linux: 2.6.24-29.92 -proposed tracker

Bug #812360 reported by Herton R. Krzesinski on 2011-07-18
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Kernel SRU Workflow
Canonical Hardware Certification
Herton R. Krzesinski
Ubuntu Stable Release Updates Team
Ubuntu Stable Release Updates Team
Ubuntu Stable Release Updates Team
C de-Avillez
Kees Cook
Canonical Kernel Team
linux (Ubuntu)

Bug Description

This bug is for tracking the 2.6.24-29.92 upload package. This bug will contain status and testing results releated to that upload.

For an explanation of the tasks and the associated workflow see:

kernel-stable-Prepare-package-start:Tuesday, 18. July 2011 15:31 UTC
kernel-stable-Promote-to-updates-end:Tuesday, 08. August 2011 21:40 UTC

tags: added: kernel-release-tracking-bug
Changed in linux (Ubuntu):
status: New → In Progress
importance: Undecided → Medium
Changed in kernel-sru-workflow:
status: New → In Progress
Brad Figg (brad-figg) on 2011-07-18
tags: added: hardy
Steve Conklin (sconklin) wrote :

This kernel contains only CVE fixes and therefore has no bugs to be verified

Kees Cook (kees) wrote :

Looks good, thanks!

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.24-29.92

linux (2.6.24-29.92) hardy-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #812360

  [Upstream Kernel Changes]

  * af_unix: limit unix_tot_inflight CVE-2010-4249
    - LP: #769182
    - CVE-2010-4249
  * xfs: zero proper structure size for geometry calls CVE-2011-0711
    - LP: #767740
    - CVE-2011-0711
  * netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171
    - LP: #801482
    - CVE-2011-1171
  * econet: 4 byte infoleak to the network CVE-2011-1173
    - LP: #801484
    - CVE-2011-1173
  * netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170
    - LP: #801480
  * ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172
    - LP: #801483
    - CVE-2011-1172
  * xen: don't allow blkback virtual CDROM device, CVE-2010-4238
    - LP: #803931
    - CVE-2010-4238
  * IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649
    - LP: #805512
  * ipc: initialize structure memory to zero for compat functions
    - LP: #806366
    - CVE-2010-4073
  * tcp: Increase TCP_MAXSEG socket option minimum CVE-2010-4165
    - LP: #806374
    - CVE-2010-4165
  * taskstats: don't allow duplicate entries in listener mode,
    - LP: #806390
    - CVE-2011-2484
  * netfilter: ipt_CLUSTERIP: fix buffer overflow, CVE-2011-2534
    - LP: #801473
    - CVE-2011-2534
  * nfs4: Ensure that ACL pages sent over NFS were not allocated from the
    slab (v3), CVE-2011-1090
    - LP: #800775
    - CVE-2011-1090
  * fs/partitions: Validate map_count in Mac partition tables
    - LP: #804225
    - CVE-2011-1010
 -- Herton Ronaldo Krzesinski <email address hidden> Mon, 18 Jul 2011 12:36:01 -0300

Changed in linux (Ubuntu):
status: In Progress → Fix Released
Martin Pitt (pitti) wrote :

Copied to -security/-updates

The package has been published and the bug is being set to Fix Released

Changed in kernel-sru-workflow:
status: In Progress → Fix Released
C de-Avillez (hggdh2) wrote :

Still need to run KVM on i386. Nevertheless, I got an unexpected failure on the QRT test ''. As such, I am failing QA. Bug 822967 has been opened for this error.

tags: added: qa-testing-failed
C de-Avillez (hggdh2) wrote :

I do not see the issue on KVM i386.

For completeness, on all tests I also saw this error -- which I assumed to be a coding error on QRT:

/proc/$pid/ DAC bypass on setuid (CVE-2011-1020) ... (skipped: not fixed before Oneiric yet) FAIL

FAIL: /proc/$pid/ DAC bypass on setuid (CVE-2011-1020)
Traceback (most recent call last):
  File "./", line 1339, in test_101_proc_fd_leaks
    self.assertShellOutputContains(bad[name], ['sudo','-u',os.environ['SUDO_USER'],"sh","-c","echo '' | ./ %s" % (name)], invert=expected)
  File "/home/ubuntu/qrt-test-kernel/", line 903, in assertShellOutputContains
    self.assertTrue(text in out, msg + result + report)
AssertionError: Got exit code 10. Looking for text " 0x"
Command: 'sudo', '-u', 'ubuntu', 'sh', '-c', 'echo '' | ./ syscall'
Traceback (most recent call last):
  File "./", line 37, in <module>
    files[name] = file('/proc/%d/%s' % (target, name))
IOError: [Errno 2] No such file or directory: '/proc/18730/syscall'
(current) UNIX password: passwd: Authentication failure
passwd: password unchanged
Changing password for ubuntu.

Ran 49 tests in 28.108s

FAILED (failures=1)

Kees Cook (kees) wrote :

Confirmed that the "/proc/$pid/ DAC bypass on setuid" test is broken on Hardy. I have corrected this.

Kees Cook (kees) wrote :

There were false positives and have been fixed now.

Brad Figg (brad-figg) on 2011-12-05
description: updated
Brad Figg (brad-figg) on 2011-12-05
description: updated
description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers