kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #39365
[Bug 1267075] [NEW] CVE-2013-7263
*** This bug is a security vulnerability ***
Public security bug reported:
The Linux kernel before 3.12.4 updates certain length values before
ensuring that associated data structures have been initialized, which
allows local users to obtain sensitive information from kernel stack
memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call,
related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,
net/ipv6/raw.c, and net/ipv6/udp.c.
Break-Fix: - bceaa90240b6019ed73b49965eac7d167610be69
** Affects: linux (Ubuntu)
Importance: Low
Status: New
** Affects: linux-armadaxp (Ubuntu)
Importance: Low
Status: Invalid
** Affects: linux-ec2 (Ubuntu)
Importance: Low
Status: Invalid
** Affects: linux-fsl-imx51 (Ubuntu)
Importance: Low
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu)
Importance: Low
Status: Invalid
** Affects: linux-lts-raring (Ubuntu)
Importance: Low
Status: Invalid
** Affects: linux-lts-saucy (Ubuntu)
Importance: Low
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu)
Importance: Low
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu)
Importance: Low
Status: New
** Affects: linux (Ubuntu Lucid)
Importance: Low
Status: New
** Affects: linux-armadaxp (Ubuntu Lucid)
Importance: Low
Status: Invalid
** Affects: linux-ec2 (Ubuntu Lucid)
Importance: Low
Status: New
** Affects: linux-fsl-imx51 (Ubuntu Lucid)
Importance: Low
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Lucid)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu Lucid)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu Lucid)
Importance: Low
Status: Invalid
** Affects: linux-lts-raring (Ubuntu Lucid)
Importance: Low
Status: Invalid
** Affects: linux-lts-saucy (Ubuntu Lucid)
Importance: Low
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu Lucid)
Importance: Low
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Lucid)
Importance: Low
Status: Invalid
** Affects: linux (Ubuntu Precise)
Importance: Low
Status: New
** Affects: linux-armadaxp (Ubuntu Precise)
Importance: Low
Status: New
** Affects: linux-ec2 (Ubuntu Precise)
Importance: Low
Status: Invalid
** Affects: linux-fsl-imx51 (Ubuntu Precise)
Importance: Low
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Precise)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu Precise)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu Precise)
Importance: Low
Status: New
** Affects: linux-lts-raring (Ubuntu Precise)
Importance: Low
Status: New
** Affects: linux-lts-saucy (Ubuntu Precise)
Importance: Low
Status: New
** Affects: linux-mvl-dove (Ubuntu Precise)
Importance: Low
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Precise)
Importance: Low
Status: New
** Affects: linux (Ubuntu Quantal)
Importance: Low
Status: New
** Affects: linux-armadaxp (Ubuntu Quantal)
Importance: Low
Status: New
** Affects: linux-ec2 (Ubuntu Quantal)
Importance: Low
Status: Invalid
** Affects: linux-fsl-imx51 (Ubuntu Quantal)
Importance: Low
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Quantal)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu Quantal)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu Quantal)
Importance: Low
Status: Invalid
** Affects: linux-lts-raring (Ubuntu Quantal)
Importance: Low
Status: Invalid
** Affects: linux-lts-saucy (Ubuntu Quantal)
Importance: Low
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu Quantal)
Importance: Low
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Quantal)
Importance: Low
Status: New
** Affects: linux (Ubuntu Raring)
Importance: Low
Status: New
** Affects: linux-armadaxp (Ubuntu Raring)
Importance: Low
Status: Invalid
** Affects: linux-ec2 (Ubuntu Raring)
Importance: Low
Status: Invalid
** Affects: linux-fsl-imx51 (Ubuntu Raring)
Importance: Low
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Raring)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu Raring)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu Raring)
Importance: Low
Status: Invalid
** Affects: linux-lts-raring (Ubuntu Raring)
Importance: Low
Status: Invalid
** Affects: linux-lts-saucy (Ubuntu Raring)
Importance: Low
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu Raring)
Importance: Low
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Raring)
