2010-01-07 09:14:42 |
Sergio Tosti |
bug |
|
|
added bug |
2010-01-07 09:19:25 |
Sergio Tosti |
description |
According to Debian Bug #559035 latest hardy kernel amd64 version is affected from same bug.
this can be reproduced by launching
$ for ((i = 0; i <= 100000; i++)); do exim4 -bV || break; done > /dev/null; echo "last: $i"
the machine isn't affected anymore by setting
$ sudo sysctl kernel/randomize_va_space=0
so the problem is process address space randomization. Here's the commit:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=80938332d8cf652f6b16e0788cf0ca136befe0b5
Please evaluate it, it's a serious bug.
--Sergio |
According to Debian Bug 559035 ( http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559035 ) latest hardy kernel amd64 version is affected from same bug.
this can be reproduced by launching
$ for ((i = 0; i <= 100000; i++)); do exim4 -bV || break; done > /dev/null; echo "last: $i"
the machine isn't affected anymore by setting
$ sudo sysctl kernel/randomize_va_space=0
so the problem is process address space randomization. Here's the commit:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=80938332d8cf652f6b16e0788cf0ca136befe0b5
Please evaluate it, it's a serious bug.
--Sergio
|
|
2010-01-09 00:38:10 |
Tim Gardner |
nominated for series |
|
Ubuntu Hardy |
|
2010-01-09 00:38:10 |
Tim Gardner |
bug task added |
|
linux (Ubuntu Hardy) |
|
2010-01-09 00:38:48 |
Tim Gardner |
linux (Ubuntu Hardy): importance |
Undecided |
Medium |
|
2010-01-09 00:38:48 |
Tim Gardner |
linux (Ubuntu Hardy): status |
New |
In Progress |
|
2010-01-09 00:38:48 |
Tim Gardner |
linux (Ubuntu Hardy): milestone |
|
ubuntu-8.04.3 |
|
2010-01-09 00:38:48 |
Tim Gardner |
linux (Ubuntu Hardy): assignee |
|
John Johansen (jjohansen) |
|
2010-01-10 22:02:50 |
Leann Ogasawara |
tags |
|
xen |
|
2010-01-13 16:39:04 |
Andy Whitcroft |
tags |
xen |
kernel-series-unknown xen |
|
2010-02-05 10:58:43 |
Sergio Tosti |
attachment added |
|
fix_random.patch http://launchpadlibrarian.net/38790389/fix_random.patch |
|
2010-02-05 17:33:20 |
Kees Cook |
nominated for series |
|
Ubuntu Intrepid |
|
2010-02-05 17:33:20 |
Kees Cook |
bug task added |
|
linux (Ubuntu Intrepid) |
|
2010-02-05 17:33:20 |
Kees Cook |
nominated for series |
|
Ubuntu Jaunty |
|
2010-02-05 17:33:20 |
Kees Cook |
bug task added |
|
linux (Ubuntu Jaunty) |
|
2010-02-05 17:37:29 |
Kees Cook |
tags |
kernel-series-unknown xen |
|
|
2010-02-05 17:37:36 |
Kees Cook |
linux (Ubuntu Jaunty): status |
New |
Confirmed |
|
2010-02-05 17:37:43 |
Kees Cook |
linux (Ubuntu Intrepid): status |
New |
Confirmed |
|
2010-02-05 17:38:07 |
Kees Cook |
tags |
|
hardy intrepid jaunty |
|
2010-02-05 17:40:33 |
Kees Cook |
summary |
Random segfaults with linux-image-2.6.24-26-xen |
Random segfaults on amd64 (Hardy through Jaunty) |
|
2010-02-05 17:43:09 |
Kees Cook |
linux (Ubuntu Intrepid): status |
Confirmed |
Triaged |
|
2010-02-05 17:43:14 |
Kees Cook |
linux (Ubuntu Jaunty): status |
Confirmed |
Triaged |
|
2010-02-05 17:43:26 |
Kees Cook |
linux (Ubuntu Hardy): milestone |
ubuntu-8.04.3 |
|
|
2010-02-05 17:43:34 |
Kees Cook |
linux (Ubuntu Hardy): status |
In Progress |
Triaged |
|
2010-02-05 17:44:40 |
Kees Cook |
linux (Ubuntu): status |
New |
Invalid |
|
2010-02-05 17:44:45 |
Kees Cook |
linux (Ubuntu Intrepid): importance |
Undecided |
Medium |
|
2010-02-05 17:44:51 |
Kees Cook |
linux (Ubuntu Jaunty): importance |
Undecided |
Medium |
|
2010-02-05 17:44:58 |
Kees Cook |
linux (Ubuntu Hardy): assignee |
John Johansen (jjohansen) |
Leann Ogasawara (leannogasawara) |
|
2010-02-05 17:45:03 |
Kees Cook |
linux (Ubuntu Intrepid): assignee |
|
Leann Ogasawara (leannogasawara) |
|
2010-02-05 17:45:09 |
Kees Cook |
linux (Ubuntu Jaunty): assignee |
|
Leann Ogasawara (leannogasawara) |
|
2010-02-05 22:07:17 |
Benjamin Drung |
removed subscriber Ubuntu Sponsors for universe |
|
|
|
2010-02-08 20:46:36 |
Jamie Strandboge |
removed subscriber Ubuntu Security Sponsors Team |
|
|
|
2010-02-17 00:34:30 |
Leann Ogasawara |
linux (Ubuntu Hardy): assignee |
Leann Ogasawara (leannogasawara) |
Surbhi Palande (csurbhi) |
|
2010-02-17 00:34:45 |
Leann Ogasawara |
linux (Ubuntu Intrepid): assignee |
Leann Ogasawara (leannogasawara) |
Surbhi Palande (csurbhi) |
|
2010-02-17 00:34:58 |
Leann Ogasawara |
linux (Ubuntu Jaunty): assignee |
Leann Ogasawara (leannogasawara) |
Surbhi Palande (csurbhi) |
|
2010-03-04 13:17:45 |
Surbhi Palande |
linux (Ubuntu Hardy): status |
Triaged |
In Progress |
|
2010-03-04 13:17:49 |
Surbhi Palande |
linux (Ubuntu Intrepid): status |
Triaged |
In Progress |
|
2010-03-04 13:17:53 |
Surbhi Palande |
linux (Ubuntu Jaunty): status |
Triaged |
In Progress |
|
2010-03-16 23:09:36 |
Launchpad Janitor |
linux (Ubuntu Jaunty): status |
In Progress |
Fix Released |
|
2010-03-16 23:09:36 |
Launchpad Janitor |
cve linked |
|
2009-4536 |
|
2010-03-16 23:09:36 |
Launchpad Janitor |
cve linked |
|
2009-4538 |
|
2010-03-16 23:09:36 |
Launchpad Janitor |
cve linked |
|
2010-0307 |
|
2010-03-16 23:09:36 |
Launchpad Janitor |
cve linked |
|
2010-0309 |
|
2010-03-16 23:09:36 |
Launchpad Janitor |
cve linked |
|
2010-0410 |
|
2010-03-16 23:09:36 |
Launchpad Janitor |
cve linked |
|
2010-0415 |
|
2010-03-16 23:09:36 |
Launchpad Janitor |
cve linked |
|
2010-0622 |
|
2010-03-16 23:09:36 |
Launchpad Janitor |
linux (Ubuntu Intrepid): status |
In Progress |
Fix Released |
|
2010-03-16 23:09:36 |
Launchpad Janitor |
linux (Ubuntu Hardy): status |
In Progress |
Fix Released |
|
2010-03-16 23:28:17 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/dapper-security/linux-source-2.6.15 |
|
2010-03-17 00:07:18 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/dapper-updates/linux-source-2.6.15 |
|
2010-04-21 22:36:28 |
Kees Cook |
cve unlinked |
2009-4536 |
|
|
2010-04-21 22:36:50 |
Kees Cook |
cve unlinked |
2009-4538 |
|
|
2010-04-21 22:37:25 |
Kees Cook |
cve unlinked |
2010-0307 |
|
|
2010-04-21 22:38:21 |
Kees Cook |
cve unlinked |
2010-0309 |
|
|
2010-04-21 22:39:17 |
Kees Cook |
cve unlinked |
2010-0410 |
|
|
2010-04-21 22:39:34 |
Kees Cook |
cve unlinked |
2010-0415 |
|
|
2010-04-21 22:39:53 |
Kees Cook |
cve unlinked |
2010-0622 |
|
|
2010-04-21 22:44:47 |
Kees Cook |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559035 |
|
2010-04-21 22:44:47 |
Kees Cook |
bug task added |
|
linux-2.6 (Debian) |
|
2010-04-22 03:12:05 |
Bug Watch Updater |
linux-2.6 (Debian): status |
Unknown |
Fix Released |
|
2011-10-05 22:11:06 |
Jeremy Foshee |
removed subscriber Jeremy Foshee |
|
|
|