CVE-2011-1927

Bug #922051 reported by Andy Whitcroft on 2012-01-26
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
High
Unassigned
Hardy
High
Unassigned
Lucid
High
Unassigned
Maverick
High
Andy Whitcroft
Natty
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned
linux-ec2 (Ubuntu)
High
Unassigned
Hardy
High
Unassigned
Lucid
High
Unassigned
Maverick
High
Unassigned
Natty
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned
linux-fsl-imx51 (Ubuntu)
High
Unassigned
Hardy
High
Unassigned
Lucid
High
Unassigned
Maverick
High
Unassigned
Natty
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned
linux-lts-backport-maverick (Ubuntu)
High
Unassigned
Hardy
High
Unassigned
Lucid
High
Unassigned
Maverick
High
Unassigned
Natty
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned
linux-lts-backport-natty (Ubuntu)
High
Unassigned
Hardy
High
Unassigned
Lucid
High
Unassigned
Maverick
High
Unassigned
Natty
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned
linux-lts-backport-oneiric (Ubuntu)
High
Unassigned
Hardy
High
Unassigned
Lucid
High
Unassigned
Maverick
High
Unassigned
Natty
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned
linux-mvl-dove (Ubuntu)
High
Unassigned
Hardy
High
Unassigned
Lucid
High
Unassigned
Maverick
High
Unassigned
Natty
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned
linux-ti-omap4 (Ubuntu)
High
Unassigned
Hardy
High
Unassigned
Lucid
High
Unassigned
Maverick
High
Unassigned
Natty
High
Unassigned
Oneiric
High
Unassigned
Precise
High
Unassigned

Bug Description

In function icmp_send() (net/ipv4/icmp.c), the parameter passed to dev_net() function is not properly validated. This can lead to a NULL pointer dereference that crashes the kernel.

Break-Fix: 4a94445c9a5cf5461fb41d80040033b9a8e2a85a 64f3b9e203bd06855072e295557dca1485a2ecba

Andy Whitcroft (apw) wrote :

CVE-2011-1927

tags: added: kernel-cve-tracking-bug
security vulnerability: no → yes
security vulnerability: no → yes
Changed in linux (Ubuntu Maverick):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Maverick):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
Changed in linux (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux (Ubuntu Lucid):
status: New → Invalid
Changed in linux (Ubuntu Precise):
status: New → Invalid
Changed in linux (Ubuntu Hardy):
status: New → Invalid
Changed in linux (Ubuntu Natty):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Maverick):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
description: updated
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Maverick):
status: New → Invalid
importance: Undecided → High
Changed in linux-ec2 (Ubuntu Natty):
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Maverick):
importance: Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
importance: Undecided → High
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-lts-backport-natty (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-backport-natty (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-lts-backport-natty (Ubuntu Maverick):
importance: Undecided → High
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Maverick):
importance: Undecided → High
Changed in linux-mvl-dove (Ubuntu Natty):
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance: Undecided → High
Changed in linux (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux (Ubuntu Lucid):
importance: Undecided → High
Changed in linux (Ubuntu Precise):
importance: Undecided → High
Changed in linux (Ubuntu Hardy):
importance: Undecided → High
Changed in linux (Ubuntu Maverick):
importance: Undecided → High
Changed in linux (Ubuntu Natty):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Maverick):
importance: Undecided → High
Changed in linux-ti-omap4 (Ubuntu Natty):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Lucid):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Maverick):
importance: Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance: Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Maverick):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Natty):
status: New → Fix Committed
Changed in linux (Ubuntu Natty):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.35-32.66

---------------
linux (2.6.35-32.66) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #931600

  [ Upstream Kernel Changes ]

  * net: ip_expire() must revalidate route
    - LP: #922051
    - CVE-2011-1927
  * bridge: Fix mglist corruption that leads to memory corruption
    - LP: #917813
    - CVE-2011-0716
  * AppArmor: fix oops in apparmor_setprocattr
    - LP: #789409
    - CVE-2011-3619
 -- Herton Ronaldo Krzesinski <email address hidden> Mon, 13 Feb 2012 16:46:42 -0200

Changed in linux (Ubuntu Maverick):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (18.0 KiB)

This bug was fixed in the package linux-lts-backport-maverick - 2.6.35-32.66~lucid1

---------------
linux-lts-backport-maverick (2.6.35-32.66~lucid1) lucid-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #931795

  [ Upstream Kernel Changes ]

  * net: ip_expire() must revalidate route
    - LP: #922051
    - CVE-2011-1927
  * bridge: Fix mglist corruption that leads to memory corruption
    - LP: #917813
    - CVE-2011-0716
  * AppArmor: fix oops in apparmor_setprocattr
    - LP: #789409
    - CVE-2011-3619

linux (2.6.35-32.65) maverick-proposed; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #920677

  [ Upstream Kernel Changes ]

  * fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message, CVE-2011-3353
    - LP: #905058
    - CVE-2011-3353
  * KVM: x86: Prevent starting PIT timers in the absence of irqchip support
    - LP: #911303
    - CVE-2011-4622
  * sched, x86: Avoid unnecessary overflow in sched_clock
    - LP: #805341
  * use cache type functions for arch_get_unmapped_area
    - LP: #861296
  * topdown mmap support
    - LP: #861296
  * xfs: validate acl count
    - LP: #917706
    - CVE-2012-0038
  * xfs: fix acl count validation in xfs_acl_from_disk()
    - LP: #917706
    - CVE-2012-0038
  * drm: integer overflow in drm_mode_dirtyfb_ioctl()
    - LP: #917838
    - CVE-2012-0044
  * x86/PCI: amd: factor out MMCONFIG discovery
    - LP: #647043
  * PNP: work around Dell 1536/1546 BIOS MMCONFIG bug that breaks USB
    - LP: #647043

linux (2.6.35-32.64) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #910919

  [ Seth Forshee ]

  * SAUCE: dell-wmi: Demote unknown WMI event message to pr_debug
    - LP: #581312

  [ Upstream Kernel Changes ]

  * Revert "Revert "xen: set max_pfn_mapped to the last pfn mapped""
    - LP: #898139
  * Revert "core: Fix memory leak/corruption on VLAN GRO_DROP,
    CVE-2011-1576"
    - LP: #844361
  * kbuild: Disable -Wunused-but-set-variable for gcc 4.6.0
    - LP: #898139
  * kbuild: Fix passing -Wno-* options to gcc 4.4+
    - LP: #898139
  * maintainer
    - LP: #898139
  * Remove the old V4L1 v4lgrab.c file
    - LP: #898139
  * i8k: Tell gcc that *regs gets clobbered
    - LP: #898139
  * Fix gcc 4.5.1 miscompiling drivers/char/i8k.c (again)
    - LP: #898139
  * USB: serial/usb_wwan, fix tty NULL dereference
    - LP: #898139
  * ipv6: add special mode accept_ra=2 to accept RA while configured as
    router
    - LP: #898139
  * set memory ranges in N_NORMAL_MEMORY when onlined
    - LP: #898139
  * FLEXCOP-PCI: fix __xlate_proc_name-warning for flexcop-pci
    - LP: #898139
  * m68k/mm: Set all online nodes in N_NORMAL_MEMORY
    - LP: #898139
  * nfs: don't lose MS_SYNCHRONOUS on remount of noac mount
    - LP: #898139
  * NFSv4.1: Ensure state manager thread dies on last umount
    - LP: #898139
  * Input: xen-kbdfront - fix mouse getting stuck after save/restore
    - LP: #898139
  * pmcraid: reject negative request size
    - LP: #898139
  * mmc: sdhci-pci: Fix error case in sdhci_pci_probe_slot()
    - LP: #898139
  * mmc: sdhci: Check mrq->cmd in sdhci_tasklet_finish
    - LP: #898139
  * mmc: sdhci: Check...

Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ti-omap4 - 2.6.38-1209.22

---------------
linux-ti-omap4 (2.6.38-1209.22) natty-proposed; urgency=low

  * Release Tracking Bug
    - LP: #932673

  [ Upstream Kernel Changes ]

  * net: ip_expire() must revalidate route
    - LP: #922051
    - CVE-2011-1927
  * ARM: 6891/1: prevent heap corruption in OABI semtimedop
    - LP: #925373
    - CVE-2011-1759
  * Fix for buffer overflow in ldm_frag_add not sufficient
    - LP: #922371
    - CVE-2011-2182
  * oom: use pte pages in OOM score
    - LP: #922374
    - CVE-2011-2498
  * TOMOYO: Fix oops in tomoyo_mount_acl().
    - LP: #922377
    - CVE-2011-2518
  * AppArmor: fix oops in apparmor_setprocattr
    - LP: #789409
    - CVE-2011-3619
 -- Paolo Pisati <email address hidden> Mon, 20 Feb 2012 11:59:21 +0100

Changed in linux-ti-omap4 (Ubuntu Natty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ti-omap4 - 2.6.35-903.32

---------------
linux-ti-omap4 (2.6.35-903.32) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #942766

  [ Paolo Pisati ]

  * [Config] Move to a 3G/1G memory split
    - LP: #861296

linux-ti-omap4 (2.6.35-903.31) maverick-proposed; urgency=low

  * Release Tracking Bug
    - LP: #932237

  [ Upstream Kernel Changes ]

  * net: ip_expire() must revalidate route
    - LP: #922051
    - CVE-2011-1927
  * inotify: stop kernel memory leak on file creation failure
    - LP: #917797
    - CVE-2010-4250
  * inotify: fix double free/corruption of stuct user
    - LP: #869203
    - CVE-2011-1479
  * fuse: verify ioctl retries
    - LP: #917804
    - CVE-2010-4650
  * ima: fix add LSM rule bug
    - LP: #917808
    - CVE-2011-0006
  * bridge: Fix mglist corruption that leads to memory corruption
    - LP: #917813
    - CVE-2011-0716
  * sound/oss: remove offset from load_patch callbacks
    - LP: #925337
    - CVE-2011-1476
  * ARM: 6891/1: prevent heap corruption in OABI semtimedop
    - LP: #925373
    - CVE-2011-1759
  * sound/oss/opl3: validate voice and channel indexes
    - LP: #925335
    - CVE-2011-1477
  * Fix for buffer overflow in ldm_frag_add not sufficient
    - LP: #922371
    - CVE-2011-2182
  * AppArmor: fix oops in apparmor_setprocattr
    - LP: #789409
    - CVE-2011-3619
 -- Herton Ronaldo Krzesinski <email address hidden> Tue, 28 Feb 2012 14:33:28 -0300

Changed in linux-ti-omap4 (Ubuntu Maverick):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers