CVE-2011-0712

Bug #768448 reported by Leann Ogasawara
264
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Low
Unassigned
Dapper
Invalid
Undecided
Unassigned
Hardy
Fix Released
Low
Leann Ogasawara
Karmic
Invalid
Undecided
Unassigned
Lucid
Fix Released
Low
Unassigned
Maverick
Fix Released
Low
Unassigned
Natty
Fix Released
Low
Unassigned
Oneiric
Fix Released
Low
Unassigned
linux-ec2 (Ubuntu)
Invalid
Low
Unassigned
Dapper
Invalid
Undecided
Unassigned
Hardy
Invalid
Low
Unassigned
Karmic
Invalid
Undecided
Unassigned
Lucid
Fix Released
Low
Unassigned
Maverick
Invalid
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
linux-fsl-imx51 (Ubuntu)
Invalid
Low
Unassigned
Dapper
Invalid
Undecided
Unassigned
Hardy
Invalid
Low
Unassigned
Karmic
Invalid
Undecided
Unassigned
Lucid
Fix Released
Low
Paolo Pisati
Maverick
Invalid
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
linux-lts-backport-maverick (Ubuntu)
Invalid
Low
Unassigned
Dapper
Invalid
Undecided
Unassigned
Hardy
Invalid
Low
Unassigned
Karmic
Invalid
Undecided
Unassigned
Lucid
Fix Released
Low
Unassigned
Maverick
Invalid
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
linux-lts-backport-natty (Ubuntu)
Invalid
Low
Unassigned
Dapper
Invalid
Undecided
Unassigned
Hardy
Invalid
Low
Unassigned
Karmic
Invalid
Undecided
Unassigned
Lucid
Invalid
Low
Unassigned
Maverick
Invalid
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
linux-mvl-dove (Ubuntu)
Invalid
Low
Unassigned
Dapper
Invalid
Undecided
Unassigned
Hardy
Invalid
Low
Unassigned
Karmic
Invalid
Undecided
Unassigned
Lucid
Fix Released
Low
Unassigned
Maverick
Fix Released
Low
Unassigned
Natty
Invalid
Low
Unassigned
Oneiric
Invalid
Low
Unassigned
linux-ti-omap4 (Ubuntu)
Invalid
Low
Unassigned
Dapper
Invalid
Undecided
Unassigned
Hardy
Invalid
Low
Unassigned
Karmic
Invalid
Undecided
Unassigned
Lucid
Invalid
Low
Unassigned
Maverick
Fix Released
Low
Paolo Pisati
Natty
Won't Fix
Low
Unassigned
Oneiric
Invalid
Low
Unassigned

Bug Description

Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c.

Break-Fix: - eaae55dac6b64c0616046436b294e69fc5311581

security vulnerability: no → yes
Revision history for this message
Leann Ogasawara (leannogasawara) wrote :

Marking Fix Released for Natty.

commit eaae55dac6b64c0616046436b294e69fc5311581
Author: Takashi Iwai <email address hidden>
Date: Mon Feb 14 22:45:59 2011 +0100

    ALSA: caiaq - Fix possible string-buffer overflow

ubuntu-natty$ git describe --contains eaae55dac6b64c0616046436b294e69fc5311581
Ubuntu-2.6.38-5.32~495^2~3

description: updated
Changed in linux (Ubuntu Natty):
status: New → Fix Released
Revision history for this message
Leann Ogasawara (leannogasawara) wrote :

Marking Fix Committed for Lucid as the patch is in the current 2.6.32-31.61 kernel in -proposed.

Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Hardy):
assignee: nobody → Leann Ogasawara (leannogasawara)
importance: Undecided → Low
status: New → In Progress
Revision history for this message
Leann Ogasawara (leannogasawara) wrote :

Marking Invalid for Dapper as 2.6.15 is not affected.

Changed in linux (Ubuntu Dapper):
status: New → Invalid
Revision history for this message
Leann Ogasawara (leannogasawara) wrote :
Revision history for this message
Leann Ogasawara (leannogasawara) wrote :

Marking Fix Committed for Maverick as the patch is in the current 2.6.35-29.51 kernel in -proposed

Changed in linux (Ubuntu Maverick):
status: New → Fix Committed
Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Hardy):
status: In Progress → Fix Committed
Paolo Pisati (p-pisati)
Changed in linux-mvl-dove (Ubuntu):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Dapper):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Karmic):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Dapper):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Karmic):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Paolo Pisati (p-pisati)
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → In Progress
Paolo Pisati (p-pisati)
Changed in linux-ti-omap4 (Ubuntu Maverick):
assignee: nobody → Paolo Pisati (p-pisati)
status: New → In Progress
Revision history for this message
Paolo Pisati (p-pisati) wrote :

karmic is EOL

Changed in linux-fsl-imx51 (Ubuntu):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Dapper):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Maverick):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Karmic):
status: New → Won't Fix
Changed in linux-fsl-imx51 (Ubuntu Lucid):
assignee: nobody → Paolo Pisati (p-pisati)
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.24-29.90

---------------
linux (2.6.24-29.90) hardy-proposed; urgency=low

  [ Herton R. Krzesinski ]

  * Release Tracking Bug
    - LP: #788843

  [Upstream Kernel Changes]

  * IB/cm: Bump reference count on cm_id before invoking callback,
    CVE-2011-0695
    - LP: #770369
    - CVE-2011-0695
  * RDMA/cma: Fix crash in request handlers, CVE-2011-0695
    - LP: #770369
    - CVE-2011-0695
  * ALSA: caiaq - Fix possible string-buffer overflow, CVE-2011-0712
    - LP: #768448
    - CVE-2011-0712
  * Treat writes as new when holes span across page boundaries,
    CVE-2011-0463
    - LP: #770483
    - CVE-2011-0463
  * net: clear heap allocations for privileged ethtool actions,
    CVE-2010-4655
    - LP: #771445
    - CVE-2010-4655
  * usb: iowarrior: don't trust report_size for buffer size, CVE-2010-4656
    - LP: #711484
    - CVE-2010-4656
  * fs/partitions/ldm.c: fix oops caused by corrupted partition table,
    CVE-2011-1017
    - LP: #771382
    - CVE-2011-1017
  * ldm: corrupted partition table can cause kernel oops, CVE-2011-1017
    - LP: #771382
    - CVE-2011-1017
  * next_pidmap: fix overflow condition, CVE-2011-1593
    - LP: #784727
    - CVE-2011-1593
  * proc: do proper range check on readdir offset, CVE-2011-1593
    - LP: #784727
    - CVE-2011-1593
 -- Herton Ronaldo Krzesinski <email address hidden> Thu, 26 May 2011 18:15:42 -0300

Changed in linux (Ubuntu Hardy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.2 KiB)

This bug was fixed in the package linux-fsl-imx51 - 2.6.31-609.26

---------------
linux-fsl-imx51 (2.6.31-609.26) lucid; urgency=low

  [ Paolo Pisati ]

  * Tracking bug
    - LP: #795219
  * [Config] Disable parport_pc on fsl-imx51
    - LP: #601226

  [ Upstream Kernel Changes ]

  * ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory
    - LP: #712723, #712737
  * can-bcm: fix minor heap overflow
    - LP: #710680
  * drivers/video/via/ioctl.c: prevent reading uninitialized stack memory
    - LP: #712744
  * gdth: integer overflow in ioctl
    - LP: #711797
  * inet_diag: Make sure we actually run the same bytecode we audited, CVE-2010-3880
    - LP: #711865
    - CVE-2010-3880
  * net: fix rds_iovec page count overflow, CVE-2010-3865
    - LP: #709153
    - CVE-2010-3865
  * net: packet: fix information leak to userland, CVE-2010-3876
    - LP: #711045
    - CVE-2010-3876
  * net: tipc: fix information leak to userland, CVE-2010-3877
    - LP: #711291
    - CVE-2010-3877
  * net: Truncate recvfrom and sendto length to INT_MAX.
    - LP: #708839
  * posix-cpu-timers: workaround to suppress the problems with mt exec
    - LP: #712609
  * sys_semctl: fix kernel stack leakage
    - LP: #712749
  * x25: Patch to fix bug 15678 - x25 accesses fields beyond end of packet.
    - LP: #709372
  * memory corruption in X.25 facilities parsing
    - LP: #709372
  * net: ax25: fix information leak to userland, CVE-2010-3875
    - LP: #710714
    - CVE-2010-3875
  * net: ax25: fix information leak to userland harder, CVE-2010-3875
    - LP: #710714
    - CVE-2010-3875
  * fs/partitions/ldm.c: fix oops caused by corrupted partition table, CVE-2011-1017
    - LP: #771382
    - CVE-2011-1017
  * net: clear heap allocations for privileged ethtool actions
    - LP: #771445
  * Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code
    - LP: #772543
  * Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
    - LP: #772543
  * exec: make argv/envp memory visible to oom-killer
    - LP: #768408
  * next_pidmap: fix overflow condition
    - LP: #784727
  * proc: do proper range check on readdir offset
    - LP: #784727
  * mpt2sas: prevent heap overflows and unchecked reads
    - LP: #787145
  * agp: fix arbitrary kernel memory writes
    - LP: #788684
  * can: add missing socket check in can/raw release
    - LP: #788694
  * agp: fix OOM and buffer overflow
    - LP: #788700
  * do_exit(): make sure that we run with get_fs() == USER_DS - CVE-2010-4258
    - LP: #723945
    - CVE-2010-4258
  * x25: Prevent crashing when parsing bad X.25 facilities - CVE-2010-4164
    - LP: #731199
    - CVE-2010-4164
  * install_special_mapping skips security_file_mmap check - CVE-2010-4346
    - LP: #731971
    - CVE-2010-4346
  * econet: Fix crash in aun_incoming() - CVE-2010-4342
    - LP: #736394
    - CVE-2010-4342
  * sound: Prevent buffer overflow in OSS load_mixer_volumes - CVE-2010-4527
    - LP: #737073
    - CVE-2010-4527
  * irda: prevent integer underflow in IRLMP_ENUMDEVICES, CVE-2010-4529
    - LP: #737823
    - CVE-2010-4529
  * CAN: Use inode instead of kernel address for /proc file - CVE-2010-4565
    - LP: #765007...

Read more...

Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: In Progress → Fix Released
Revision history for this message
Leann Ogasawara (leannogasawara) wrote : Closing unsupported series nomination.

This bug was nominated against a series that is no longer supported, ie karmic. The bug task representing the karmic nomination is being closed as Won't Fix.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu Karmic):
status: New → Won't Fix
Kees Cook (kees)
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Released
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Maverick):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Lucid):
status: In Progress → Fix Released
Changed in linux-mvl-dove (Ubuntu Maverick):
status: New → Fix Released
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Fix Released
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Maverick):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Natty):
status: New → Fix Committed
description: updated
Kees Cook (kees)
Changed in linux-ec2 (Ubuntu Dapper):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Karmic):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Dapper):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Karmic):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Dapper):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Karmic):
status: New → Invalid
Changed in linux (Ubuntu Karmic):
status: Won't Fix → Invalid
Changed in linux-fsl-imx51 (Ubuntu Karmic):
status: Won't Fix → Invalid
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Kees Cook (kees)
Changed in linux (Ubuntu Dapper):
status: Invalid → Won't Fix
Kees Cook (kees)
Changed in linux (Ubuntu Dapper):
status: Won't Fix → Invalid
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance: Undecided → Low
Changed in linux (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance: Undecided → Low
Kees Cook (kees)
Changed in linux-ti-omap4 (Ubuntu Maverick):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Natty):
status: Fix Committed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.