2011-05-18 16:42:11 |
Herton R. Krzesinski |
bug |
|
|
added bug |
2011-05-18 16:42:14 |
Herton R. Krzesinski |
tags |
|
kernel-cve-tracking-bug |
|
2011-05-18 16:42:15 |
Herton R. Krzesinski |
security vulnerability |
no |
yes |
|
2011-05-18 16:42:25 |
Herton R. Krzesinski |
cve linked |
|
2011-1593 |
|
2011-05-18 16:42:33 |
Herton R. Krzesinski |
nominated for series |
|
Ubuntu Oneiric |
|
2011-05-18 16:42:35 |
Herton R. Krzesinski |
nominated for series |
|
Ubuntu Natty |
|
2011-05-18 16:42:36 |
Herton R. Krzesinski |
nominated for series |
|
Ubuntu Maverick |
|
2011-05-18 16:42:38 |
Herton R. Krzesinski |
nominated for series |
|
Ubuntu Lucid |
|
2011-05-18 16:42:40 |
Herton R. Krzesinski |
nominated for series |
|
Ubuntu Karmic |
|
2011-05-18 16:42:42 |
Herton R. Krzesinski |
nominated for series |
|
Ubuntu Hardy |
|
2011-05-18 16:42:44 |
Herton R. Krzesinski |
nominated for series |
|
Ubuntu Dapper |
|
2011-05-18 16:46:20 |
Brad Figg |
bug task added |
|
linux (Ubuntu Dapper) |
|
2011-05-18 16:46:20 |
Brad Figg |
bug task added |
|
linux-fsl-imx51 (Ubuntu Dapper) |
|
2011-05-18 16:46:20 |
Brad Figg |
bug task added |
|
linux-lts-backport-maverick (Ubuntu Dapper) |
|
2011-05-18 16:46:20 |
Brad Figg |
bug task added |
|
linux-mvl-dove (Ubuntu Dapper) |
|
2011-05-18 16:46:20 |
Brad Figg |
bug task added |
|
linux-ti-omap4 (Ubuntu Dapper) |
|
2011-05-18 16:46:39 |
Brad Figg |
bug task added |
|
linux (Ubuntu Hardy) |
|
2011-05-18 16:46:39 |
Brad Figg |
bug task added |
|
linux-fsl-imx51 (Ubuntu Hardy) |
|
2011-05-18 16:46:39 |
Brad Figg |
bug task added |
|
linux-lts-backport-maverick (Ubuntu Hardy) |
|
2011-05-18 16:46:39 |
Brad Figg |
bug task added |
|
linux-mvl-dove (Ubuntu Hardy) |
|
2011-05-18 16:46:39 |
Brad Figg |
bug task added |
|
linux-ti-omap4 (Ubuntu Hardy) |
|
2011-05-18 16:47:03 |
Brad Figg |
bug task added |
|
linux (Ubuntu Lucid) |
|
2011-05-18 16:47:03 |
Brad Figg |
bug task added |
|
linux-fsl-imx51 (Ubuntu Lucid) |
|
2011-05-18 16:47:03 |
Brad Figg |
bug task added |
|
linux-lts-backport-maverick (Ubuntu Lucid) |
|
2011-05-18 16:47:03 |
Brad Figg |
bug task added |
|
linux-mvl-dove (Ubuntu Lucid) |
|
2011-05-18 16:47:03 |
Brad Figg |
bug task added |
|
linux-ti-omap4 (Ubuntu Lucid) |
|
2011-05-18 16:47:16 |
Brad Figg |
bug task added |
|
linux (Ubuntu Maverick) |
|
2011-05-18 16:47:16 |
Brad Figg |
bug task added |
|
linux-fsl-imx51 (Ubuntu Maverick) |
|
2011-05-18 16:47:16 |
Brad Figg |
bug task added |
|
linux-lts-backport-maverick (Ubuntu Maverick) |
|
2011-05-18 16:47:16 |
Brad Figg |
bug task added |
|
linux-mvl-dove (Ubuntu Maverick) |
|
2011-05-18 16:47:16 |
Brad Figg |
bug task added |
|
linux-ti-omap4 (Ubuntu Maverick) |
|
2011-05-18 16:47:44 |
Brad Figg |
bug task added |
|
linux (Ubuntu Natty) |
|
2011-05-18 16:47:44 |
Brad Figg |
bug task added |
|
linux-fsl-imx51 (Ubuntu Natty) |
|
2011-05-18 16:47:44 |
Brad Figg |
bug task added |
|
linux-lts-backport-maverick (Ubuntu Natty) |
|
2011-05-18 16:47:44 |
Brad Figg |
bug task added |
|
linux-mvl-dove (Ubuntu Natty) |
|
2011-05-18 16:47:44 |
Brad Figg |
bug task added |
|
linux-ti-omap4 (Ubuntu Natty) |
|
2011-05-18 16:48:14 |
Brad Figg |
bug task added |
|
linux (Ubuntu Oneiric) |
|
2011-05-18 16:48:14 |
Brad Figg |
bug task added |
|
linux-fsl-imx51 (Ubuntu Oneiric) |
|
2011-05-18 16:48:14 |
Brad Figg |
bug task added |
|
linux-lts-backport-maverick (Ubuntu Oneiric) |
|
2011-05-18 16:48:14 |
Brad Figg |
bug task added |
|
linux-mvl-dove (Ubuntu Oneiric) |
|
2011-05-18 16:48:14 |
Brad Figg |
bug task added |
|
linux-ti-omap4 (Ubuntu Oneiric) |
|
2011-05-18 16:56:19 |
Herton R. Krzesinski |
description |
Placeholder |
next_pidmap: fix overflow condition
next_pidmap() just quietly accepted whatever 'last' pid that was passed
in, which is not all that safe when one of the users is /proc.
Admittedly the proc code should do some sanity checking on the range
(and that will be the next commit), but that doesn't mean that the
helper functions should just do that pidmap pointer arithmetic without
checking the range of its arguments.
So clamp 'last' to PID_MAX_LIMIT. The fact that we then do "last+1"
doesn't really matter, the for-loop does check against the end of the
pidmap array properly (it's only the actual pointer arithmetic overflow
case we need to worry about, and going one bit beyond isn't going to
overflow). |
|
2011-05-18 16:57:27 |
Herton R. Krzesinski |
description |
next_pidmap: fix overflow condition
next_pidmap() just quietly accepted whatever 'last' pid that was passed
in, which is not all that safe when one of the users is /proc.
Admittedly the proc code should do some sanity checking on the range
(and that will be the next commit), but that doesn't mean that the
helper functions should just do that pidmap pointer arithmetic without
checking the range of its arguments.
So clamp 'last' to PID_MAX_LIMIT. The fact that we then do "last+1"
doesn't really matter, the for-loop does check against the end of the
pidmap array properly (it's only the actual pointer arithmetic overflow
case we need to worry about, and going one bit beyond isn't going to
overflow). |
next_pidmap: fix overflow condition
next_pidmap() just quietly accepted whatever 'last' pid that was passed
in, which is not all that safe when one of the users is /proc.
Admittedly the proc code should do some sanity checking on the range
(and that will be the next commit), but that doesn't mean that the
helper functions should just do that pidmap pointer arithmetic without
checking the range of its arguments.
So clamp 'last' to PID_MAX_LIMIT. The fact that we then do "last+1"
doesn't really matter, the for-loop does check against the end of the
pidmap array properly (it's only the actual pointer arithmetic overflow
case we need to worry about, and going one bit beyond isn't going to
overflow).
---
proc: do proper range check on readdir offset
Rather than pass in some random truncated offset to the pid-related
functions, check that the offset is in range up-front. |
|
2011-05-18 16:59:49 |
Herton R. Krzesinski |
linux (Ubuntu Dapper): status |
New |
Invalid |
|
2011-05-18 17:00:07 |
Herton R. Krzesinski |
linux-fsl-imx51 (Ubuntu Dapper): status |
New |
Invalid |
|
2011-05-18 17:00:21 |
Herton R. Krzesinski |
linux-lts-backport-maverick (Ubuntu Dapper): status |
New |
Invalid |
|
2011-05-18 17:00:39 |
Herton R. Krzesinski |
linux-mvl-dove (Ubuntu Dapper): status |
New |
Invalid |
|
2011-05-18 17:00:53 |
Herton R. Krzesinski |
linux-ti-omap4 (Ubuntu Dapper): status |
New |
Invalid |
|
2011-05-18 19:07:11 |
Herton R. Krzesinski |
linux (Ubuntu Hardy): importance |
Undecided |
Medium |
|
2011-05-18 19:07:11 |
Herton R. Krzesinski |
linux (Ubuntu Hardy): status |
New |
In Progress |
|
2011-05-18 19:07:11 |
Herton R. Krzesinski |
linux (Ubuntu Hardy): assignee |
|
Herton R. Krzesinski (herton) |
|
2011-05-18 19:08:14 |
Herton R. Krzesinski |
linux (Ubuntu Oneiric): importance |
Undecided |
Medium |
|
2011-05-18 19:08:14 |
Herton R. Krzesinski |
linux (Ubuntu Oneiric): status |
New |
Fix Released |
|
2011-05-18 19:09:55 |
Herton R. Krzesinski |
linux (Ubuntu Lucid): importance |
Undecided |
Medium |
|
2011-05-18 19:09:55 |
Herton R. Krzesinski |
linux (Ubuntu Lucid): status |
New |
Fix Released |
|
2011-05-18 19:10:40 |
Herton R. Krzesinski |
linux (Ubuntu Maverick): importance |
Undecided |
Medium |
|
2011-05-18 19:10:40 |
Herton R. Krzesinski |
linux (Ubuntu Maverick): status |
New |
Fix Released |
|
2011-05-18 19:11:12 |
Herton R. Krzesinski |
linux (Ubuntu Natty): importance |
Undecided |
Medium |
|
2011-05-18 19:11:12 |
Herton R. Krzesinski |
linux (Ubuntu Natty): status |
New |
Fix Released |
|
2011-05-18 21:07:37 |
Herton R. Krzesinski |
attachment added |
|
next_pidmap: fix overflow condition https://bugs.launchpad.net/ubuntu/natty/+source/linux/+bug/784727/+attachment/2134163/+files/0001-next_pidmap-fix-overflow-condition-CVE-2011-1593.patch |
|
2011-05-18 21:08:09 |
Herton R. Krzesinski |
attachment added |
|
proc: do proper range check on readdir offset https://bugs.launchpad.net/ubuntu/natty/+source/linux/+bug/784727/+attachment/2134164/+files/0002-proc-do-proper-range-check-on-readdir-offset-CVE-201.patch |
|
2011-05-19 17:32:51 |
Brian Murray |
bug |
|
|
added subscriber Jeremy Foshee |
2011-05-30 15:08:09 |
Paolo Pisati |
linux-fsl-imx51 (Ubuntu Hardy): status |
New |
Invalid |
|
2011-05-30 15:08:22 |
Paolo Pisati |
linux-fsl-imx51 (Ubuntu Maverick): status |
New |
Invalid |
|
2011-05-30 15:08:57 |
Paolo Pisati |
linux-fsl-imx51 (Ubuntu Natty): status |
New |
Invalid |
|
2011-05-30 15:09:27 |
Paolo Pisati |
linux-fsl-imx51 (Ubuntu Oneiric): status |
New |
Invalid |
|
2011-05-30 15:09:53 |
Paolo Pisati |
linux-mvl-dove (Ubuntu Hardy): status |
New |
Invalid |
|
2011-05-30 15:09:57 |
Paolo Pisati |
linux-mvl-dove (Ubuntu Natty): status |
New |
Invalid |
|
2011-05-30 15:10:01 |
Paolo Pisati |
linux-mvl-dove (Ubuntu Oneiric): status |
New |
Invalid |
|
2011-05-30 15:10:30 |
Paolo Pisati |
linux-ti-omap4 (Ubuntu Hardy): status |
New |
Invalid |
|
2011-05-30 15:10:58 |
Paolo Pisati |
linux-ti-omap4 (Ubuntu Lucid): status |
New |
Invalid |
|
2011-05-30 15:15:38 |
Paolo Pisati |
linux-mvl-dove (Ubuntu Lucid): assignee |
|
Paolo Pisati (p-pisati) |
|
2011-05-30 15:15:41 |