Importance: Low
Status: New
** Affects: linux (Ubuntu Saucy)
Importance: Low
Status: New
** Affects: linux-armadaxp (Ubuntu Saucy)
Importance: Low
Status: Invalid
** Affects: linux-ec2 (Ubuntu Saucy)
Importance: Low
Status: Invalid
** Affects: linux-fsl-imx51 (Ubuntu Saucy)
Importance: Low
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Saucy)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu Saucy)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu Saucy)
Importance: Low
Status: Invalid
** Affects: linux-lts-raring (Ubuntu Saucy)
Importance: Low
Status: Invalid
** Affects: linux-lts-saucy (Ubuntu Saucy)
Importance: Low
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu Saucy)
Importance: Low
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Saucy)
Importance: Low
Status: New
** Affects: linux (Ubuntu Trusty)
Importance: Low
Status: New
** Affects: linux-armadaxp (Ubuntu Trusty)
Importance: Low
Status: Invalid
** Affects: linux-ec2 (Ubuntu Trusty)
Importance: Low
Status: Invalid
** Affects: linux-fsl-imx51 (Ubuntu Trusty)
Importance: Low
Status: Invalid
** Affects: linux-lts-backport-maverick (Ubuntu Trusty)
Importance: Undecided
Status: New
** Affects: linux-lts-backport-natty (Ubuntu Trusty)
Importance: Undecided
Status: New
** Affects: linux-lts-quantal (Ubuntu Trusty)
Importance: Low
Status: Invalid
** Affects: linux-lts-raring (Ubuntu Trusty)
Importance: Low
Status: Invalid
** Affects: linux-lts-saucy (Ubuntu Trusty)
Importance: Low
Status: Invalid
** Affects: linux-mvl-dove (Ubuntu Trusty)
Importance: Low
Status: Invalid
** Affects: linux-ti-omap4 (Ubuntu Trusty)
Importance: Low
Status: New
** Tags: kernel-cve-tracking-bug
** Tags added: kernel-cve-tracking-bug
** Information type changed from Public to Public Security
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-7263
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1267075
Title:
CVE-2013-7263
Status in “linux” package in Ubuntu:
New
Status in “linux-armadaxp” package in Ubuntu:
Invalid
Status in “linux-ec2” package in Ubuntu:
Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
New
Status in “linux-lts-backport-natty” package in Ubuntu:
New
Status in “linux-lts-quantal” package in Ubuntu:
Invalid
Status in “linux-lts-raring” package in Ubuntu:
Invalid
Status in “linux-lts-saucy” package in Ubuntu:
Invalid
Status in “linux-mvl-dove” package in Ubuntu:
Invalid
Status in “linux-ti-omap4” package in Ubuntu:
New
Status in “linux” source package in Lucid:
New
Status in “linux-armadaxp” source package in Lucid:
Invalid
Status in “linux-ec2” source package in Lucid:
New
Status in “linux-fsl-imx51” source package in Lucid:
Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
New
Status in “linux-lts-backport-natty” source package in Lucid:
New
Status in “linux-lts-quantal” source package in Lucid:
Invalid
Status in “linux-lts-raring” source package in Lucid:
Invalid
Status in “linux-lts-saucy” source package in Lucid:
Invalid
Status in “linux-mvl-dove” source package in Lucid:
Invalid
Status in “linux-ti-omap4” source package in Lucid:
Invalid
Status in “linux” source package in Precise:
New
Status in “linux-armadaxp” source package in Precise:
New
Status in “linux-ec2” source package in Precise:
Invalid
Status in “linux-fsl-imx51” source package in Precise:
Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
New
Status in “linux-lts-backport-natty” source package in Precise:
New
Status in “linux-lts-quantal” source package in Precise:
New
Status in “linux-lts-raring” source package in Precise:
New
Status in “linux-lts-saucy” source package in Precise:
New
Status in “linux-mvl-dove” source package in Precise:
Invalid
Status in “linux-ti-omap4” source package in Precise:
New
Status in “linux” source package in Quantal:
New
Status in “linux-armadaxp” source package in Quantal:
New
Status in “linux-ec2” source package in Quantal:
Invalid
Status in “linux-fsl-imx51” source package in Quantal:
Invalid
Status in “linux-lts-backport-maverick” source package in Quantal:
New
Status in “linux-lts-backport-natty” source package in Quantal:
New
Status in “linux-lts-quantal” source package in Quantal:
Invalid
Status in “linux-lts-raring” source package in Quantal:
Invalid
Status in “linux-lts-saucy” source package in Quantal:
Invalid
Status in “linux-mvl-dove” source package in Quantal:
Invalid
Status in “linux-ti-omap4” source package in Quantal:
New
Status in “linux” source package in Raring:
New
Status in “linux-armadaxp” source package in Raring:
Invalid
Status in “linux-ec2” source package in Raring:
Invalid
Status in “linux-fsl-imx51” source package in Raring:
Invalid
Status in “linux-lts-backport-maverick” source package in Raring:
New
Status in “linux-lts-backport-natty” source package in Raring:
New
Status in “linux-lts-quantal” source package in Raring:
Invalid
Status in “linux-lts-raring” source package in Raring:
Invalid
Status in “linux-lts-saucy” source package in Raring:
Invalid
Status in “linux-mvl-dove” source package in Raring:
Invalid
Status in “linux-ti-omap4” source package in Raring:
New
Status in “linux” source package in Saucy:
New
Status in “linux-armadaxp” source package in Saucy:
Invalid
Status in “linux-ec2” source package in Saucy:
Invalid
Status in “linux-fsl-imx51” source package in Saucy:
Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
New
Status in “linux-lts-backport-natty” source package in Saucy:
New
Status in “linux-lts-quantal” source package in Saucy:
Invalid
Status in “linux-lts-raring” source package in Saucy:
Invalid
Status in “linux-lts-saucy” source package in Saucy:
Invalid
Status in “linux-mvl-dove” source package in Saucy:
Invalid
Status in “linux-ti-omap4” source package in Saucy:
New
Status in “linux” source package in Trusty:
New
Status in “linux-armadaxp” source package in Trusty:
Invalid
Status in “linux-ec2” source package in Trusty:
Invalid
Status in “linux-fsl-imx51” source package in Trusty:
Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
New
Status in “linux-lts-backport-natty” source package in Trusty:
New
Status in “linux-lts-quantal” source package in Trusty:
Invalid
Status in “linux-lts-raring” source package in Trusty:
Invalid
Status in “linux-lts-saucy” source package in Trusty:
Invalid
Status in “linux-mvl-dove” source package in Trusty:
Invalid
Status in “linux-ti-omap4” source package in Trusty:
New
Bug description:
The Linux kernel before 3.12.4 updates certain length values before
ensuring that associated data structures have been initialized, which
allows local users to obtain sensitive information from kernel stack
memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call,
related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,
net/ipv6/raw.c, and net/ipv6/udp.c.
Break-Fix: - bceaa90240b6019ed73b49965eac7d167610be69
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1267075/+subscriptions
Follow ups
-
[Bug 1267075] Re: CVE-2013-7263
From: Steve Beattie, 2016-05-05
-
[Bug 1267075] Re: CVE-2013-7263
From: Steve Beattie, 2016-04-26
-
[Bug 1267075] Re: CVE-2013-7263
From: Rolf Leggewie, 2016-04-24
-
[Bug 1267075] Re: CVE-2013-7263
From: Steve Beattie, 2016-04-18
-
[Bug 1267075] Re: CVE-2013-7263
From: Steve Beattie, 2016-02-10
-
[Bug 1267075] Re: CVE-2013-7263
From: Steve Beattie, 2015-12-03
-
[Bug 1267075] Re: CVE-2013-7263
From: Steve Beattie, 2015-11-16
-
[Bug 1267075] Re: CVE-2013-7263
From: Steve Beattie, 2015-11-10
-
[Bug 1267075] Re: CVE-2013-7263
From: Steve Beattie, 2015-10-28
-
[Bug 1267075] Re: CVE-2013-7263
From: John Johansen, 2015-07-28
-
[Bug 1267075] Re: CVE-2013-7263
From: John Johansen, 2015-05-08
-
[Bug 1267075] Re: CVE-2013-7263
From: John Johansen, 2015-05-04
-
[Bug 1267075] Re: CVE-2013-7263
From: John Johansen, 2015-01-28
-
[Bug 1267075] Re: CVE-2013-7263
From: Jamie Strandboge, 2014-06-26
-
[Bug 1267075] Re: CVE-2013-7263
From: John Johansen, 2014-03-08
-
[Bug 1267075] Re: CVE-2013-7263
From: John Johansen, 2014-02-25
-
[Bug 1267075] Re: CVE-2013-7263
From: John Johansen, 2014-02-20
-
[Bug 1267075] Re: CVE-2013-7263
From: John Johansen, 2014-02-15
-
[Bug 1267075] Re: CVE-2013-7263
From: John Johansen, 2014-02-13
-
[Bug 1267075] Re: CVE-2013-7263
From: John Johansen, 2014-01-29
-
[Bug 1267075] Re: CVE-2013-7263
From: John Johansen, 2014-01-21
-
[Bug 1267075] Re: CVE-2013-7263
From: Jamie Strandboge, 2014-01-17
-
[Bug 1267075] Re: CVE-2013-7263
From: John Johansen, 2014-01-14
-
[Bug 1267075] Re: CVE-2013-7263
From: John Johansen, 2014-01-10
-
[Bug 1267075] Re: CVE-2013-7263
From: John Johansen, 2014-01-08
-
[Bug 1267075] [NEW] CVE-2013-7263
From: John Johansen, 2014-01-08
References
