Ubuntu on EC2

Update Hardy kernel AKI for local privilege escalation

Bug #420635 reported by Ben Jencks on 2009-08-28

264

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu on EC2	Invalid	Medium	Chuck Short
	Hardy	Invalid	Medium	Chuck Short
	Intrepid	Invalid	Medium	Chuck Short
	linux (Ubuntu)	Fix Released	Medium	Unassigned
	Hardy	Fix Released	Medium	Chuck Short
	Intrepid	Invalid	Medium	Unassigned

Bug Description

Can we get updated Hardy kernel AKIs that fix USN-819-1/CVE-2009-2692? Amazon just released updates to their 2.6.18 kernels [1], but I like using the Hardy 2.6.24 kernel.

[1] http://developer.amazonwebservices.com/connect/thread.jspa?threadID=35410

Tags:

Ben Jencks (bjencks) on 2009-08-28

visibility:

private → public

Eric Hammond (esh) on 2009-08-30

Changed in ubuntu-on-ec2:
status:	New → Confirmed
importance:	Undecided → High

Thierry Carrez (ttx) on 2009-09-02

Changed in ubuntu-on-ec2:
status:	Confirmed → Triaged
assignee:	nobody → Chuck Short (zulcss)

Scott Moser (smoser) on 2009-09-08

tags:

added: ec2-images uec-images

Scott Moser (smoser) on 2009-09-09

tags:

removed: uec-images

Revision history for this message

Soren Hansen (soren) wrote on 2009-09-09:

#1

Set the importance to medium. This matches the security team's assessment in bug #413656. Note that Ubuntu by default has a value of 65536 for vm.mmap_min_addr, so the only known attack vectors are through setuid binaries or if someone installed wine or dosemu (which causes vm.mmap_min_addr to be set to 0). I think dosemu and wine are rarities on EC2 :)

Changed in ubuntu-on-ec2:
importance:	High → Medium

Revision history for this message

Scott Moser (smoser) wrote on 2009-09-09:

#2

for this task 'linux (Ubuntu)' this bug will be closed when we get karmic kernel (bug 418130).

Changed in linux (Ubuntu):
importance:	Undecided → Medium
status:	New → Triaged
Changed in linux (Ubuntu Hardy):
status:	New → Triaged
Changed in linux (Ubuntu Intrepid):
status:	New → Triaged
importance:	Undecided → Medium
Changed in linux (Ubuntu Hardy):
importance:	Undecided → Medium
assignee:	nobody → Chuck Short (zulcss)
Changed in linux (Ubuntu Intrepid):
assignee:	nobody → Chuck Short (zulcss)
Changed in ubuntu-on-ec2:
status:	Triaged → Invalid

Revision history for this message

Scott Moser (smoser) wrote on 2009-09-15:

#3

Marking linux (Ubuntu) task as Fix Released, with karmic kernels on ec2.

Changed in linux (Ubuntu):
status:	Triaged → Fix Released

Revision history for this message

Scott Moser (smoser) wrote on 2009-11-05:

#4

Chuck put together a linux-xen build of 2.6.24-10. It is available on the ubuntu-on-ec2 ppa for hardy [1] and kernel/ramdisks are available in ec2 now in the ubuntu-kernels-testing-us and
ubuntu-kernels-testing-eu buckets [2]
--
[1] https://launchpad.net/~ubuntu-on-ec2/+archive/ppa?field.series_filter=hardy
[2] http://thecloudmarket.com/search?search_term=ubuntu-hardy+image-2.6.24-10

Changed in linux (Ubuntu Hardy):
status:	Triaged → Fix Committed

Revision history for this message

Scott Moser (smoser) wrote on 2009-12-02:

#5

Published hardy kernels have fix and new published amis use this kernels

Changed in linux (Ubuntu Hardy):
status:	Fix Committed → Fix Released

Revision history for this message

Alex Valavanis (valavanisalex) wrote on 2010-05-07:

#6

Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the report. The bug has been fixed in newer releases of Ubuntu.

Changed in linux (Ubuntu Intrepid):
assignee:	Chuck Short (zulcss) → nobody
status:	Triaged → Invalid

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.