Ubuntu
linux-fsl-imx51 package

CVE-2013-1828

Oneiric (11.10)
Bug #1152791

Bug #1152791 reported by John Johansen on 2013-03-08

256

This bug affects 1 person

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	High	Luis Henriques
Hardy	Invalid	High	Unassigned
Lucid	Invalid	High	Unassigned
Oneiric	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Quantal	Invalid	High	Unassigned
Raring	Fix Released	High	Luis Henriques
linux-armadaxp (Ubuntu)	Invalid	High	Unassigned
Hardy	Invalid	High	Unassigned
Lucid	Invalid	High	Unassigned
Oneiric	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Quantal	Invalid	High	Unassigned
Raring	Invalid	High	Unassigned
linux-ec2 (Ubuntu)	Invalid	High	Unassigned
Hardy	Invalid	High	Unassigned
Lucid	Invalid	High	Unassigned
Oneiric	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Quantal	Invalid	High	Unassigned
Raring	Invalid	High	Unassigned
linux-fsl-imx51 (Ubuntu)	Invalid	High	Unassigned
Hardy	Invalid	High	Unassigned
Lucid	Invalid	High	Unassigned
Oneiric	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Quantal	Invalid	High	Unassigned
Raring	Invalid	High	Unassigned
linux-lts-backport-maverick (Ubuntu)	Invalid	High	Unassigned
Hardy	Invalid	High	Unassigned
Lucid	Invalid	High	Unassigned
Oneiric	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Quantal	Invalid	High	Unassigned
Raring	Invalid	High	Unassigned
linux-lts-backport-natty (Ubuntu)	Invalid	Undecided	Unassigned
Hardy	Invalid	Undecided	Unassigned
Lucid	Invalid	Undecided	Unassigned
Oneiric	Invalid	Undecided	Unassigned
Precise	Invalid	Undecided	Unassigned
Quantal	Invalid	Undecided	Unassigned
Raring	Invalid	Undecided	Unassigned
linux-lts-backport-oneiric (Ubuntu)	Invalid	High	Unassigned
Hardy	Invalid	High	Unassigned
Lucid	Invalid	High	Unassigned
Oneiric	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Quantal	Invalid	High	Unassigned
Raring	Invalid	High	Unassigned
linux-lts-quantal (Ubuntu)	Invalid	High	Unassigned
Hardy	Invalid	High	Unassigned
Lucid	Invalid	High	Unassigned
Oneiric	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Quantal	Invalid	High	Unassigned
Raring	Invalid	High	Unassigned
linux-mvl-dove (Ubuntu)	Invalid	High	Unassigned
Hardy	Invalid	High	Unassigned
Lucid	Invalid	High	Unassigned
Oneiric	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Quantal	Invalid	High	Unassigned
Raring	Invalid	High	Unassigned
linux-ti-omap4 (Ubuntu)	Fix Committed	High	Unassigned
Hardy	Invalid	High	Unassigned
Lucid	Invalid	High	Unassigned
Oneiric	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Quantal	Invalid	High	Unassigned
Raring	Won't Fix	High	Unassigned

Bug Description

The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call.

Break-Fix: 196d67593439b03088913227093e374235596e33 726bc6b092da4c093eb74d13c07184b18c1af0f1

See original description

Tags:

Related branches

lp:ubuntu/saucy/linux-ppc

CVE References

2013-1828

Revision history for this message

John Johansen (jjohansen) wrote on 2013-03-08:

CVE-2013-1828

tags:	added: kernel-cve-tracking-bug
information type:	Public → Public Security
Changed in linux-armadaxp (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-armadaxp (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Raring):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Raring):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Raring):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Raring):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Raring):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Raring):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status:	New → Invalid
description:	updated
Changed in linux-armadaxp (Ubuntu Precise):
importance:	Undecided → High
Changed in linux-armadaxp (Ubuntu Oneiric):
importance:	Undecided → High
Changed in linux-armadaxp (Ubuntu Lucid):
importance:	Undecided → High
Changed in linux-armadaxp (Ubuntu Raring):
importance:	Undecided → High
Changed in linux-armadaxp (Ubuntu Hardy):
importance:	Undecided → High
Changed in linux-armadaxp (Ubuntu Quantal):
importance:	Undecided → High
Changed in linux-ec2 (Ubuntu Precise):
importance:	Undecided → High
Changed in linux-ec2 (Ubuntu Oneiric):
importance:	Undecided → High
Changed in linux-ec2 (Ubuntu Lucid):
importance:	Undecided → High
Changed in linux-ec2 (Ubuntu Raring):
importance:	Undecided → High
Changed in linux-ec2 (Ubuntu Hardy):
importance:	Undecided → High
Changed in linux-ec2 (Ubuntu Quantal):
importance:	Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
importance:	Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
importance:	Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
importance:	Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Raring):
importance:	Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
importance:	Undecided → High
Changed in linux-lts-backport-oneiric (Ubuntu Quantal):
importance:	Undecided → High
Changed in linux-lts-quantal (Ubuntu Precise):
importance:	Undecided → High
Changed in linux-lts-quantal (Ubuntu Oneiric):
importance:	Undecided → High
Changed in linux-lts-quantal (Ubuntu Lucid):
importance:	Undecided → High
Changed in linux-lts-quantal (Ubuntu Raring):
importance:	Undecided → High
Changed in linux-lts-quantal (Ubuntu Hardy):
importance:	Undecided → High
Changed in linux-lts-quantal (Ubuntu Quantal):
importance:	Undecided → High
Changed in linux-mvl-dove (Ubuntu Precise):
importance:	Undecided → High
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance:	Undecided → High
Changed in linux-mvl-dove (Ubuntu Lucid):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-mvl-dove (Ubuntu Raring):
importance:	Undecided → High
Changed in linux-mvl-dove (Ubuntu Hardy):
importance:	Undecided → High
Changed in linux-mvl-dove (Ubuntu Quantal):
importance:	Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance:	Undecided → High

John Johansen (jjohansen) on 2013-03-08

Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance:	Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Raring):
importance:	Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance:	Undecided → High
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
importance:	Undecided → High
Changed in linux (Ubuntu Precise):
importance:	Undecided → High
Changed in linux (Ubuntu Oneiric):
importance:	Undecided → High
Changed in linux (Ubuntu Lucid):
importance:	Undecided → High
Changed in linux (Ubuntu Raring):
importance:	Undecided → High
Changed in linux (Ubuntu Hardy):
importance:	Undecided → High
Changed in linux (Ubuntu Quantal):
importance:	Undecided → High
Changed in linux-ti-omap4 (Ubuntu Precise):
importance:	Undecided → High
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance:	Undecided → High
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance:	Undecided → High
Changed in linux-ti-omap4 (Ubuntu Raring):
importance:	Undecided → High
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance:	Undecided → High
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance:	Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance:	Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance:	Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Raring):
importance:	Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance:	Undecided → High
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance:	Undecided → High

Luis Henriques (henrix) on 2013-03-11

Changed in linux (Ubuntu Raring):
assignee:	nobody → Luis Henriques (henrix)
status:	New → In Progress

John Johansen (jjohansen) on 2013-03-14

Changed in linux-armadaxp (Ubuntu Precise):
status:	New → Invalid
Changed in linux-armadaxp (Ubuntu Raring):
status:	New → Fix Committed
Changed in linux-armadaxp (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-lts-quantal (Ubuntu Precise):
status:	New → Invalid
Changed in linux (Ubuntu Precise):
status:	New → Invalid
Changed in linux (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux (Ubuntu Lucid):
status:	New → Invalid
Changed in linux (Ubuntu Raring):
status:	In Progress → Fix Committed
Changed in linux (Ubuntu Hardy):
status:	New → Invalid
Changed in linux (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Raring):
status:	New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Quantal):
status:	New → Invalid

Revision history for this message

Launchpad Janitor (janitor) wrote on 2013-03-16:

This bug was fixed in the package linux - 3.8.0-13.22

---------------
linux (3.8.0-13.22) raring; urgency=low

[ Andy Whitcroft ]

* Revert "SAUCE: fireware: add NO_MSI quirks for o2micro controller"

[ Kamal Mostafa ]

  * SAUCE: alx: use github.com/qca/alx repo
    - LP: #1154238
  * [packaging] do not use ../.$(series)-env file
  * SAUCE: Convert bnx2x firmware files to ihex format

[ Qualcomm Atheros, Inc ]

* SAUCE: alx: Update to heads/master
- LP: #1154238

[ Seth Forshee ]

* SAUCE: efivars: Allow disabling use as a pstore backend
* [Config] Re-enable CONFIG_PSTORE for x86

[ Tim Gardner ]

  * Drop efivarfs reverts in favor of 3.8.3 stable updates
    Revert "efivarfs: Validate filenames much more aggressively"
    Revert "efivarfs: guid part of filenames are case-insensitive"
  * [Config] CONFIG_I2C_ISMT=m
    - LP: #1011449
  * [Config] CONFIG_SERIAL_8250_DMA=y,CONFIG_SERIAL_8250_DW=m for x86en
    - LP: #1031162
  * Release Tracking Bug
    - LP: #1155680

[ Upstream Kernel Changes ]

  * net/sctp: Validate parameter size for SCTP_GET_ASSOC_STATS
    - LP: #1152791
    - CVE-2013-1828
  * mfd: rtsx: Implement driving adjustment to device-dependent callbacks
    - LP: #1153618
  * mfd: rtsx: Support RTS5227
    - LP: #1153618
  * mmc: rtsx: remove driving adjustment
    - LP: #1153618
  * i2c: Adding support for Intel iSMT SMBus 2.0 host controller
    - LP: #1011449
  * i2c: fix i2c-ismt.c printk format warning
    - LP: #1011449
  * serial: quatech: add the other serial identifiers and preliminary
    control code
    - LP: #1031162
  * serial: Remove RM9000 series serial driver.
    - LP: #1031162
  * serial: 8250_pci: remove __devexit usage
    - LP: #1031162
  * serial: 8250: Allow drivers to deliver capabilities
    - LP: #1031162
  * serial: 8250_dw: Don't use UPF_FIXED_TYPE
    - LP: #1031162
  * serial: 8250_dw: Map IO memory
    - LP: #1031162
  * serial: 8250_dw: Move device tree code to separate function
    - LP: #1031162
  * serial: 8250_dw: Set FIFO size dynamically
    - LP: #1031162
  * serial: 8250_dw: Add ACPI 5.0 support
    - LP: #1031162
  * serial: 8250: Add support for dmaengine
    - LP: #1031162
  * serial: 8250_dw: Enable DMA support with ACPI
    - LP: #1031162

[ Upstream Kernel Changes ]

* rebase to v3.8.3
-- Tim Gardner <email address hidden> Mon, 11 Mar 2013 06:53:51 -0600

This bug was fixed in the package linux - 3.8.0-13.22

---------------
linux (3.8.0-13.22) raring; urgency=low

[ Andy Whitcroft ]

* Revert "SAUCE: fireware: add NO_MSI quirks for o2micro controller"

[ Kamal Mostafa ]

* SAUCE: alx: use github.com/qca/alx repo
    - LP: #1154238
  * [packaging] do not use ../.$(series)-env file
  * SAUCE: Convert bnx2x firmware files to ihex format

[ Qualcomm Atheros, Inc ]

* SAUCE: alx: Update to heads/master
    - LP: #1154238

[ Seth Forshee ]

* SAUCE: efivars: Allow disabling use as a pstore backend
  * [Config] Re-enable CONFIG_PSTORE for x86

[ Tim Gardner ]

[ Upstream Kernel Changes ]

* rebase to v3.8.3
 -- Tim Gardner <tim.gardner@canonical.com>   Mon, 11 Mar 2013 06:53:51 -0600

Changed in linux (Ubuntu Raring):
status:	Fix Committed → Fix Released

John Johansen (jjohansen) on 2013-03-28

description:

updated

John Johansen (jjohansen) on 2013-04-09

Changed in linux-armadaxp (Ubuntu Raring):
status:	Fix Committed → Invalid

Jamie Strandboge (jdstrand) on 2013-05-22

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status:	New → Won't Fix

Jamie Strandboge (jdstrand) on 2013-05-22

Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Precise):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Raring):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status:	New → Invalid

Jamie Strandboge (jdstrand) on 2013-05-22

Changed in linux-lts-backport-natty (Ubuntu):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status:	Won't Fix → Invalid

Revision history for this message

Adam Conrad (adconrad) wrote on 2013-05-24: Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Jamie Strandboge (jdstrand) on 2014-04-17

Changed in linux-ti-omap4 (Ubuntu Raring):
status:	Fix Committed → Won't Fix

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux-fsl-imx51 package

CVE-2013-1828

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux-fsl-imx51 package