kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #69017
[Bug 1335314] Re: CVE-2014-4611
CVE-2014-4611
** Also affects: linux (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: linux-fsl-imx51 (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: linux-mvl-dove (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: linux-ec2 (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: linux-ti-omap4 (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: linux-lts-backport-maverick (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: linux-lts-backport-natty (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: linux-fsl-imx51 (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: linux-mvl-dove (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: linux-ec2 (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: linux-ti-omap4 (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: linux-lts-backport-maverick (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: linux-lts-backport-natty (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Saucy)
Importance: Undecided
Status: New
** Also affects: linux-fsl-imx51 (Ubuntu Saucy)
Importance: Undecided
Status: New
** Also affects: linux-mvl-dove (Ubuntu Saucy)
Importance: Undecided
Status: New
** Also affects: linux-ec2 (Ubuntu Saucy)
Importance: Undecided
Status: New
** Also affects: linux-ti-omap4 (Ubuntu Saucy)
Importance: Undecided
Status: New
** Also affects: linux-lts-backport-maverick (Ubuntu Saucy)
Importance: Undecided
Status: New
** Also affects: linux-lts-backport-natty (Ubuntu Saucy)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: linux-fsl-imx51 (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: linux-mvl-dove (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: linux-ec2 (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: linux-ti-omap4 (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: linux-lts-backport-maverick (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: linux-lts-backport-natty (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: linux-fsl-imx51 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: linux-mvl-dove (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: linux-ec2 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: linux-ti-omap4 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: linux-lts-backport-maverick (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: linux-lts-backport-natty (Ubuntu Lucid)
Importance: Undecided
Status: New
** Changed in: linux-armadaxp (Ubuntu Saucy)
Status: New => Invalid
** Changed in: linux-armadaxp (Ubuntu Trusty)
Status: New => Invalid
** Changed in: linux-armadaxp (Ubuntu Lucid)
Status: New => Invalid
** Changed in: linux-armadaxp (Ubuntu Utopic)
Status: New => Invalid
** Changed in: linux-ec2 (Ubuntu Precise)
Status: New => Invalid
** Changed in: linux-ec2 (Ubuntu Saucy)
Status: New => Invalid
** Changed in: linux-ec2 (Ubuntu Trusty)
Status: New => Invalid
** Changed in: linux-ec2 (Ubuntu Utopic)
Status: New => Invalid
** Changed in: linux-lts-quantal (Ubuntu Saucy)
Status: New => Invalid
** Changed in: linux-lts-quantal (Ubuntu Trusty)
Status: New => Invalid
** Changed in: linux-lts-quantal (Ubuntu Lucid)
Status: New => Invalid
** Changed in: linux-lts-quantal (Ubuntu Utopic)
Status: New => Invalid
** Changed in: linux-mvl-dove (Ubuntu Precise)
Status: New => Invalid
** Changed in: linux-mvl-dove (Ubuntu Saucy)
Status: New => Invalid
** Changed in: linux-mvl-dove (Ubuntu Trusty)
Status: New => Invalid
** Changed in: linux-mvl-dove (Ubuntu Utopic)
Status: New => Invalid
** Changed in: linux-lts-saucy (Ubuntu Saucy)
Status: New => Invalid
** Changed in: linux-lts-saucy (Ubuntu Trusty)
Status: New => Invalid
** Changed in: linux-lts-saucy (Ubuntu Lucid)
Status: New => Invalid
** Changed in: linux-lts-saucy (Ubuntu Utopic)
Status: New => Invalid
** Changed in: linux-ti-omap4 (Ubuntu Trusty)
Status: New => Invalid
** Changed in: linux-ti-omap4 (Ubuntu Lucid)
Status: New => Invalid
** Changed in: linux-ti-omap4 (Ubuntu Utopic)
Status: New => Invalid
** Changed in: linux-fsl-imx51 (Ubuntu Precise)
Status: New => Invalid
** Changed in: linux-fsl-imx51 (Ubuntu Saucy)
Status: New => Invalid
** Changed in: linux-fsl-imx51 (Ubuntu Trusty)
Status: New => Invalid
** Changed in: linux-fsl-imx51 (Ubuntu Utopic)
Status: New => Invalid
** Changed in: linux-lts-raring (Ubuntu Saucy)
Status: New => Invalid
** Changed in: linux-lts-raring (Ubuntu Trusty)
Status: New => Invalid
** Changed in: linux-lts-raring (Ubuntu Lucid)
Status: New => Invalid
** Changed in: linux-lts-raring (Ubuntu Utopic)
Status: New => Invalid
** Description changed:
- Placeholder
+ All versions of the LZ4 software:https://code.google.com/p/lz4 Functions
+ Affected: lz4.c:LZ4_decompress_generic Criticality Reasoning
+ --------------------- Due to the design of the algorithm, an attacker
+ can specify any desired offset to a write pointer. The attacker can
+ instrument the write in such a way as to only write four bytes at a
+ specified offset. Subsequent code will allow the attacker to escape from
+ the decompression algorithm without further memory corruption. This may
+ allow the attacker to overwrite critical structures in memory that
+ affect flow of execution. White DoS and OOW are obvious side effects of
+ this flaw, RCE with respect to this flaw is untested. Vulnerability
+ Description ------------------------- An integer overflow can occur when
+ processing any variant of a "literal run" in the affected function.
+
+ Break-Fix: cffb78b0e0b3a30b059b27a1d97500cf6464efa9
+ 206204a1162b995e2185275167b22468c00d6b36
** Changed in: linux-armadaxp (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: linux-armadaxp (Ubuntu Saucy)
Importance: Undecided => Medium
** Changed in: linux-armadaxp (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: linux-armadaxp (Ubuntu Lucid)
Importance: Undecided => Medium
** Changed in: linux-armadaxp (Ubuntu Utopic)
Importance: Undecided => Medium
** Changed in: linux-ec2 (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: linux-ec2 (Ubuntu Saucy)
Importance: Undecided => Medium
** Changed in: linux-ec2 (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: linux-ec2 (Ubuntu Lucid)
Importance: Undecided => Medium
** Changed in: linux-ec2 (Ubuntu Utopic)
Importance: Undecided => Medium
** Changed in: linux-lts-quantal (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: linux-lts-quantal (Ubuntu Saucy)
Importance: Undecided => Medium
** Changed in: linux-lts-quantal (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: linux-lts-quantal (Ubuntu Lucid)
Importance: Undecided => Medium
** Changed in: linux-lts-quantal (Ubuntu Utopic)
Importance: Undecided => Medium
** Changed in: linux-mvl-dove (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: linux-mvl-dove (Ubuntu Saucy)
Importance: Undecided => Medium
** Changed in: linux-mvl-dove (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: linux-mvl-dove (Ubuntu Lucid)
Status: New => Invalid
** Changed in: linux-mvl-dove (Ubuntu Lucid)
Importance: Undecided => Medium
** Changed in: linux-mvl-dove (Ubuntu Utopic)
Importance: Undecided => Medium
** Changed in: linux-lts-saucy (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: linux-lts-saucy (Ubuntu Saucy)
Importance: Undecided => Medium
** Changed in: linux-lts-saucy (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: linux-lts-saucy (Ubuntu Lucid)
Importance: Undecided => Medium
** Changed in: linux-lts-saucy (Ubuntu Utopic)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Saucy)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Lucid)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Utopic)
Importance: Undecided => Medium
** Changed in: linux-ti-omap4 (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: linux-ti-omap4 (Ubuntu Saucy)
Importance: Undecided => Medium
** Changed in: linux-ti-omap4 (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: linux-ti-omap4 (Ubuntu Lucid)
Importance: Undecided => Medium
** Changed in: linux-ti-omap4 (Ubuntu Utopic)
Importance: Undecided => Medium
** Changed in: linux-fsl-imx51 (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: linux-fsl-imx51 (Ubuntu Saucy)
Importance: Undecided => Medium
** Changed in: linux-fsl-imx51 (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: linux-fsl-imx51 (Ubuntu Lucid)
Status: New => Invalid
** Changed in: linux-fsl-imx51 (Ubuntu Lucid)
Importance: Undecided => Medium
** Changed in: linux-fsl-imx51 (Ubuntu Utopic)
Importance: Undecided => Medium
** Changed in: linux-lts-raring (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: linux-lts-raring (Ubuntu Saucy)
Importance: Undecided => Medium
** Changed in: linux-lts-raring (Ubuntu Trusty)
Importance: Undecided => Medium
** Changed in: linux-lts-raring (Ubuntu Lucid)
Importance: Undecided => Medium
** Changed in: linux-lts-raring (Ubuntu Utopic)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1335314
Title:
CVE-2014-4611
Status in “linux” package in Ubuntu:
New
Status in “linux-armadaxp” package in Ubuntu:
Invalid
Status in “linux-ec2” package in Ubuntu:
Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
New
Status in “linux-lts-backport-natty” package in Ubuntu:
New
Status in “linux-lts-quantal” package in Ubuntu:
Invalid
Status in “linux-lts-raring” package in Ubuntu:
Invalid
Status in “linux-lts-saucy” package in Ubuntu:
Invalid
Status in “linux-mvl-dove” package in Ubuntu:
Invalid
Status in “linux-ti-omap4” package in Ubuntu:
Invalid
Status in “linux” source package in Lucid:
New
Status in “linux-armadaxp” source package in Lucid:
Invalid
Status in “linux-ec2” source package in Lucid:
New
Status in “linux-fsl-imx51” source package in Lucid:
Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
New
Status in “linux-lts-backport-natty” source package in Lucid:
New
Status in “linux-lts-quantal” source package in Lucid:
Invalid
Status in “linux-lts-raring” source package in Lucid:
Invalid
Status in “linux-lts-saucy” source package in Lucid:
Invalid
Status in “linux-mvl-dove” source package in Lucid:
Invalid
Status in “linux-ti-omap4” source package in Lucid:
Invalid
Status in “linux” source package in Precise:
New
Status in “linux-armadaxp” source package in Precise:
New
Status in “linux-ec2” source package in Precise:
Invalid
Status in “linux-fsl-imx51” source package in Precise:
Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
New
Status in “linux-lts-backport-natty” source package in Precise:
New
Status in “linux-lts-quantal” source package in Precise:
New
Status in “linux-lts-raring” source package in Precise:
New
Status in “linux-lts-saucy” source package in Precise:
New
Status in “linux-mvl-dove” source package in Precise:
Invalid
Status in “linux-ti-omap4” source package in Precise:
New
Status in “linux” source package in Saucy:
New
Status in “linux-armadaxp” source package in Saucy:
Invalid
Status in “linux-ec2” source package in Saucy:
Invalid
Status in “linux-fsl-imx51” source package in Saucy:
Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
New
Status in “linux-lts-backport-natty” source package in Saucy:
New
Status in “linux-lts-quantal” source package in Saucy:
Invalid
Status in “linux-lts-raring” source package in Saucy:
Invalid
Status in “linux-lts-saucy” source package in Saucy:
Invalid
Status in “linux-mvl-dove” source package in Saucy:
Invalid
Status in “linux-ti-omap4” source package in Saucy:
New
Status in “linux” source package in Trusty:
New
Status in “linux-armadaxp” source package in Trusty:
Invalid
Status in “linux-ec2” source package in Trusty:
Invalid
Status in “linux-fsl-imx51” source package in Trusty:
Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
New
Status in “linux-lts-backport-natty” source package in Trusty:
New
Status in “linux-lts-quantal” source package in Trusty:
Invalid
Status in “linux-lts-raring” source package in Trusty:
Invalid
Status in “linux-lts-saucy” source package in Trusty:
Invalid
Status in “linux-mvl-dove” source package in Trusty:
Invalid
Status in “linux-ti-omap4” source package in Trusty:
Invalid
Status in “linux” source package in Utopic:
New
Status in “linux-armadaxp” source package in Utopic:
Invalid
Status in “linux-ec2” source package in Utopic:
Invalid
Status in “linux-fsl-imx51” source package in Utopic:
Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
New
Status in “linux-lts-backport-natty” source package in Utopic:
New
Status in “linux-lts-quantal” source package in Utopic:
Invalid
Status in “linux-lts-raring” source package in Utopic:
Invalid
Status in “linux-lts-saucy” source package in Utopic:
Invalid
Status in “linux-mvl-dove” source package in Utopic:
Invalid
Status in “linux-ti-omap4” source package in Utopic:
Invalid
Bug description:
All versions of the LZ4 software:https://code.google.com/p/lz4
Functions Affected: lz4.c:LZ4_decompress_generic Criticality
Reasoning --------------------- Due to the design of the algorithm, an
attacker can specify any desired offset to a write pointer. The
attacker can instrument the write in such a way as to only write four
bytes at a specified offset. Subsequent code will allow the attacker
to escape from the decompression algorithm without further memory
corruption. This may allow the attacker to overwrite critical
structures in memory that affect flow of execution. White DoS and OOW
are obvious side effects of this flaw, RCE with respect to this flaw
is untested. Vulnerability Description ------------------------- An
integer overflow can occur when processing any variant of a "literal
run" in the affected function.
Break-Fix: cffb78b0e0b3a30b059b27a1d97500cf6464efa9
206204a1162b995e2185275167b22468c00d6b36
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1335314/+subscriptions
References
