kernel-packages team mailing list archive

Thread
Date

[Bug 720968] Re: CVE-2010-4073

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Mathew Hodson <mathew.hodson@xxxxxxxxx>
Date: Thu, 12 Feb 2015 07:10:39 -0000
Reply-to: Bug 720968 <720968@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4249

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-ti-omap4 in Ubuntu.
https://bugs.launchpad.net/bugs/720968

Title:
  CVE-2010-4073

Status in linux-mvl-dove package in Ubuntu:
  Fix Released
Status in linux-ti-omap4 package in Ubuntu:
  Invalid
Status in linux-mvl-dove source package in Lucid:
  Fix Released
Status in linux-ti-omap4 source package in Lucid:
  Invalid
Status in linux-mvl-dove source package in Maverick:
  Fix Released
Status in linux-ti-omap4 source package in Maverick:
  Won't Fix

Bug description:
  The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not
  initialize certain structures, which allows local users to obtain
  potentially sensitive information from kernel stack memory via vectors
  related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3)
  compat_sys_shmctl functions in ipc/compat.c; and the (4)
  compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in
  ipc/compat_mq.c.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-mvl-dove/+bug/720968/+subscriptions