Ubuntu
linux package

Kernel security test for CVE-2016-9793 failed on Precise

Bug #1653043 reported by Po-Hsu Lin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned
Nominated for Precise by Po-Hsu Lin

Bug Description

According to the patch ACK mail, the patch for this CVE was only applied to releases later than Precise.

Therefore the kernel security test for this will fail.

======================================================================
FAIL: test_213_setscokopt_sndbufforce_negative_value (__main__.KernelSecurityTest)
Ensure setsockopt(SO_SNDBUFFORCE) does not accept negative values (CVE-2016-9793)
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 2009, in test_213_setscokopt_sndbufforce_negative_value
self.assertEquals(expected, rc, result + report)
AssertionError: Got exit code 0, expected 1
2048

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: linux-image-3.2.0-120-generic 3.2.0-120.163
ProcVersionSignature: Ubuntu 3.2.0-120.163-generic 3.2.79
Uname: Linux 3.2.0-120-generic x86_64
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24.
ApportVersion: 2.0.1-0ubuntu17.15
Architecture: amd64
ArecordDevices:
 **** List of CAPTURE Hardware Devices ****
 card 0: PCH [HDA Intel PCH], device 0: STAC92xx Analog [STAC92xx Analog]
   Subdevices: 1/1
   Subdevice #0: subdevice #0
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: ubuntu 1995 F.... pulseaudio
Card0.Amixer.info:
 Card hw:0 'PCH'/'HDA Intel PCH at 0x7ec60000 irq 45'
   Mixer name : 'Intel CougarPoint HDMI'
   Components : 'HDA:111d76e7,102804b4,00100102 HDA:80862805,80860101,00100000'
   Controls : 37
   Simple ctrls : 13
Date: Wed Dec 28 23:37:00 2016
HibernationDevice: RESUME=UUID=70dc7c7d-3240-48c1-acef-891fb4cf81a2
InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120823.1)
MachineType: Dell Inc. Latitude XT3
MarkForUpload: True
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-120-generic root=UUID=29c9bce0-72f9-4dfb-8e61-c6ef6ad66e90 ro quiet splash initcall_debug vt.handoff=7
RelatedPackageVersions:
 linux-restricted-modules-3.2.0-120-generic N/A
 linux-backports-modules-3.2.0-120-generic N/A
 linux-firmware 1.79.18
SourcePackage: linux
StagingDrivers: mei
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 02/28/2012
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A05
dmi.board.name: 09HM99
dmi.board.vendor: Dell Inc.
dmi.board.version: X00
dmi.chassis.type: 9
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvrA05:bd02/28/2012:svnDellInc.:pnLatitudeXT3:pvr01:rvnDellInc.:rn09HM99:rvrX00:cvnDellInc.:ct9:cvr:
dmi.product.name: Latitude XT3
dmi.product.version: 01
dmi.sys.vendor: Dell Inc.

CVE References

Revision history for this message
Po-Hsu Lin (cypressyew) wrote :
Revision history for this message
Brad Figg (brad-figg) wrote : Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

<henrix> PHLin: according to our CVE tracker precise is *not* affected by CVE-2016-9793

And the expected return code should be 0 [1], it's still expecting 1 here, so this was not using the updated test suite.
I will close this bug with "Invalid".

[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1652242

Changed in linux (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.