Ubuntu

CVE-2013-1767

Reported by John Johansen on 2013-03-04
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Status tracked in Trusty
Lucid
Medium
Luis Henriques
Precise
Medium
Luis Henriques
Quantal
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-armadaxp (Ubuntu)
Status tracked in Trusty
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-ec2 (Ubuntu)
Status tracked in Trusty
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-fsl-imx51 (Ubuntu)
Status tracked in Trusty
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-lts-backport-maverick (Ubuntu)
Status tracked in Trusty
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-lts-backport-natty (Ubuntu)
Status tracked in Trusty
Hardy
Undecided
Unassigned
Lucid
Undecided
Unassigned
Oneiric
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Status tracked in Trusty
Hardy
Medium
Unassigned
Lucid
Medium
Unassigned
Oneiric
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-lts-quantal (Ubuntu)
Status tracked in Trusty
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-lts-raring (Ubuntu)
Status tracked in Trusty
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-lts-saucy (Ubuntu)
Status tracked in Trusty
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned
linux-mvl-dove (Ubuntu)
Status tracked in Trusty
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-ti-omap4 (Ubuntu)
Status tracked in Trusty
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned

Bug Description

Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option.

Break-Fix: - 5f00110f7273f9ff04ac69a5f85bb535a4fd0987

John Johansen (jjohansen) wrote :

CVE-2013-1767

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
Changed in linux-armadaxp (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Raring):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Raring):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Raring):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux (Ubuntu Raring):
status: New → Fix Committed
Luis Henriques (henrix) on 2013-03-07
Changed in linux (Ubuntu Precise):
assignee: nobody → Luis Henriques (henrix)
status: New → In Progress
Changed in linux (Ubuntu Lucid):
assignee: nobody → Luis Henriques (henrix)
status: New → In Progress
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Raring):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Precise):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Raring):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: Fix Committed → Fix Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-46.107

---------------
linux (2.6.32-46.107) lucid-proposed; urgency=low

  [Steve Conklin]

  * Release Tracking Bug
    - LP: #1158939

  [ Ben Hutchings ]

  * SAUCE: signal: Fix use of missing sa_restorer field
    - LP: #1153813
    - CVE-2013-0914

  [ Upstream Kernel Changes ]

  * ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT)
    - LP: #1156732
    - CVE-2012-6540
  * kernel/signal.c: use __ARCH_HAS_SA_RESTORER instead of SA_RESTORER
    - LP: #1153813
    - CVE-2013-0914

linux (2.6.32-46.106) lucid-proposed; urgency=low

  [Steve Conklin]

  * Release Tracking Bug
    - LP: #1158829

  [ Upstream Kernel Changes ]

  * tmpfs: fix use-after-free of mempolicy object
    - LP: #1143815
    - CVE-2013-1767
  * keys: fix race with concurrent install_user_keyrings()
    - LP: #1152788
    - CVE-2013-1792
  * signal: always clear sa_restorer on execve
    - LP: #1153813
    - CVE-2013-0914
  * Fix ptrace when task is in task_is_stopped(), state
    - LP: #1145234
  * xfrm_user: fix info leak in copy_to_user_tmpl()
    - LP: #1156716
    - CVE-2012-6537
  * xfrm_user: fix info leak in copy_to_user_policy()
    - LP: #1156716
    - CVE-2012-6537
  * xfrm_user: fix info leak in copy_to_user_state()
    - LP: #1156716
    - CVE-2012-6537
  * net: fix info leak in compat dev_ifconf()
    - LP: #1156728
    - CVE-2012-6539
 -- Steve Conklin <email address hidden> Fri, 22 Mar 2013 13:57:09 -0500

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (12.1 KiB)

This bug was fixed in the package linux - 3.2.0-40.64

---------------
linux (3.2.0-40.64) precise-proposed; urgency=low

  [Steve Conklin]

  * Release Tracking Bug
    - LP: #1160017

  [ Stefan Bader ]

  * SAUCE: Revert "SAUCE: xen/pv-spinlock: Never enable interrupts in
    xen_spin_lock_slow()"

  [ Xiangliang Yu ]

  * SAUCE: PCI: define macro for marvell vendor ID
    - LP: #1159863
  * SAUCE: PCI: fix system hang issue of Marvell SATA host controller
    - LP: #1159863

linux (3.2.0-40.63) precise-proposed; urgency=low

  [Steve Conklin]

  * Release Tracking Bug
    - LP: #1157785

  [ Andy Whitcroft ]

  * [Config] re-disable CONFIG_SOUND_OSS_PRECLAIM
    - LP: #1105230

  [ Luis Henriques ]

  * [Config] CONFIG_NFS_V4_1=y
    - LP: #1111416

  [ Upstream Kernel Changes ]

  * Revert "drm: Add EDID_QUIRK_FORCE_REDUCED_BLANKING for ASUS VW222S"
    - LP: #1150557
  * tmpfs: fix use-after-free of mempolicy object
    - LP: #1143815
    - CVE-2013-1767
  * sunvdc: Fix off-by-one in generic_request().
    - LP: #1150557
  * genirq: Avoid deadlock in spurious handling
    - LP: #1150557
  * KVM: s390: Handle hosts not supporting s390-virtio.
    - LP: #1150557
  * workqueue: consider work function when searching for busy work items
    - LP: #1150557
  * v4l: Reset subdev v4l2_dev field to NULL if registration fails
    - LP: #1150557
  * omap_vout: find_vma() needs ->mmap_sem held
    - LP: #1150557
  * dca: check against empty dca_domains list before unregister provider
    - LP: #1150557
  * powerpc/eeh: Fix crash when adding a device in a slot with DDW
    - LP: #1150557
  * ext4: return ENOMEM if sb_getblk() fails
    - LP: #1150557
  * pcmcia/vrc4171: Add missing spinlock init
    - LP: #1150557
  * Purge existing TLB entries in set_pte_at and ptep_set_wrprotect
    - LP: #1150557
  * ARM: PXA3xx: program the CSMSADRCFG register
    - LP: #1150557
  * USB: option: add and update Alcatel modems
    - LP: #1150557
  * quota: autoload the quota_v2 module for QFMT_VFS_V1 quota format
    - LP: #1150557
  * ext4: fix possible use-after-free with AIO
    - LP: #1150557
  * s390/kvm: Fix store status for ACRS/FPRS
    - LP: #1150557
  * staging: comedi: disallow COMEDI_DEVCONFIG on non-board minors
    - LP: #1150557
  * ALSA: usb-audio: fix Roland A-PRO support
    - LP: #1150557
  * x86-32, mm: Rip out x86_32 NUMA remapping code
    - LP: #1150557
  * ALSA: hda - Release assigned pin/cvt at error path of hdmi_pcm_open()
    - LP: #1150557
  * ext4: fix race in ext4_mb_add_n_trim()
    - LP: #1150557
  * zram: Fix deadlock bug in partial read/write
    - LP: #1150557
  * Driver core: treat unregistered bus_types as having no devices
    - LP: #1150557
  * ALSA: aloop: Fix Oops while PM resume
    - LP: #1150557
  * UBIFS: fix double free of ubifs_orphan objects
    - LP: #1150557
  * tty: set_termios/set_termiox should not return -EINTR
    - LP: #1150557
  * hrtimer: Prevent hrtimer_enqueue_reprogram race
    - LP: #1150557
  * nfsd: Fix memleak
    - LP: #1150557
  * staging: comedi: check s->async for poll(), read() and write()
    - LP: #1150557
  * ACPI: Add DMI entry for Sony VGN-FW41E_H
    - LP: #1150557
  * vgacon/vt: clear buf...

Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-armadaxp - 3.2.0-1616.25

---------------
linux-armadaxp (3.2.0-1616.25) precise-proposed; urgency=low

  [ Ike Panhc ]

  * Release Tracking Bug
    - LP: #1160195
  * Rebase onto Ubuntu-3.2.0-40.64

  [ Ubuntu: 3.2.0-40.64 ]

  * Release Tracking Bug
    - LP: #1160017
  * SAUCE: Revert "SAUCE: xen/pv-spinlock: Never enable interrupts in
    xen_spin_lock_slow()"
  * SAUCE: PCI: define macro for marvell vendor ID
    - LP: #1159863
  * SAUCE: PCI: fix system hang issue of Marvell SATA host controller
    - LP: #1159863
 -- Ike Panhc <email address hidden> Tue, 26 Mar 2013 16:09:13 +0800

Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (12.2 KiB)

This bug was fixed in the package linux-ti-omap4 - 3.2.0-1429.38

---------------
linux-ti-omap4 (3.2.0-1429.38) precise-proposed; urgency=low

  * Release Tracking Bug
    - LP: #1160194

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.2.0-40.64

  [ Upstream Kernel Changes ]

  * Fix ABI directories

  [ Ubuntu: 3.2.0-40.64 ]

  * Release Tracking Bug
    - LP: #1160017
  * SAUCE: Revert "SAUCE: xen/pv-spinlock: Never enable interrupts in
    xen_spin_lock_slow()"
  * SAUCE: PCI: define macro for marvell vendor ID
    - LP: #1159863
  * SAUCE: PCI: fix system hang issue of Marvell SATA host controller
    - LP: #1159863

linux-ti-omap4 (3.2.0-1428.37) precise-proposed; urgency=low

  * Release Tracking Bug
    - LP: #1158081

  [ Paolo Pisati ]

  * rebased on Ubuntu-3.2.0-40.63

  [ Ubuntu: 3.2.0-40.63 ]

  * Release Tracking Bug
    - LP: #1157785
  * [Config] re-disable CONFIG_SOUND_OSS_PRECLAIM
    - LP: #1105230
  * [Config] CONFIG_NFS_V4_1=y
    - LP: #1111416
  * Revert "drm: Add EDID_QUIRK_FORCE_REDUCED_BLANKING for ASUS VW222S"
    - LP: #1150557
  * tmpfs: fix use-after-free of mempolicy object
    - LP: #1143815
    - CVE-2013-1767
  * sunvdc: Fix off-by-one in generic_request().
    - LP: #1150557
  * genirq: Avoid deadlock in spurious handling
    - LP: #1150557
  * KVM: s390: Handle hosts not supporting s390-virtio.
    - LP: #1150557
  * workqueue: consider work function when searching for busy work items
    - LP: #1150557
  * v4l: Reset subdev v4l2_dev field to NULL if registration fails
    - LP: #1150557
  * omap_vout: find_vma() needs ->mmap_sem held
    - LP: #1150557
  * dca: check against empty dca_domains list before unregister provider
    - LP: #1150557
  * powerpc/eeh: Fix crash when adding a device in a slot with DDW
    - LP: #1150557
  * ext4: return ENOMEM if sb_getblk() fails
    - LP: #1150557
  * pcmcia/vrc4171: Add missing spinlock init
    - LP: #1150557
  * Purge existing TLB entries in set_pte_at and ptep_set_wrprotect
    - LP: #1150557
  * ARM: PXA3xx: program the CSMSADRCFG register
    - LP: #1150557
  * USB: option: add and update Alcatel modems
    - LP: #1150557
  * quota: autoload the quota_v2 module for QFMT_VFS_V1 quota format
    - LP: #1150557
  * ext4: fix possible use-after-free with AIO
    - LP: #1150557
  * s390/kvm: Fix store status for ACRS/FPRS
    - LP: #1150557
  * staging: comedi: disallow COMEDI_DEVCONFIG on non-board minors
    - LP: #1150557
  * ALSA: usb-audio: fix Roland A-PRO support
    - LP: #1150557
  * x86-32, mm: Rip out x86_32 NUMA remapping code
    - LP: #1150557
  * ALSA: hda - Release assigned pin/cvt at error path of hdmi_pcm_open()
    - LP: #1150557
  * ext4: fix race in ext4_mb_add_n_trim()
    - LP: #1150557
  * zram: Fix deadlock bug in partial read/write
    - LP: #1150557
  * Driver core: treat unregistered bus_types as having no devices
    - LP: #1150557
  * ALSA: aloop: Fix Oops while PM resume
    - LP: #1150557
  * UBIFS: fix double free of ubifs_orphan objects
    - LP: #1150557
  * tty: set_termios/set_termiox should not return -EINTR
    - LP: #1150557
  * hrtimer: Prevent hrtimer_enqueue_reprogram race
    - LP: #1150557
  * nfsd: Fix memleak
    - LP...

Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ec2 - 2.6.32-351.63

---------------
linux-ec2 (2.6.32-351.63) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-46.107
  * Release Tracking Bug
    - LP: #1159191

  [ Ubuntu: 2.6.32-46.107 ]

  * SAUCE: signal: Fix use of missing sa_restorer field
    - LP: #1153813
    - CVE-2013-0914
  * ipvs: fix info leak in getsockopt(IP_VS_SO_GET_TIMEOUT)
    - LP: #1156732
    - CVE-2012-6540
  * kernel/signal.c: use __ARCH_HAS_SA_RESTORER instead of SA_RESTORER
    - LP: #1153813
    - CVE-2013-0914

  [ Ubuntu: 2.6.32-46.106 ]

  * tmpfs: fix use-after-free of mempolicy object
    - LP: #1143815
    - CVE-2013-1767
  * keys: fix race with concurrent install_user_keyrings()
    - LP: #1152788
    - CVE-2013-1792
  * signal: always clear sa_restorer on execve
    - LP: #1153813
    - CVE-2013-0914
  * Fix ptrace when task is in task_is_stopped(), state
    - LP: #1145234
  * xfrm_user: fix info leak in copy_to_user_tmpl()
    - LP: #1156716
    - CVE-2012-6537
  * xfrm_user: fix info leak in copy_to_user_policy()
    - LP: #1156716
    - CVE-2012-6537
  * xfrm_user: fix info leak in copy_to_user_state()
    - LP: #1156716
    - CVE-2012-6537
  * net: fix info leak in compat dev_ifconf()
    - LP: #1156728
    - CVE-2012-6539
 -- Stefan Bader <email address hidden> Mon, 25 Mar 2013 14:38:06 +0100

Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Raring):
status: Fix Committed → Invalid
Changed in linux-lts-quantal (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Julian Wiedmann (jwiedmann) wrote :

This release has reached end-of-life [0].

[0] https://wiki.ubuntu.com/Releases

Changed in linux (Ubuntu Hardy):
status: New → Invalid
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. oneiric has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against oneiric is being marked "Won't Fix".
Please see https://wiki.ubuntu.com/Releases for currently
supported Ubuntu releases.

Please feel free to report any other bugs you may find.

Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: Fix Committed → Won't Fix
no longer affects: linux-armadaxp (Ubuntu Hardy)
no longer affects: linux-armadaxp (Ubuntu Oneiric)
no longer affects: linux-armadaxp (Ubuntu Raring)
no longer affects: linux-ec2 (Ubuntu Hardy)
no longer affects: linux-ec2 (Ubuntu Oneiric)
no longer affects: linux-ec2 (Ubuntu Raring)
no longer affects: linux-lts-saucy (Ubuntu Hardy)
no longer affects: linux-lts-saucy (Ubuntu Oneiric)
no longer affects: linux-lts-saucy (Ubuntu Raring)
no longer affects: linux-lts-quantal (Ubuntu Hardy)
no longer affects: linux-lts-quantal (Ubuntu Oneiric)
no longer affects: linux-lts-quantal (Ubuntu Raring)
no longer affects: linux-mvl-dove (Ubuntu Hardy)
no longer affects: linux-mvl-dove (Ubuntu Oneiric)
no longer affects: linux-mvl-dove (Ubuntu Raring)
no longer affects: linux (Ubuntu Hardy)
no longer affects: linux (Ubuntu Oneiric)
no longer affects: linux (Ubuntu Raring)
no longer affects: linux-fsl-imx51 (Ubuntu Hardy)
no longer affects: linux-fsl-imx51 (Ubuntu Oneiric)
no longer affects: linux-fsl-imx51 (Ubuntu Raring)
no longer affects: linux-ti-omap4 (Ubuntu Hardy)
no longer affects: linux-ti-omap4 (Ubuntu Oneiric)
no longer affects: linux-ti-omap4 (Ubuntu Raring)
no longer affects: linux-lts-raring (Ubuntu Hardy)
no longer affects: linux-lts-raring (Ubuntu Oneiric)
no longer affects: linux-lts-raring (Ubuntu Raring)
Changed in linux-ti-omap4 (Ubuntu Trusty):
status: Fix Committed → Invalid
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Quantal):
status: New → Invalid
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers