Ubuntu

CVE-2011-0521

Reported by Leann Ogasawara on 2011-04-20
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Dapper
Low
Leann Ogasawara
Hardy
Low
Leann Ogasawara
Karmic
Undecided
Unassigned
Lucid
Undecided
Unassigned
Maverick
Undecided
Unassigned
Natty
Undecided
Unassigned
Oneiric
Undecided
Unassigned
linux-fsl-imx51 (Ubuntu)
Undecided
Unassigned
Dapper
Undecided
Unassigned
Hardy
Undecided
Unassigned
Karmic
Undecided
Unassigned
Lucid
Undecided
Paolo Pisati
Maverick
Undecided
Unassigned
Natty
Undecided
Unassigned
Oneiric
Undecided
Unassigned
linux-lts-backport-maverick (Ubuntu)
Undecided
Unassigned
Dapper
Undecided
Unassigned
Hardy
Undecided
Unassigned
Karmic
Undecided
Unassigned
Lucid
Undecided
Unassigned
Maverick
Undecided
Unassigned
Natty
Undecided
Unassigned
Oneiric
Undecided
Unassigned
linux-mvl-dove (Ubuntu)
Undecided
Unassigned
Dapper
Undecided
Unassigned
Hardy
Undecided
Unassigned
Karmic
Undecided
Unassigned
Lucid
Undecided
Unassigned
Maverick
Undecided
Unassigned
Natty
Undecided
Unassigned
Oneiric
Undecided
Unassigned
linux-ti-omap4 (Ubuntu)
Undecided
Unassigned
Dapper
Undecided
Unassigned
Hardy
Undecided
Unassigned
Karmic
Undecided
Unassigned
Lucid
Undecided
Unassigned
Maverick
Undecided
Paolo Pisati
Natty
Undecided
Unassigned
Oneiric
Undecided
Unassigned

Bug Description

The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the
Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer
field, which allows local users to cause a denial of service (memory
corruption) or possibly have unspecified other impact via a negative value.

Marking Fix Released for Natty:

commit cb26a24ee9706473f31d34cc259f4dcf45cd0644
Author: Dan Carpenter <email address hidden>
Date: Fri Jan 7 16:41:54 2011 -0300

    [media] [v3,media] av7110: check for negative array offset

ubuntu-natty$ git describe --contains cb26a24ee9706473f31d34cc259f4dcf45cd0644
Ubuntu-2.6.38-1.27~440^2~31

security vulnerability: no → yes
description: updated
Changed in linux (Ubuntu Natty):
status: New → Fix Released

Marking Fix Committed for Maverick as the patch is applied to the master-next branch.

Changed in linux (Ubuntu Maverick):
status: New → Fix Committed

Marking Fix Committed for Lucid. Patch is in current 2.6.32-31.61 kernel in lucid-proposed.

Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Hardy):
assignee: nobody → Leann Ogasawara (leannogasawara)
importance: Undecided → Low
status: New → In Progress
Changed in linux (Ubuntu Dapper):
assignee: nobody → Leann Ogasawara (leannogasawara)
importance: Undecided → Low
status: New → In Progress
Tim Gardner (timg-tpi) on 2011-04-21
Changed in linux (Ubuntu Hardy):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Dapper):
status: In Progress → Fix Committed
Steve Conklin (sconklin) on 2011-04-25
tags: added: kernel-cve-tracking-bug
Paolo Pisati (p-pisati) on 2011-04-28
Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Maverick):
status: Fix Committed → Fix Released
Paolo Pisati (p-pisati) on 2011-04-28
Changed in linux-mvl-dove (Ubuntu):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Dapper):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Karmic):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Dapper):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Karmic):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Natty):
status: New → Fix Released
Paolo Pisati (p-pisati) on 2011-04-29
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → In Progress
Paolo Pisati (p-pisati) on 2011-04-29
Changed in linux-ti-omap4 (Ubuntu Maverick):
assignee: nobody → Paolo Pisati (p-pisati)
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.24-29.89

---------------
linux (2.6.24-29.89) hardy-proposed; urgency=low

  [ Steve Conklin ]

  * Release Tracking Bug
    - LP: #768380

  [Tim Gardner]

  * [Config] remove generated files

  [Upstream Kernel Changes]

  * econet: Fix crash in aun_incoming(). CVE-2010-4342
    - LP: #736394
    - CVE-2010-4342
  * sound: Prevent buffer overflow in OSS load_mixer_volumes, CVE-2010-4527
    - LP: #737073
    - CVE-2010-4527
  * irda: prevent integer underflow in IRLMP_ENUMDEVICES, CVE-2010-4529
    - LP: #737823
    - CVE-2010-4529
  * av7110: check for negative array offset, CVE-2011-0521
    - LP: #767526
    - CVE-2011-0521
  * xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1,
    CVE-2011-0711
    - LP: #767740
    - CVE-2011-0711
 -- Steve Conklin <email address hidden> Thu, 21 Apr 2011 09:28:26 -0500

Changed in linux (Ubuntu Hardy):
status: Fix Committed → Fix Released
Paolo Pisati (p-pisati) wrote :

karmic is EOL

Changed in linux-fsl-imx51 (Ubuntu):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Dapper):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Maverick):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Karmic):
status: New → Won't Fix
Paolo Pisati (p-pisati) on 2011-06-02
Changed in linux-fsl-imx51 (Ubuntu Lucid):
assignee: nobody → Paolo Pisati (p-pisati)
status: New → In Progress
Launchpad Janitor (janitor) wrote :
Download full text (4.2 KiB)

This bug was fixed in the package linux-fsl-imx51 - 2.6.31-609.26

---------------
linux-fsl-imx51 (2.6.31-609.26) lucid; urgency=low

  [ Paolo Pisati ]

  * Tracking bug
    - LP: #795219
  * [Config] Disable parport_pc on fsl-imx51
    - LP: #601226

  [ Upstream Kernel Changes ]

  * ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory
    - LP: #712723, #712737
  * can-bcm: fix minor heap overflow
    - LP: #710680
  * drivers/video/via/ioctl.c: prevent reading uninitialized stack memory
    - LP: #712744
  * gdth: integer overflow in ioctl
    - LP: #711797
  * inet_diag: Make sure we actually run the same bytecode we audited, CVE-2010-3880
    - LP: #711865
    - CVE-2010-3880
  * net: fix rds_iovec page count overflow, CVE-2010-3865
    - LP: #709153
    - CVE-2010-3865
  * net: packet: fix information leak to userland, CVE-2010-3876
    - LP: #711045
    - CVE-2010-3876
  * net: tipc: fix information leak to userland, CVE-2010-3877
    - LP: #711291
    - CVE-2010-3877
  * net: Truncate recvfrom and sendto length to INT_MAX.
    - LP: #708839
  * posix-cpu-timers: workaround to suppress the problems with mt exec
    - LP: #712609
  * sys_semctl: fix kernel stack leakage
    - LP: #712749
  * x25: Patch to fix bug 15678 - x25 accesses fields beyond end of packet.
    - LP: #709372
  * memory corruption in X.25 facilities parsing
    - LP: #709372
  * net: ax25: fix information leak to userland, CVE-2010-3875
    - LP: #710714
    - CVE-2010-3875
  * net: ax25: fix information leak to userland harder, CVE-2010-3875
    - LP: #710714
    - CVE-2010-3875
  * fs/partitions/ldm.c: fix oops caused by corrupted partition table, CVE-2011-1017
    - LP: #771382
    - CVE-2011-1017
  * net: clear heap allocations for privileged ethtool actions
    - LP: #771445
  * Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code
    - LP: #772543
  * Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
    - LP: #772543
  * exec: make argv/envp memory visible to oom-killer
    - LP: #768408
  * next_pidmap: fix overflow condition
    - LP: #784727
  * proc: do proper range check on readdir offset
    - LP: #784727
  * mpt2sas: prevent heap overflows and unchecked reads
    - LP: #787145
  * agp: fix arbitrary kernel memory writes
    - LP: #788684
  * can: add missing socket check in can/raw release
    - LP: #788694
  * agp: fix OOM and buffer overflow
    - LP: #788700
  * do_exit(): make sure that we run with get_fs() == USER_DS - CVE-2010-4258
    - LP: #723945
    - CVE-2010-4258
  * x25: Prevent crashing when parsing bad X.25 facilities - CVE-2010-4164
    - LP: #731199
    - CVE-2010-4164
  * install_special_mapping skips security_file_mmap check - CVE-2010-4346
    - LP: #731971
    - CVE-2010-4346
  * econet: Fix crash in aun_incoming() - CVE-2010-4342
    - LP: #736394
    - CVE-2010-4342
  * sound: Prevent buffer overflow in OSS load_mixer_volumes - CVE-2010-4527
    - LP: #737073
    - CVE-2010-4527
  * irda: prevent integer underflow in IRLMP_ENUMDEVICES, CVE-2010-4529
    - LP: #737823
    - CVE-2010-4529
  * CAN: Use inode instead of kernel address for /proc file - CVE-2010-4565
    - LP: #765007...

Read more...

Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: In Progress → Fix Released
Andy Whitcroft (apw) on 2011-07-05
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Dapper):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux (Ubuntu Karmic):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Karmic):
status: New → Invalid
Changed in linux (Ubuntu Dapper):
status: Fix Committed → Won't Fix
Changed in linux-ti-omap4 (Ubuntu Maverick):
status: In Progress → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Won't Fix
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. maverick has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against maverick is being marked "Won't Fix".
Please see https://wiki.ubuntu.com/Releases for currently
supported Ubuntu releases.

Please feel free to report any other bugs you may find.

Changed in linux-mvl-dove (Ubuntu Maverick):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers