Ubuntu

CVE-2013-2141

Reported by John Johansen on 2013-06-05
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-armadaxp (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-ec2 (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-fsl-imx51 (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-lts-backport-maverick (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-lts-backport-natty (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
Undecided
Unassigned
Saucy
Undecided
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
Undecided
Unassigned
Saucy
Undecided
Unassigned
linux-lts-quantal (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-lts-raring (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-mvl-dove (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-ti-omap4 (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned

Bug Description

The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call.

Break-Fix: - b9e146d8eb3b9ecae5086d373b50fa0c1f3e7f0f

John Johansen (jjohansen) wrote :

CVE-2013-2141

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Saucy):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Raring):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Raring):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Saucy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Raring):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Raring):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Saucy):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Raring):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Saucy):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Raring):
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Saucy):
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Raring):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Saucy):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Raring):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Saucy):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Raring):
importance: Undecided → Low
Changed in linux (Ubuntu Precise):
importance: Undecided → Low
Changed in linux (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux (Ubuntu Saucy):
importance: Undecided → Low
Changed in linux (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux (Ubuntu Raring):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Saucy):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Raring):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Saucy):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Raring):
importance: Undecided → Low
Changed in linux-lts-raring (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-raring (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-raring (Ubuntu Saucy):
importance: Undecided → Low
Changed in linux-lts-raring (Ubuntu Quantal):
importance: Undecided → Low
Changed in linux-lts-raring (Ubuntu Raring):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Released
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Precise):
status: New → Fix Released
Changed in linux (Ubuntu Saucy):
status: New → Invalid
Changed in linux (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux (Ubuntu Raring):
status: New → Fix Released
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Released
Changed in linux-ti-omap4 (Ubuntu Saucy):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Raring):
status: New → Fix Committed
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Fix Released
description: updated
Changed in linux-armadaxp (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-lts-quantal (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (10.4 KiB)

This bug was fixed in the package linux - 2.6.32-49.111

---------------
linux (2.6.32-49.111) lucid; urgency=low

  [Steve Conklin]

  * Release Tracking Bug
    - LP: #1193108

  [ Upstream Kernel Changes ]

  * Revert "pcdp: use early_ioremap/early_iounmap to access pcdp table"
    - LP: #1193044
  * Revert "block: improve queue_should_plug() by looking at IO depths"
    - LP: #1193044
  * kernel/signal.c: stop info leak via the tkill and the tgkill syscalls
    - LP: #1187732
    - CVE-2013-2141
  * b43: stop format string leaking into error msgs
    - LP: #1189833
    - CVE-2013-2852
  * 2.6.32.y: timekeeping: Fix nohz issue with commit
    61b76840ddee647c0c223365378c3f394355b7d7
    - LP: #1193044
  * clockevents: Don't allow dummy broadcast timers
    - LP: #1193044
  * posix-cpu-timers: Fix nanosleep task_struct leak
    - LP: #1193044
  * timer: Don't reinitialize the cpu base lock during CPU_UP_PREPARE
    - LP: #1193044
  * tick: Cleanup NOHZ per cpu data on cpu down
    - LP: #1193044
  * kbuild: Fix gcc -x syntax
    - LP: #1193044
  * gen_init_cpio: avoid stack overflow when expanding
    - LP: #1193044
  * coredump: prevent double-free on an error path in core dumper
    - LP: #1193044
  * kernel/sys.c: call disable_nonboot_cpus() in kernel_restart()
    - LP: #1193044
  * ring-buffer: Fix race between integrity check and readers
    - LP: #1193044
  * genalloc: stop crashing the system when destroying a pool
    - LP: #1193044
  * kernel/resource.c: fix stack overflow in __reserve_region_with_split()
    - LP: #1193044
  * Driver core: treat unregistered bus_types as having no devices
    - LP: #1193044
  * cgroup: remove incorrect dget/dput() pair in cgroup_create_dir()
    - LP: #1193044
  * Fix a dead loop in async_synchronize_full()
    - LP: #1193044
  * tracing: Don't call page_to_pfn() if page is NULL
    - LP: #1193044
  * tracing: Fix double free when function profile init failed
    - LP: #1193044
  * mm: Fix PageHead when !CONFIG_PAGEFLAGS_EXTENDED
    - LP: #1193044
  * mm: bugfix: set current->reclaim_state to NULL while returning from
    kswapd()
    - LP: #1193044
  * mm: fix invalidate_complete_page2() lock ordering
    - LP: #1193044
  * mempolicy: fix a race in shared_policy_replace()
    - LP: #1193044
  * ALSA: hda - More ALC663 fixes and support of compatible chips
    - LP: #1193044
  * ALSA: hda - Add a pin-fix for FSC Amilo Pi1505
    - LP: #1193044
  * ALSA: seq: Fix missing error handling in snd_seq_timer_open()
    - LP: #1193044
  * ALSA: ac97 - Fix missing NULL check in snd_ac97_cvol_new()
    - LP: #1193044
  * x86, ioapic: initialize nr_ioapic_registers early in
    mp_register_ioapic()
    - LP: #1193044
  * x86: Don't use the EFI reboot method by default
    - LP: #1193044
  * x86, random: make ARCH_RANDOM prompt if EMBEDDED, not EXPERT
    - LP: #1193044
  * x86/mm: Check if PUD is large when validating a kernel address
    - LP: #1193044
  * x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates
    - LP: #1193044
  * xen/bootup: allow read_tscp call for Xen PV guests.
    - LP: #1193044
  * xen/bootup: allow {read|write}_cr8 pvops call.
    - LP: #1193044
  * KVM: x86: relax MSR...

