Update Hardy kernel AKI for local privilege escalation
Bug #420635 reported by
Ben Jencks
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on EC2 |
Invalid
|
Medium
|
Chuck Short | ||
Hardy |
Invalid
|
Medium
|
Chuck Short | ||
Intrepid |
Invalid
|
Medium
|
Chuck Short | ||
linux (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Hardy |
Fix Released
|
Medium
|
Chuck Short | ||
Intrepid |
Invalid
|
Medium
|
Unassigned |
Bug Description
Can we get updated Hardy kernel AKIs that fix USN-819-
[1] http://
visibility: | private → public |
Changed in ubuntu-on-ec2: | |
status: | New → Confirmed |
importance: | Undecided → High |
Changed in ubuntu-on-ec2: | |
status: | Confirmed → Triaged |
assignee: | nobody → Chuck Short (zulcss) |
tags: | added: ec2-images uec-images |
tags: | removed: uec-images |
To post a comment you must log in.
Set the importance to medium. This matches the security team's assessment in bug #413656. Note that Ubuntu by default has a value of 65536 for vm.mmap_min_addr, so the only known attack vectors are through setuid binaries or if someone installed wine or dosemu (which causes vm.mmap_min_addr to be set to 0). I think dosemu and wine are rarities on EC2 :)