for bulk command response

Jan Beulich (1):
      x86-64: Adjust frame type at paranoid_exit:

Jan Kara (1):
      udf: Avoid infinite loop when processing indirect ICBs

Johannes Berg (1):
      mac80211: fix fragmentation code, particularly for encryption

Lars-Peter Clausen (2):
      ALSA: control: Don't access controls outside of protected regions
      ALSA: control: Fix replacing user controls

Matthijs Kooijman (1):
      vlan: Don't propagate flag changes on down interfaces.

Muthukumar Ratty (1):
      block: Fix blk_execute_rq_nowait() dead queue handling

Sasha Levin (1):
      net/l2tp: don't fall back on UDP [get|set]sockopt

Tejun Heo (1):
      block: add missing blk_queue_dead() checks

Willy Tarreau (2):
      net: sendmsg: fix failed backport of "fix NULL pointer dereference"
      Linux 2.6.32.65

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