Paolo Pisati |
linux-mvl-dove (Ubuntu Maverick): assignee |
|
Paolo Pisati (p-pisati) |
|
2011-05-30 15:21:36 |
Paolo Pisati |
linux-fsl-imx51 (Ubuntu Lucid): status |
New |
In Progress |
|
2011-05-30 15:21:36 |
Paolo Pisati |
linux-fsl-imx51 (Ubuntu Lucid): assignee |
|
Paolo Pisati (p-pisati) |
|
2011-05-30 15:24:52 |
Paolo Pisati |
linux-ti-omap4 (Ubuntu Maverick): status |
New |
In Progress |
|
2011-05-30 15:24:52 |
Paolo Pisati |
linux-ti-omap4 (Ubuntu Maverick): assignee |
|
Paolo Pisati (p-pisati) |
|
2011-05-30 15:26:59 |
Paolo Pisati |
linux-ti-omap4 (Ubuntu Oneiric): status |
New |
Fix Released |
|
2011-05-30 15:27:03 |
Paolo Pisati |
linux-ti-omap4 (Ubuntu Natty): status |
New |
Fix Released |
|
2011-06-09 19:28:35 |
Launchpad Janitor |
linux (Ubuntu Hardy): status |
In Progress |
Fix Released |
|
2011-06-09 19:28:35 |
Launchpad Janitor |
cve linked |
|
2010-4655 |
|
2011-06-09 19:28:35 |
Launchpad Janitor |
cve linked |
|
2010-4656 |
|
2011-06-09 19:28:35 |
Launchpad Janitor |
cve linked |
|
2011-0463 |
|
2011-06-09 19:28:35 |
Launchpad Janitor |
cve linked |
|
2011-0695 |
|
2011-06-09 19:28:35 |
Launchpad Janitor |
cve linked |
|
2011-0712 |
|
2011-06-09 19:28:35 |
Launchpad Janitor |
cve linked |
|
2011-1017 |
|
2011-07-05 05:13:02 |
Launchpad Janitor |
linux-fsl-imx51 (Ubuntu Lucid): status |
In Progress |
Fix Released |
|
2011-07-05 05:13:02 |
Launchpad Janitor |
cve linked |
|
2010-3865 |
|
2011-07-05 05:13:02 |
Launchpad Janitor |
cve linked |
|
2010-3875 |
|
2011-07-05 05:13:02 |
Launchpad Janitor |
cve linked |
|
2010-3876 |
|
2011-07-05 05:13:02 |
Launchpad Janitor |
cve linked |
|
2010-3877 |
|
2011-07-05 05:13:02 |
Launchpad Janitor |
cve linked |
|
2010-3880 |
|
2011-07-05 05:13:02 |
Launchpad Janitor |
cve linked |
|
2010-4076 |
|
2011-07-05 05:13:02 |
Launchpad Janitor |
cve linked |
|
2010-4077 |
|
2011-07-05 05:13:02 |
Launchpad Janitor |
cve linked |
|
2010-4164 |
|
2011-07-05 05:13:02 |
Launchpad Janitor |
cve linked |
|
2010-4258 |
|
2011-07-05 05:13:02 |
Launchpad Janitor |
cve linked |
|
2010-4342 |
|
2011-07-05 05:13:02 |
Launchpad Janitor |
cve linked |
|
2010-4346 |
|
2011-07-05 05:13:02 |
Launchpad Janitor |
cve linked |
|
2010-4527 |
|
2011-07-05 05:13:02 |
Launchpad Janitor |
cve linked |
|
2010-4529 |
|
2011-07-05 05:13:02 |
Launchpad Janitor |
cve linked |
|
2010-4565 |
|
2011-07-05 05:13:02 |
Launchpad Janitor |
cve linked |
|
2011-0521 |
|
2011-07-05 05:13:02 |
Launchpad Janitor |
cve linked |
|
2011-0711 |
|
2011-07-05 10:55:24 |
Andy Whitcroft |
linux-lts-backport-maverick (Ubuntu Maverick): status |
New |
Invalid |
|
2011-07-05 10:55:27 |
Andy Whitcroft |
linux-lts-backport-maverick (Ubuntu Natty): status |
New |
Invalid |
|
2011-07-05 10:55:29 |
Andy Whitcroft |
linux-lts-backport-maverick (Ubuntu Oneiric): status |
New |
Invalid |
|
2011-07-05 10:55:31 |
Andy Whitcroft |
linux-lts-backport-maverick (Ubuntu Hardy): status |
New |
Invalid |
|
2011-10-05 21:52:36 |
Jeremy Foshee |
removed subscriber Jeremy Foshee |
|
|
|
2013-05-21 21:27:05 |
Jamie Strandboge |
linux-ti-omap4 (Ubuntu Maverick): status |
In Progress |
Won't Fix |
|
2013-05-22 12:19:44 |
Jamie Strandboge |
linux-lts-backport-maverick (Ubuntu Lucid): status |
New |
Won't Fix |
|
2013-07-12 20:05:55 |
Jamie Strandboge |
linux-mvl-dove (Ubuntu Maverick): status |
New |
Won't Fix |
|
2015-06-17 12:09:31 |
Rolf Leggewie |
linux-mvl-dove (Ubuntu Lucid): status |
New |
Won't Fix |
|