kernel-packages team mailing list archive

Thread
Date

[Bug 709372] Re: CVE-2010-3873

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Mathew Hodson <mathew.hodson@xxxxxxxxx>
Date: Thu, 12 Feb 2015 07:08:29 -0000
Reply-to: Bug 709372 <709372@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4249

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/709372

Title:
  CVE-2010-3873

Status in linux package in Ubuntu:
  Fix Released
Status in linux-fsl-imx51 package in Ubuntu:
  Invalid
Status in linux-ti-omap4 package in Ubuntu:
  Invalid
Status in linux source package in Lucid:
  Fix Released
Status in linux-fsl-imx51 source package in Lucid:
  Fix Released
Status in linux-ti-omap4 source package in Lucid:
  Invalid
Status in linux source package in Maverick:
  Fix Released
Status in linux-fsl-imx51 source package in Maverick:
  Invalid
Status in linux-ti-omap4 source package in Maverick:
  Fix Released
Status in linux source package in Natty:
  Fix Released
Status in linux-fsl-imx51 source package in Natty:
  Invalid
Status in linux-ti-omap4 source package in Natty:
  Invalid
Status in linux source package in Dapper:
  Fix Released
Status in linux-fsl-imx51 source package in Dapper:
  Invalid
Status in linux-ti-omap4 source package in Dapper:
  Invalid
Status in linux source package in Hardy:
  Fix Released
Status in linux-fsl-imx51 source package in Hardy:
  Invalid
Status in linux-ti-omap4 source package in Hardy:
  Invalid
Status in linux source package in Karmic:
  Fix Released
Status in linux-fsl-imx51 source package in Karmic:
  Won't Fix
Status in linux-ti-omap4 source package in Karmic:
  Invalid

Bug description:
  The X.25 implementation in the Linux kernel before 2.6.36.2 does not
  properly parse facilities, which allows remote attackers to cause a denial
  of service (heap memory corruption and panic) or possibly have unspecified
  other impact via malformed (1) X25_FAC_CALLING_AE or (2) X25_FAC_CALLED_AE
  data, related to net/x25/x25_facilities.c and net/x25/x25_in.c, a different
  vulnerability than CVE-2010-4164.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/709372/+subscriptions