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :
Download full text (10.7 KiB)

This bug was fixed in the package linux-ec2 - 2.6.32-354.67

---------------
linux-ec2 (2.6.32-354.67) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-49.111
  * SAUCE: ec2: Backport x86/mm: Check if PUD is large when validating a
    kernel address
    - LP: #1193044
  * SAUCE: ec2: Backport x86, ioapic: initialize nr_ioapic_registers early
    in mp_register_ioapic()
    - LP: #1193044
  * Release Tracking Bug
    - LP: #1193202

  [ Ubuntu: 2.6.32-49.111 ]

  * Revert "pcdp: use early_ioremap/early_iounmap to access pcdp table"
    - LP: #1193044
  * Revert "block: improve queue_should_plug() by looking at IO depths"
    - LP: #1193044
  * kernel/signal.c: stop info leak via the tkill and the tgkill syscalls
    - LP: #1187732
    - CVE-2013-2141
  * b43: stop format string leaking into error msgs
    - LP: #1189833
    - CVE-2013-2852
  * 2.6.32.y: timekeeping: Fix nohz issue with commit
    61b76840ddee647c0c223365378c3f394355b7d7
    - LP: #1193044
  * clockevents: Don't allow dummy broadcast timers
    - LP: #1193044
  * posix-cpu-timers: Fix nanosleep task_struct leak
    - LP: #1193044
  * timer: Don't reinitialize the cpu base lock during CPU_UP_PREPARE
    - LP: #1193044
  * tick: Cleanup NOHZ per cpu data on cpu down
    - LP: #1193044
  * kbuild: Fix gcc -x syntax
    - LP: #1193044
  * gen_init_cpio: avoid stack overflow when expanding
    - LP: #1193044
  * coredump: prevent double-free on an error path in core dumper
    - LP: #1193044
  * kernel/sys.c: call disable_nonboot_cpus() in kernel_restart()
    - LP: #1193044
  * ring-buffer: Fix race between integrity check and readers
    - LP: #1193044
  * genalloc: stop crashing the system when destroying a pool
    - LP: #1193044
  * kernel/resource.c: fix stack overflow in __reserve_region_with_split()
    - LP: #1193044
  * Driver core: treat unregistered bus_types as having no devices
    - LP: #1193044
  * cgroup: remove incorrect dget/dput() pair in cgroup_create_dir()
    - LP: #1193044
  * Fix a dead loop in async_synchronize_full()
    - LP: #1193044
  * tracing: Don't call page_to_pfn() if page is NULL
    - LP: #1193044
  * tracing: Fix double free when function profile init failed
    - LP: #1193044
  * mm: Fix PageHead when !CONFIG_PAGEFLAGS_EXTENDED
    - LP: #1193044
  * mm: bugfix: set current->reclaim_state to NULL while returning from
    kswapd()
    - LP: #1193044
  * mm: fix invalidate_complete_page2() lock ordering
    - LP: #1193044
  * mempolicy: fix a race in shared_policy_replace()
    - LP: #1193044
  * ALSA: hda - More ALC663 fixes and support of compatible chips
    - LP: #1193044
  * ALSA: hda - Add a pin-fix for FSC Amilo Pi1505
    - LP: #1193044
  * ALSA: seq: Fix missing error handling in snd_seq_timer_open()
    - LP: #1193044
  * ALSA: ac97 - Fix missing NULL check in snd_ac97_cvol_new()
    - LP: #1193044
  * x86, ioapic: initialize nr_ioapic_registers early in
    mp_register_ioapic()
    - LP: #1193044
  * x86: Don't use the EFI reboot method by default
    - LP: #1193044
  * x86, random: make ARCH_RANDOM prompt if EMBEDDED, not EXPERT
    - LP: #1193044
  * x86/mm: Check if PUD is large when validating a kernel...

Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Raring):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Saucy):
status: New → Invalid
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers