Ubuntu

linux: 2.6.24-29.92 -proposed tracker

Reported by Herton R. Krzesinski on 2011-07-18
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Kernel SRU Workflow
Undecided
Unassigned
Certification-testing
Undecided
Canonical Hardware Certification
Prepare-package
Undecided
Herton R. Krzesinski
Promote-to-proposed
Undecided
Ubuntu Stable Release Updates Team
Promote-to-security
Undecided
Ubuntu Stable Release Updates Team
Promote-to-updates
Undecided
Ubuntu Stable Release Updates Team
Regression-testing
Undecided
C de-Avillez
Security-signoff
Undecided
Kees Cook
Verification-testing
Undecided
Canonical Kernel Team
linux (Ubuntu)
Medium
Unassigned

Bug Description

This bug is for tracking the 2.6.24-29.92 upload package. This bug will contain status and testing results releated to that upload.

For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

kernel-stable-Prepare-package-start:Tuesday, 18. July 2011 15:31 UTC
kernel-stable-Promote-to-updates-end:Tuesday, 08. August 2011 21:40 UTC

tags: added: kernel-release-tracking-bug
Changed in linux (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
Changed in kernel-sru-workflow:
status: New → In Progress
Brad Figg (brad-figg) on 2011-07-18
tags: added: hardy
Steve Conklin (sconklin) wrote :

This kernel contains only CVE fixes and therefore has no bugs to be verified

Kees Cook (kees) wrote :

Looks good, thanks!

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.24-29.92

---------------
linux (2.6.24-29.92) hardy-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #812360

  [Upstream Kernel Changes]

  * af_unix: limit unix_tot_inflight CVE-2010-4249
    - LP: #769182
    - CVE-2010-4249
  * xfs: zero proper structure size for geometry calls CVE-2011-0711
    - LP: #767740
    - CVE-2011-0711
  * netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171
    - LP: #801482
    - CVE-2011-1171
  * econet: 4 byte infoleak to the network CVE-2011-1173
    - LP: #801484
    - CVE-2011-1173
  * netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170
    - LP: #801480
  * ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172
    - LP: #801483
    - CVE-2011-1172
  * xen: don't allow blkback virtual CDROM device, CVE-2010-4238
    - LP: #803931
    - CVE-2010-4238
  * IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649
    - LP: #805512
  * ipc: initialize structure memory to zero for compat functions
    CVE-2010-4073
    - LP: #806366
    - CVE-2010-4073
  * tcp: Increase TCP_MAXSEG socket option minimum CVE-2010-4165
    - LP: #806374
    - CVE-2010-4165
  * taskstats: don't allow duplicate entries in listener mode,
    CVE-2011-2484
    - LP: #806390
    - CVE-2011-2484
  * netfilter: ipt_CLUSTERIP: fix buffer overflow, CVE-2011-2534
    - LP: #801473
    - CVE-2011-2534
  * nfs4: Ensure that ACL pages sent over NFS were not allocated from the
    slab (v3), CVE-2011-1090
    - LP: #800775
    - CVE-2011-1090
  * fs/partitions: Validate map_count in Mac partition tables
    - LP: #804225
    - CVE-2011-1010
 -- Herton Ronaldo Krzesinski <email address hidden> Mon, 18 Jul 2011 12:36:01 -0300

Changed in linux (Ubuntu):
status: In Progress → Fix Released
Martin Pitt (pitti) wrote :

Copied to -security/-updates

The package has been published and the bug is being set to Fix Released

Changed in kernel-sru-workflow:
status: In Progress → Fix Released
C de-Avillez (hggdh2) wrote :

Still need to run KVM on i386. Nevertheless, I got an unexpected failure on the QRT test 'test-kernel.py'. As such, I am failing QA. Bug 822967 has been opened for this error.

tags: added: qa-testing-failed
C de-Avillez (hggdh2) wrote :

I do not see the issue on KVM i386.

For completeness, on all tests I also saw this error -- which I assumed to be a coding error on QRT:

/proc/$pid/ DAC bypass on setuid (CVE-2011-1020) ... (skipped: not fixed before Oneiric yet) FAIL

======================================================================
FAIL: /proc/$pid/ DAC bypass on setuid (CVE-2011-1020)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 1339, in test_101_proc_fd_leaks
    self.assertShellOutputContains(bad[name], ['sudo','-u',os.environ['SUDO_USER'],"sh","-c","echo '' | ./dac-bypass.py %s" % (name)], invert=expected)
  File "/home/ubuntu/qrt-test-kernel/testlib.py", line 903, in assertShellOutputContains
    self.assertTrue(text in out, msg + result + report)
AssertionError: Got exit code 10. Looking for text " 0x"
Command: 'sudo', '-u', 'ubuntu', 'sh', '-c', 'echo '' | ./dac-bypass.py syscall'
Output:
Traceback (most recent call last):
  File "./dac-bypass.py", line 37, in <module>
    files[name] = file('/proc/%d/%s' % (target, name))
IOError: [Errno 2] No such file or directory: '/proc/18730/syscall'
(current) UNIX password: passwd: Authentication failure
passwd: password unchanged
Changing password for ubuntu.

----------------------------------------------------------------------
Ran 49 tests in 28.108s

FAILED (failures=1)

Kees Cook (kees) wrote :

Confirmed that the "/proc/$pid/ DAC bypass on setuid" test is broken on Hardy. I have corrected this.

Kees Cook (kees) wrote :

There were false positives and have been fixed now.

Brad Figg (brad-figg) on 2011-12-05
description: updated
Brad Figg (brad-figg) on 2011-12-05
description: updated
description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers