← Back to team overview

kernel-packages team mailing list archive

[Bug 1261564] Re: CVE-2013-4587

 

This bug was fixed in the package linux-ec2 - 2.6.32-362.75

---------------
linux-ec2 (2.6.32-362.75) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-57.119
  * Release Tracking Bug
    - LP: #1281942

  [ Ubuntu: 2.6.32-57.119 ]

  * ubuntu: AUFS: fsnotify_open() now receives a file
    - LP: #1097680
    - CVE-2013-0160
  * KVM: Improve create VCPU parameter (CVE-2013-4587)
    - LP: #1261564
    - CVE-2013-4587
  * KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
    - LP: #1261566
    - CVE-2013-6367
  * xfs: underflow bug in xfs_attrlist_by_handle()
    - LP: #1256091
    - CVE-2013-6382
  * aacraid: prevent invalid pointer dereference
    - LP: #1256083
    - CVE-2013-6380
  * wireless: radiotap: fix parsing buffer overrun
    - LP: #1260622
    - CVE-2013-7027
  * net: rework recvmsg handler msg_name and msg_namelen logic
    - LP: #1267081
    - CVE-2013-7266
  * net: rose: restore old recvmsg behavior
    - LP: #1267081
    - CVE-2013-7266
  * fsnotify: pass a file instead of an inode to open, read, and write
    - LP: #1097680
    - CVE-2013-0160
  * vfs: introduce FMODE_NONOTIFY
    - LP: #1097680
    - CVE-2013-0160
  * fanotify: FMODE_NONOTIFY and __O_SYNC in sparc conflict
    - LP: #1097680
    - CVE-2013-0160
  * TTY: do not update atime/mtime on read/write
    - LP: #1097680
    - CVE-2013-0160
  * TTY: fix atime/mtime regression
    - LP: #1097680
    - CVE-2013-0160
  * tty: fix up atime/mtime mess, take three
    - LP: #1097680
    - CVE-2013-0160
  * farsync: fix info leak in ioctl
    - LP: #1271442
    - CVE-2014-1444
  * wanxl: fix info leak in ioctl
    - LP: #1271444
    - CVE-2014-1445
  * hamradio/yam: fix info leak in ioctl
    - LP: #1271445
    - CVE-2014-1446
  * SELinux: Fix kernel BUG on empty security contexts.
    - CVE-2014-1874
  * exec/ptrace: fix get_dumpable() incorrect tests
    - LP: #1260610
    - CVE-2013-2929
 -- Stefan Bader <stefan.bader@xxxxxxxxxxxxx>   Wed, 19 Feb 2014 16:51:53 +0100

** Changed in: linux-ec2 (Ubuntu Lucid)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0160

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2929

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6367

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6380

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6382

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-7027

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-7266

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1444

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1445

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1446

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1874

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1261564

Title:
  CVE-2013-4587

Status in “linux” package in Ubuntu:
  Invalid
Status in “linux-armadaxp” package in Ubuntu:
  Invalid
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
  Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
  Won't Fix
Status in “linux-lts-backport-natty” package in Ubuntu:
  Won't Fix
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-mvl-dove” package in Ubuntu:
  Invalid
Status in “linux-ti-omap4” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  Fix Committed
Status in “linux-armadaxp” source package in Lucid:
  Invalid
Status in “linux-ec2” source package in Lucid:
  Fix Released
Status in “linux-fsl-imx51” source package in Lucid:
  Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Lucid:
  Won't Fix
Status in “linux-lts-quantal” source package in Lucid:
  Invalid
Status in “linux-lts-raring” source package in Lucid:
  Invalid
Status in “linux-lts-saucy” source package in Lucid:
  Invalid
Status in “linux-mvl-dove” source package in Lucid:
  Invalid
Status in “linux-ti-omap4” source package in Lucid:
  Invalid
Status in “linux” source package in Precise:
  Fix Released
Status in “linux-armadaxp” source package in Precise:
  Fix Released
Status in “linux-ec2” source package in Precise:
  Invalid
Status in “linux-fsl-imx51” source package in Precise:
  Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Precise:
  Won't Fix
Status in “linux-lts-quantal” source package in Precise:
  Fix Committed
Status in “linux-lts-raring” source package in Precise:
  Fix Committed
Status in “linux-lts-saucy” source package in Precise:
  Fix Released
Status in “linux-mvl-dove” source package in Precise:
  Invalid
Status in “linux-ti-omap4” source package in Precise:
  Fix Released
Status in “linux” source package in Quantal:
  Fix Committed
Status in “linux-armadaxp” source package in Quantal:
  Fix Committed
Status in “linux-ec2” source package in Quantal:
  Invalid
Status in “linux-fsl-imx51” source package in Quantal:
  Invalid
Status in “linux-lts-backport-maverick” source package in Quantal:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Quantal:
  Won't Fix
Status in “linux-lts-quantal” source package in Quantal:
  Invalid
Status in “linux-lts-raring” source package in Quantal:
  Invalid
Status in “linux-lts-saucy” source package in Quantal:
  Invalid
Status in “linux-mvl-dove” source package in Quantal:
  Invalid
Status in “linux-ti-omap4” source package in Quantal:
  Fix Committed
Status in “linux-lts-backport-maverick” source package in Raring:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Raring:
  Won't Fix
Status in “linux” source package in Saucy:
  Fix Released
Status in “linux-armadaxp” source package in Saucy:
  Invalid
Status in “linux-ec2” source package in Saucy:
  Invalid
Status in “linux-fsl-imx51” source package in Saucy:
  Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Saucy:
  Won't Fix
Status in “linux-lts-quantal” source package in Saucy:
  Invalid
Status in “linux-lts-raring” source package in Saucy:
  Invalid
Status in “linux-lts-saucy” source package in Saucy:
  Invalid
Status in “linux-mvl-dove” source package in Saucy:
  Invalid
Status in “linux-ti-omap4” source package in Saucy:
  Fix Committed
Status in “linux” source package in Trusty:
  Invalid
Status in “linux-armadaxp” source package in Trusty:
  Invalid
Status in “linux-ec2” source package in Trusty:
  Invalid
Status in “linux-fsl-imx51” source package in Trusty:
  Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
  Won't Fix
Status in “linux-lts-backport-natty” source package in Trusty:
  Won't Fix
Status in “linux-lts-quantal” source package in Trusty:
  Invalid
Status in “linux-lts-raring” source package in Trusty:
  Invalid
Status in “linux-lts-saucy” source package in Trusty:
  Invalid
Status in “linux-mvl-dove” source package in Trusty:
  Invalid
Status in “linux-ti-omap4” source package in Trusty:
  Invalid

Bug description:
  Array index error in the kvm_vm_ioctl_create_vcpu function in
  virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through
  3.12.5 allows local users to gain privileges via a large id value.

  Break-Fix: - 338c7dbadd2671189cec7faf64c84d01071b3f96

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1261564/+subscriptions


References