Ubuntu
linux package

linux: 2.6.24-29.93 -proposed tracker

Bug #823912 reported by Herton R. Krzesinski on 2011-08-10

This bug affects 1 person

	Status	Importance	Assigned to
Kernel SRU Workflow	Fix Released	Undecided	Unassigned
Certification-testing	Invalid	Undecided	Canonical Hardware Certification
Prepare-package	Fix Released	Undecided	Herton R. Krzesinski
Prepare-package-lbm	Invalid	Undecided	Canonical Kernel Team
Prepare-package-meta	Invalid	Undecided	Canonical Kernel Team
Promote-to-proposed	Fix Released	Undecided	Ubuntu Stable Release Updates Team
Promote-to-security	Fix Released	Undecided	Ubuntu Stable Release Updates Team
Promote-to-updates	Fix Released	Undecided	Ubuntu Stable Release Updates Team
Regression-testing	Fix Released	Undecided	C de-Avillez
Security-signoff	Fix Released	Undecided	Kees Cook
Verification-testing	Fix Released	Undecided	Canonical Kernel Team
linux (Ubuntu)	Fix Released	Medium	Unassigned
Hardy	Fix Released	Undecided	Unassigned

Bug Description

This bug is for tracking the 2.6.24-29.93 upload package. This bug will contain status and testing results related to that upload.

For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow
kernel-stable-Prepare-package-start: Tuesday, 08. August 2011 15:31 UTC
kernel-stable-qa-end:Thursday, 18. August 2011 13:18 UTC
kernel-stable-security-signoff-end:Thursday, 18. August 2011 13:18 UTC
kernel-stable-copy-to-proposed-end:Thursday, 18. August 2011 13:18 UTC
kernel-stable-certification-end:Thursday, 18. August 2011 13:18 UTC
kernel-stable-phase:Released
kernel-stable-phase-changed:Friday, 19. August 2011 06:15 UTC
kernel-stable-copy-to-updates-end:Friday, 19. August 2011 06:15 UTC
kernel-stable-Promote-to-proposed-end:Thursday, 18. August 2011 13:18 UTC
kernel-stable-Certification-testing-end:Thursday, 18. August 2011 13:18 UTC
kernel-stable-Promote-to-updates-end:Friday, 19. August 2011 06:15 UTC
kernel-stable-Regression-testing-end:Thursday, 18. August 2011 13:18 UTC
kernel-stable-Security-signoff-end:Thursday, 18. August 2011 13:18 UTC

See original description

Tags:

CVE References

Herton R. Krzesinski (herton) on 2011-08-10

tags:	added: kernel-release-tracking-bug
description:	updated
Changed in linux (Ubuntu):
status:	New → In Progress
importance:	Undecided → Medium
tags:	added: hardy
Changed in kernel-sru-workflow:
status:	New → In Progress

Revision history for this message

Herton R. Krzesinski (herton) wrote on 2011-08-12:

This kernel contains only CVE fixes and therefore has no bugs to be verified.

Because of this, verification is ready very early (verification week is next week, testing week is after that, from Aug 22th to Aug 26th).

Revision history for this message

Kees Cook (kees) wrote on 2011-08-13:

Looks good, thanks!

Revision history for this message

C de-Avillez (hggdh2) wrote on 2011-08-15:

No regressions observed. Please note we could not test on bare-metal (machines are being moved to new location).

Tagging qa-testing-passed.

tags:

added: qa-testing-passed

Herton R. Krzesinski (herton) on 2011-08-16

description:	updated
description:	updated
description:	updated
description:	updated
description:	updated
description:	updated

Herton R. Krzesinski (herton) on 2011-08-16

description:

updated

Revision history for this message

Herton R. Krzesinski (herton) wrote on 2011-08-16:

This update contains a fix for CVE-2011-1020 (bug 813026) which brought a regression on lucid and maverick. A similar fix was applied on hardy, so to avoid regressions lets put this update on hold, please don't publish it to -security/-updates yet. I'm marking the publishing tasks as invalid for now, and adding the tag verification-failed.

tags:

added: verification-failed

Herton R. Krzesinski (herton) on 2011-08-16

summary:

- linux: 2.6.24-29.93 -proposed tracker
+ [Regression] linux: 2.6.24-29.93 -proposed tracker

Revision history for this message

Herton R. Krzesinski (herton) wrote on 2011-08-16: promote-to-updates task not set to correct state during release test

The promote-to-updates task was not set to one of the following states during the release test:
New, Confirmed, Fix Released,
promote-to-updates task was set to state Invalid
Further processing of this bug by Workflow Manager is halted.

Changed in kernel-sru-workflow:
status:	In Progress → Incomplete

Revision history for this message

Herton R. Krzesinski (herton) wrote on 2011-08-17: Re: [Regression] linux: 2.6.24-29.93 -proposed tracker

The hardy backport for CVE-2011-1020 shouldn't introduce a regression. It is significantly different from what was applied on lucid/maverick, the problem which was introduced on lucid/maverick (which has a fix and is applied now) isn't present on hardy backport.

So this update is not on hold anymore, and can be copied to -proposed/-updates. I'm fixing the tasks/tags here.

summary:	- [Regression] linux: 2.6.24-29.93 -proposed tracker + linux: 2.6.24-29.93 -proposed tracker
tags:	removed: verification-failed
description:	updated
Changed in kernel-sru-workflow:
status:	Incomplete → In Progress

Herton R. Krzesinski (herton) on 2011-08-18

description:

updated

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-08-19:

This bug was fixed in the package linux - 2.6.24-29.93

---------------
linux (2.6.24-29.93) hardy-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #823912

[Upstream Kernel Changes]

  * close races in /proc/*/{environ,auxv}, CVE-2011-1020
    - LP: #813026
    - CVE-2011-1020
  * dccp: fix oops on Reset after close, CVE-2011-1093
    - LP: #814087
    - CVE-2011-1093
  * Bluetooth: sco: fix information leak to userspace, CVE-2011-1078
    - LP: #816542
    - CVE-2011-1078
  * Bluetooth: bnep: fix buffer overflow, CVE-2011-1079
    - LP: #816544
    - CVE-2011-1079
  * bridge: netfilter: fix information leak, CVE-2011-1080
    - LP: #816545
    - CVE-2011-1080
  * char/tpm: Fix unitialized usage of data buffer, CVE-2011-1160
    - LP: #816546
    - CVE-2011-1160
  * irda: validate peer name and attribute lengths, CVE-2011-1180
    - LP: #816547
    - CVE-2011-1180
  * rose_loopback_timer sets VC number <= ROSE_DEFAULT_MAXVC, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * ROSE: prevent heap corruption with bad facilities, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * rose: Add length checks to CALL_REQUEST parsing, CVE-2011-1493
    - LP: #816550
    - CVE-2011-1493
  * Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.
    - LP: #819569
    - CVE-2011-2492
-- Herton Ronaldo Krzesinski <email address hidden> Wed, 10 Aug 2011 10:07:45 -0300

Changed in linux (Ubuntu Hardy):
status:	New → Fix Released

Revision history for this message

Martin Pitt (pitti) wrote on 2011-08-19:

Copied to updates/security

Changed in linux (Ubuntu):
status:	In Progress → Fix Released

Revision history for this message

Herton R. Krzesinski (herton) wrote on 2011-08-19: Package Released!

The package has been published and the bug is being set to Fix Released

Changed in kernel-sru-workflow:
status:	In Progress → Fix Released
description:	updated

Steve Conklin (sconklin) on 2011-08-30

description:

updated

Brad Figg (brad-figg) on 2011-12-05

description:

updated

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

linux: 2.6.24-29.93 -proposed tracker

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package