Ubuntu

CVE-2013-1763

Reported by John Johansen on 2013-02-25
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
High
Unassigned
Hardy
High
Unassigned
Lucid
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned
Quantal
High
Unassigned
Raring
High
Unassigned
linux-armadaxp (Ubuntu)
High
Unassigned
Hardy
High
Unassigned
Lucid
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned
Quantal
High
Unassigned
Raring
High
Unassigned
linux-ec2 (Ubuntu)
High
Unassigned
Hardy
High
Unassigned
Lucid
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned
Quantal
High
Unassigned
Raring
High
Unassigned
linux-fsl-imx51 (Ubuntu)
High
Unassigned
Hardy
High
Unassigned
Lucid
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned
Quantal
High
Unassigned
Raring
High
Unassigned
linux-lts-backport-maverick (Ubuntu)
High
Unassigned
Hardy
High
Unassigned
Lucid
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned
Quantal
High
Unassigned
Raring
High
Unassigned
linux-lts-backport-natty (Ubuntu)
Undecided
Unassigned
Hardy
Undecided
Unassigned
Lucid
Undecided
Unassigned
Oneiric
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
Undecided
Unassigned
linux-lts-backport-oneiric (Ubuntu)
High
Unassigned
Hardy
High
Unassigned
Lucid
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned
Quantal
High
Unassigned
Raring
High
Unassigned
linux-lts-quantal (Ubuntu)
High
Unassigned
Hardy
High
Unassigned
Lucid
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned
Quantal
High
Unassigned
Raring
High
Unassigned
linux-mvl-dove (Ubuntu)
High
Unassigned
Hardy
High
Unassigned
Lucid
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned
Quantal
High
Unassigned
Raring
High
Unassigned
linux-ti-omap4 (Ubuntu)
High
Unassigned
Hardy
High
Unassigned
Lucid
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned
Quantal
High
Unassigned
Raring
High
Unassigned

Bug Description

Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.

Break-Fix: 8ef874bfc7296fa206eea2ad1e8a426f576bf6f6 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0

John Johansen (jjohansen) wrote :

CVE-2013-1763

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Raring):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Raring):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Invalid
Changed in linux (Ubuntu Precise):
status: New → Invalid
Changed in linux (Ubuntu Oneiric):
status: New → Invalid
Changed in linux (Ubuntu Lucid):
status: New → Invalid
Changed in linux (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Raring):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Raring):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-armadaxp (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Raring):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Raring):
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Raring):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-lts-quantal (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Raring):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Raring):
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
importance: Undecided → High
Changed in linux (Ubuntu Precise):
importance: Undecided → High
Changed in linux (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux (Ubuntu Lucid):
importance: Undecided → High
Changed in linux (Ubuntu Raring):
importance: Undecided → High
Changed in linux (Ubuntu Hardy):
importance: Undecided → High
Changed in linux (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Raring):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Raring):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → High
Ike Panhc (ikepanhc) on 2013-02-26
Changed in linux-armadaxp (Ubuntu Raring):
status: New → Invalid

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-armadaxp - 3.5.0-1609.13

---------------
linux-armadaxp (3.5.0-1609.13) quantal-proposed; urgency=low

  [ Ike Panhc ]

  * Release Tracking Bug
    - LP: #1132941
  * Rebase onto Ubuntu-3.5.0-25.39

  [ Ubuntu: 3.5.0-25.39 ]

  * Release Tracking Bug
    - LP: #1132885
  * sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
    - LP: #1132896
    - CVE-2013-1763
 -- Ike Panhc <email address hidden> Tue, 26 Feb 2013 10:33:20 +0800

Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ti-omap4 - 3.5.0-220.29

---------------
linux-ti-omap4 (3.5.0-220.29) quantal-proposed; urgency=low

  * Release Tracking Bug
    - LP: #1132939

  [ Brad Figg ]

  * rebased on Ubuntu-3.5.0-25.39

  [ Ubuntu: 3.5.0-25.39 ]

  * sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
    - LP: #1132896
    - CVE-2013-1763
 -- Brad Figg <email address hidden> Tue, 26 Feb 2013 13:42:21 -0800

Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Fix Released
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Fix Released
Changed in linux (Ubuntu Quantal):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.8.0-8.17

---------------
linux (3.8.0-8.17) raring; urgency=low

  [Tim Gardner]

  * Release Tracking Bug
    - LP: #1133552
  * Bump ABI to fix armhf FTBS

  [ Herton Ronaldo Krzesinski ]

  * d-i: Add hid-logitech-dj to input-modules
    - LP: #975198
 -- Tim Gardner <email address hidden> Tue, 26 Feb 2013 12:12:21 -0700

Changed in linux (Ubuntu Raring):
status: New → Fix Released
Changed in linux-ti-omap4 (Ubuntu Raring):
status: New → Fix Committed
description: updated
description: updated
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: Won't Fix → Invalid
Changed in linux-ti-omap4 (Ubuntu Raring):
status: Fix Committed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers