Ubuntu

CVE-2011-1759

Reported by Andy Whitcroft on 2012-02-02
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Maverick
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-armadaxp (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Maverick
Undecided
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-ec2 (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Maverick
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-fsl-imx51 (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Maverick
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-lts-backport-maverick (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Maverick
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-lts-backport-natty (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Maverick
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Maverick
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-mvl-dove (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Maverick
Low
Unassigned
Natty
Low
Unassigned
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
linux-ti-omap4 (Ubuntu)
Low
Unassigned
Nominated for Raring by John Johansen
Hardy
Low
Unassigned
Lucid
Low
Unassigned
Maverick
Low
Andy Whitcroft
Natty
Low
Andy Whitcroft
Oneiric
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned

Bug Description

Integer overflow in the sys_oabi_semtimedop function in arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 2.6.39 on the ARM platform, when CONFIG_OABI_COMPAT is enabled, allows local users to gain privileges or cause a denial of service (heap memory corruption) by providing a crafted argument and leveraging a race condition.

Break-Fix: - 0f22072ab50cac7983f9660d33974b45184da4f9

Andy Whitcroft (apw) wrote :

CVE-2011-1759

tags: added: kernel-cve-tracking-bug
security vulnerability: no → yes
security vulnerability: no → yes
Changed in linux (Ubuntu Hardy):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
status: In Progress → Invalid
Changed in linux-ti-omap4 (Ubuntu Natty):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Changed in linux-ti-omap4 (Ubuntu Maverick):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Andy Whitcroft (apw) on 2012-02-02
Changed in linux-fsl-imx51 (Ubuntu Lucid):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Changed in linux (Ubuntu Hardy):
assignee: Andy Whitcroft (apw) → nobody
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Maverick):
status: New → Fix Committed
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
Changed in linux (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Precise):
status: New → Invalid
Changed in linux (Ubuntu Maverick):
status: New → Fix Committed
Changed in linux (Ubuntu Natty):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Maverick):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
description: updated
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Maverick):
status: New → Invalid
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance: Undecided → Low
Changed in linux (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux (Ubuntu Precise):
importance: Undecided → Low
Changed in linux (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Maverick):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-mvl-dove (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-mvl-dove (Ubuntu Maverick):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Maverick):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Natty):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Natty):
status: In Progress → Fix Committed
Andy Whitcroft (apw) on 2012-02-06
Changed in linux-fsl-imx51 (Ubuntu Lucid):
assignee: Andy Whitcroft (apw) → nobody
status: In Progress → Invalid
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ti-omap4 - 2.6.38-1209.22

---------------
linux-ti-omap4 (2.6.38-1209.22) natty-proposed; urgency=low

  * Release Tracking Bug
    - LP: #932673

  [ Upstream Kernel Changes ]

  * net: ip_expire() must revalidate route
    - LP: #922051
    - CVE-2011-1927
  * ARM: 6891/1: prevent heap corruption in OABI semtimedop
    - LP: #925373
    - CVE-2011-1759
  * Fix for buffer overflow in ldm_frag_add not sufficient
    - LP: #922371
    - CVE-2011-2182
  * oom: use pte pages in OOM score
    - LP: #922374
    - CVE-2011-2498
  * TOMOYO: Fix oops in tomoyo_mount_acl().
    - LP: #922377
    - CVE-2011-2518
  * AppArmor: fix oops in apparmor_setprocattr
    - LP: #789409
    - CVE-2011-3619
 -- Paolo Pisati <email address hidden> Mon, 20 Feb 2012 11:59:21 +0100

Changed in linux-ti-omap4 (Ubuntu Natty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ti-omap4 - 2.6.35-903.32

---------------
linux-ti-omap4 (2.6.35-903.32) maverick-proposed; urgency=low

  [Herton R. Krzesinski]

  * Release Tracking Bug
    - LP: #942766

  [ Paolo Pisati ]

  * [Config] Move to a 3G/1G memory split
    - LP: #861296

linux-ti-omap4 (2.6.35-903.31) maverick-proposed; urgency=low

  * Release Tracking Bug
    - LP: #932237

  [ Upstream Kernel Changes ]

  * net: ip_expire() must revalidate route
    - LP: #922051
    - CVE-2011-1927
  * inotify: stop kernel memory leak on file creation failure
    - LP: #917797
    - CVE-2010-4250
  * inotify: fix double free/corruption of stuct user
    - LP: #869203
    - CVE-2011-1479
  * fuse: verify ioctl retries
    - LP: #917804
    - CVE-2010-4650
  * ima: fix add LSM rule bug
    - LP: #917808
    - CVE-2011-0006
  * bridge: Fix mglist corruption that leads to memory corruption
    - LP: #917813
    - CVE-2011-0716
  * sound/oss: remove offset from load_patch callbacks
    - LP: #925337
    - CVE-2011-1476
  * ARM: 6891/1: prevent heap corruption in OABI semtimedop
    - LP: #925373
    - CVE-2011-1759
  * sound/oss/opl3: validate voice and channel indexes
    - LP: #925335
    - CVE-2011-1477
  * Fix for buffer overflow in ldm_frag_add not sufficient
    - LP: #922371
    - CVE-2011-2182
  * AppArmor: fix oops in apparmor_setprocattr
    - LP: #789409
    - CVE-2011-3619
 -- Herton Ronaldo Krzesinski <email address hidden> Tue, 28 Feb 2012 14:33:28 -0300

Changed in linux-ti-omap4 (Ubuntu Maverick):
status: Fix Committed → Fix Released
Changed in linux-mvl-dove (Ubuntu Maverick):
status: Fix Released → Invalid
Changed in linux (Ubuntu Maverick):
status: Fix Released → Invalid
Changed in linux-ti-omap4 (Ubuntu Maverick):
status: Fix Released → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: Fix Committed → Fix Released
John Johansen (jjohansen) wrote :

revert scripting error

Changed in linux (Ubuntu Maverick):
status: Invalid → Fix Released
Changed in linux-mvl-dove (Ubuntu Maverick):
status: Invalid → Fix Released
Changed in linux-ti-omap4 (Ubuntu Maverick):
status: Invalid → Fix Released
Changed in linux-armadaxp (Ubuntu Maverick):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Natty):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
importance: Undecided → Low
description: updated
Ike Panhc (ikepanhc) on 2012-09-20
Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: Fix Committed → Won't Fix
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: Fix Committed → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: Fix Committed → Won't Fix
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. oneiric has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against oneiric is being marked "Won't Fix".
Please see https://wiki.ubuntu.com/Releases for currently
supported Ubuntu releases.

Please feel free to report any other bugs you may find.

Changed in linux (Ubuntu Oneiric):
status: Fix Committed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers