Ubuntu

CVE-2012-0957

Reported by John Johansen on 2012-10-11
268
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Luis Henriques
Quantal
Low
Luis Henriques
Raring
Low
Unassigned
linux-armadaxp (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
linux-ec2 (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
linux-fsl-imx51 (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
linux-lts-backport-maverick (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
linux-lts-backport-natty (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
linux-lts-quantal (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
linux-mvl-dove (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
linux-ti-omap4 (Ubuntu)
Low
Unassigned
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned

Bug Description

The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.

Break-Fix: be27425dcc516fd08245b047ea57f83b8f6f0903 2702b1526c7278c4d65d78de209a465d4de2885e
Break-Fix: be27425dcc516fd08245b047ea57f83b8f6f0903 31fd84b95eb211d5db460a1dda85e004800a7b52

John Johansen (jjohansen) wrote :

CVE-2012-0957

tags: added: kernel-cve-tracking-bug
security vulnerability: no → yes
Changed in linux-armadaxp (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Hardy):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Natty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance: Undecided → Low
Changed in linux (Ubuntu Precise):
importance: Undecided → Low
Changed in linux (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance: Undecided → Low
Jamie Strandboge (jdstrand) wrote :

Please see bug #1060521 for more information. It is a duplicate of this bug, but LP was timing out and not allowing me to mark it as such.

Luis Henriques (henrix) on 2012-11-07
Changed in linux (Ubuntu Quantal):
assignee: nobody → Luis Henriques (henrix)
status: New → In Progress
Luis Henriques (henrix) on 2012-11-07
Changed in linux (Ubuntu Precise):
assignee: nobody → Luis Henriques (henrix)
status: New → In Progress
no longer affects: linux-armadaxp (Ubuntu Natty)
no longer affects: linux-ec2 (Ubuntu Natty)
no longer affects: linux-lts-backport-oneiric (Ubuntu Natty)
no longer affects: linux-lts-backport-natty (Ubuntu Natty)
no longer affects: linux-lts-quantal (Ubuntu Natty)
no longer affects: linux-mvl-dove (Ubuntu Natty)
no longer affects: linux-lts-backport-maverick (Ubuntu Natty)
no longer affects: linux (Ubuntu Natty)
no longer affects: linux-fsl-imx51 (Ubuntu Natty)
no longer affects: linux-ti-omap4 (Ubuntu Natty)
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
importance: Undecided → Low
Changed in linux (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux (Ubuntu Lucid):
status: New → Invalid
Changed in linux (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Fix Committed
description: updated
Changed in linux-lts-quantal (Ubuntu Raring):
status: New → Invalid
importance: Undecided → Low
Changed in linux (Ubuntu Raring):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Precise):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Quantal):
status: In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux-armadaxp (Ubuntu):
status: New → Confirmed
Changed in linux-ti-omap4 (Ubuntu):
status: New → Confirmed
Changed in linux-armadaxp (Ubuntu Raring):
status: Confirmed → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Raring):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-quantal - 3.5.0-19.30~precise1

---------------
linux-lts-quantal (3.5.0-19.30~precise1) precise-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1078677

  [ Andy Whitcroft ]

  * UBUNTU: ensure we build signed packages for precise
    - LP: #1075181
  * [Config] update Vcs-git: to point to quantal
    - LP: #1069204

  [ Joseph Salisbury ]

  * SAUCE: ALSA: hda - add quirk for Thinkpad T430
    - LP: #1060372

  [ Tim Gardner ]

  * [Config] CONFIG_USB_OTG=n for all but armel/armhf
    - LP: #1047527
  * [Config] remove ndiswrapper from Provides:
    - LP: #1076395
  * [Config] ONFIG_AMD_IOMMU_V2=m
    - LP: #1071520

  [ Upstream Kernel Changes ]

  * kernel/sys.c: fix stack memory content leak via UNAME26
    - LP: #1065622, #1060521
    - CVE-2012-0957
  * use clamp_t in UNAME26 fix
    - LP: #1065622, #1060521
    - CVE-2012-0957
  * net: fix divide by zero in tcp algorithm illinois
    - LP: #1077091
    - CVE-2012-4565

  [ Wen-chien Jesse Sung ]

  * SAUCE: Bluetooth: Add a load_firmware callback to struct hci_dev
    - LP: #1065400
  * SAUCE: Bluetooth: Implement broadcom patchram firmware loader
    - LP: #1065400
  * SAUCE: Bluetooth: Add support for 13d3:3388 and 13d3:3389
    - LP: #1065400
 -- Luis Henriques <email address hidden> Wed, 14 Nov 2012 11:55:55 +0000

Changed in linux-lts-quantal (Ubuntu Precise):
status: Fix Committed → Fix Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.5.0-19.30

---------------
linux (3.5.0-19.30) quantal-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #1078041

  [ Andy Whitcroft ]

  * [Config] update Vcs-git: to point to quantal
    - LP: #1069204

  [ Joseph Salisbury ]

  * SAUCE: ALSA: hda - add quirk for Thinkpad T430
    - LP: #1060372

  [ Tim Gardner ]

  * [Config] CONFIG_USB_OTG=n for all but armel/armhf
    - LP: #1047527
  * [Config] remove ndiswrapper from Provides:
    - LP: #1076395
  * [Config] ONFIG_AMD_IOMMU_V2=m
    - LP: #1071520

  [ Upstream Kernel Changes ]

  * kernel/sys.c: fix stack memory content leak via UNAME26
    - LP: #1065622, #1060521
    - CVE-2012-0957
  * use clamp_t in UNAME26 fix
    - LP: #1065622, #1060521
    - CVE-2012-0957
  * net: fix divide by zero in tcp algorithm illinois
    - LP: #1077091
    - CVE-2012-4565

  [ Wen-chien Jesse Sung ]

  * SAUCE: Bluetooth: Add a load_firmware callback to struct hci_dev
    - LP: #1065400
  * SAUCE: Bluetooth: Implement broadcom patchram firmware loader
    - LP: #1065400
  * SAUCE: Bluetooth: Add support for 13d3:3388 and 13d3:3389
    - LP: #1065400
 -- Luis Henriques <email address hidden> Tue, 13 Nov 2012 15:49:15 +0000

Changed in linux (Ubuntu Quantal):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ti-omap4 - 3.5.0-215.22

---------------
linux-ti-omap4 (3.5.0-215.22) quantal-proposed; urgency=low

  * Release Tracking Bug
    - LP: #1078672

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.5.0-19.30

  [ Ubuntu: 3.5.0-19.30 ]

  * Release Tracking Bug
    - LP: #1078041
  * [Config] update Vcs-git: to point to quantal
    - LP: #1069204
  * SAUCE: ALSA: hda - add quirk for Thinkpad T430
    - LP: #1060372
  * [Config] CONFIG_USB_OTG=n for all but armel/armhf
    - LP: #1047527
  * [Config] remove ndiswrapper from Provides:
    - LP: #1076395
  * [Config] ONFIG_AMD_IOMMU_V2=m
    - LP: #1071520
  * kernel/sys.c: fix stack memory content leak via UNAME26
    - LP: #1065622, #1060521
    - CVE-2012-0957
  * use clamp_t in UNAME26 fix
    - LP: #1065622, #1060521
    - CVE-2012-0957
  * net: fix divide by zero in tcp algorithm illinois
    - LP: #1077091
    - CVE-2012-4565
  * SAUCE: Bluetooth: Add a load_firmware callback to struct hci_dev
    - LP: #1065400
  * SAUCE: Bluetooth: Implement broadcom patchram firmware loader
    - LP: #1065400
  * SAUCE: Bluetooth: Add support for 13d3:3388 and 13d3:3389
    - LP: #1065400
 -- Paolo Pisati <email address hidden> Fri, 16 Nov 2012 10:39:59 +0100

Changed in linux-ti-omap4 (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Raring):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-armadaxp - 3.5.0-1605.7

---------------
linux-armadaxp (3.5.0-1605.7) quantal-proposed; urgency=low

  [ Ike Panhc ]

  * Release Tracking Bug
    - LP: #1078674
  * Rebase onto Ubuntu-3.5.0-19.30

  [ Ubuntu: 3.5.0-19.30 ]

  * Release Tracking Bug
    - LP: #1078041
  * [Config] update Vcs-git: to point to quantal
    - LP: #1069204
  * SAUCE: ALSA: hda - add quirk for Thinkpad T430
    - LP: #1060372
  * [Config] CONFIG_USB_OTG=n for all but armel/armhf
    - LP: #1047527
  * [Config] remove ndiswrapper from Provides:
    - LP: #1076395
  * [Config] ONFIG_AMD_IOMMU_V2=m
    - LP: #1071520
  * kernel/sys.c: fix stack memory content leak via UNAME26
    - LP: #1065622, #1060521
    - CVE-2012-0957
  * use clamp_t in UNAME26 fix
    - LP: #1065622, #1060521
    - CVE-2012-0957
  * net: fix divide by zero in tcp algorithm illinois
    - LP: #1077091
    - CVE-2012-4565
  * SAUCE: Bluetooth: Add a load_firmware callback to struct hci_dev
    - LP: #1065400
  * SAUCE: Bluetooth: Implement broadcom patchram firmware loader
    - LP: #1065400
  * SAUCE: Bluetooth: Add support for 13d3:3388 and 13d3:3389
    - LP: #1065400
 -- Ike Panhc <email address hidden> Wed, 21 Nov 2012 15:52:25 +0800

Changed in linux-armadaxp (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Raring):
status: Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
description: updated
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers