Update Hardy kernel AKI for local privilege escalation

Bug #420635 reported by Ben Jencks on 2009-08-28
264
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on EC2
Medium
Chuck Short
Hardy
Medium
Chuck Short
Intrepid
Medium
Chuck Short
linux (Ubuntu)
Medium
Unassigned
Hardy
Medium
Chuck Short
Intrepid
Medium
Unassigned

Bug Description

Can we get updated Hardy kernel AKIs that fix USN-819-1/CVE-2009-2692? Amazon just released updates to their 2.6.18 kernels [1], but I like using the Hardy 2.6.24 kernel.

[1] http://developer.amazonwebservices.com/connect/thread.jspa?threadID=35410

Ben Jencks (bjencks) on 2009-08-28
visibility: private → public
Eric Hammond (esh) on 2009-08-30
Changed in ubuntu-on-ec2:
status: New → Confirmed
importance: Undecided → High
Thierry Carrez (ttx) on 2009-09-02
Changed in ubuntu-on-ec2:
status: Confirmed → Triaged
assignee: nobody → Chuck Short (zulcss)
Scott Moser (smoser) on 2009-09-08
tags: added: ec2-images uec-images
Scott Moser (smoser) on 2009-09-09
tags: removed: uec-images
Soren Hansen (soren) wrote :

Set the importance to medium. This matches the security team's assessment in bug #413656. Note that Ubuntu by default has a value of 65536 for vm.mmap_min_addr, so the only known attack vectors are through setuid binaries or if someone installed wine or dosemu (which causes vm.mmap_min_addr to be set to 0). I think dosemu and wine are rarities on EC2 :)

Changed in ubuntu-on-ec2:
importance: High → Medium
Scott Moser (smoser) wrote :

for this task 'linux (Ubuntu)' this bug will be closed when we get karmic kernel (bug 418130).

Changed in linux (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Changed in linux (Ubuntu Hardy):
status: New → Triaged
Changed in linux (Ubuntu Intrepid):
status: New → Triaged
importance: Undecided → Medium
Changed in linux (Ubuntu Hardy):
importance: Undecided → Medium
assignee: nobody → Chuck Short (zulcss)
Changed in linux (Ubuntu Intrepid):
assignee: nobody → Chuck Short (zulcss)
Changed in ubuntu-on-ec2:
status: Triaged → Invalid
Scott Moser (smoser) wrote :

Marking linux (Ubuntu) task as Fix Released, with karmic kernels on ec2.

Changed in linux (Ubuntu):
status: Triaged → Fix Released
Scott Moser (smoser) wrote :

Chuck put together a linux-xen build of 2.6.24-10. It is available on the ubuntu-on-ec2 ppa for hardy [1] and kernel/ramdisks are available in ec2 now in the ubuntu-kernels-testing-us and
ubuntu-kernels-testing-eu buckets [2]
--
[1] https://launchpad.net/~ubuntu-on-ec2/+archive/ppa?field.series_filter=hardy
[2] http://thecloudmarket.com/search?search_term=ubuntu-hardy+image-2.6.24-10

Changed in linux (Ubuntu Hardy):
status: Triaged → Fix Committed
Scott Moser (smoser) wrote :

Published hardy kernels have fix and new published amis use this kernels

Changed in linux (Ubuntu Hardy):
status: Fix Committed → Fix Released
Alex Valavanis (valavanisalex) wrote :

Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the report. The bug has been fixed in newer releases of Ubuntu.

Changed in linux (Ubuntu Intrepid):
assignee: Chuck Short (zulcss) → nobody
status: Triaged → Invalid
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers