kernel-packages team mailing list archive

Thread
Date

[Bug 711855] Re: CVE-2010-4160

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Rolf Leggewie <711855@xxxxxxxxxxxxxxxxxx>
Date: Wed, 17 Jun 2015 12:09:44 -0000
Reply-to: Bug 711855 <711855@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

lucid has seen the end of its life and is no longer receiving any
updates. Marking the lucid task for this ticket as "Won't Fix".

** Changed in: linux-fsl-imx51 (Ubuntu Lucid)
       Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/711855

Title:
  CVE-2010-4160

Status in linux package in Ubuntu:
  Invalid
Status in linux-fsl-imx51 package in Ubuntu:
  Invalid
Status in linux source package in Lucid:
  Fix Released
Status in linux-fsl-imx51 source package in Lucid:
  Won't Fix
Status in linux source package in Maverick:
  Fix Released
Status in linux-fsl-imx51 source package in Maverick:
  Invalid
Status in linux source package in Natty:
  Invalid
Status in linux-fsl-imx51 source package in Natty:
  Invalid
Status in linux source package in Dapper:
  Won't Fix
Status in linux-fsl-imx51 source package in Dapper:
  Invalid
Status in linux source package in Hardy:
  Fix Released
Status in linux-fsl-imx51 source package in Hardy:
  Invalid
Status in linux source package in Karmic:
  Fix Released
Status in linux-fsl-imx51 source package in Karmic:
  Won't Fix

Bug description:
  Multiple integer overflows in the (1) pppol2tp_sendmsg function in
  net/l2tp/l2tp_ppp.c, and the (2) l2tp_ip_sendmsg function in
  net/l2tp/l2tp_ip.c, in the PPPoL2TP and IPoL2TP implementations in the
  Linux kernel before 2.6.36.2 allow local users to cause a denial of service
  (heap memory corruption and panic) or possibly gain privileges via a
  crafted sendto call.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/711855/+subscriptions