kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #69316
[Bug 1335314] Re: CVE-2014-4611
** Changed in: linux-armadaxp (Ubuntu Precise)
Status: New => Invalid
** Changed in: linux-ec2 (Ubuntu Lucid)
Status: New => Invalid
** Changed in: linux-lts-quantal (Ubuntu Precise)
Status: New => Invalid
** Changed in: linux (Ubuntu Precise)
Status: New => Invalid
** Changed in: linux (Ubuntu Lucid)
Status: New => Invalid
** Changed in: linux (Ubuntu Utopic)
Status: New => Fix Committed
** Changed in: linux-ti-omap4 (Ubuntu Precise)
Status: New => Invalid
** Changed in: linux-ti-omap4 (Ubuntu Saucy)
Status: New => Invalid
** Changed in: linux-lts-raring (Ubuntu Precise)
Status: New => Invalid
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1335314
Title:
CVE-2014-4611
Status in “linux” package in Ubuntu:
Fix Committed
Status in “linux-armadaxp” package in Ubuntu:
Invalid
Status in “linux-ec2” package in Ubuntu:
Invalid
Status in “linux-fsl-imx51” package in Ubuntu:
Invalid
Status in “linux-lts-backport-maverick” package in Ubuntu:
New
Status in “linux-lts-backport-natty” package in Ubuntu:
New
Status in “linux-lts-quantal” package in Ubuntu:
Invalid
Status in “linux-lts-raring” package in Ubuntu:
Invalid
Status in “linux-lts-saucy” package in Ubuntu:
Invalid
Status in “linux-mvl-dove” package in Ubuntu:
Invalid
Status in “linux-ti-omap4” package in Ubuntu:
Invalid
Status in “linux” source package in Lucid:
Invalid
Status in “linux-armadaxp” source package in Lucid:
Invalid
Status in “linux-ec2” source package in Lucid:
Invalid
Status in “linux-fsl-imx51” source package in Lucid:
Invalid
Status in “linux-lts-backport-maverick” source package in Lucid:
New
Status in “linux-lts-backport-natty” source package in Lucid:
New
Status in “linux-lts-quantal” source package in Lucid:
Invalid
Status in “linux-lts-raring” source package in Lucid:
Invalid
Status in “linux-lts-saucy” source package in Lucid:
Invalid
Status in “linux-mvl-dove” source package in Lucid:
Invalid
Status in “linux-ti-omap4” source package in Lucid:
Invalid
Status in “linux” source package in Precise:
Invalid
Status in “linux-armadaxp” source package in Precise:
Invalid
Status in “linux-ec2” source package in Precise:
Invalid
Status in “linux-fsl-imx51” source package in Precise:
Invalid
Status in “linux-lts-backport-maverick” source package in Precise:
New
Status in “linux-lts-backport-natty” source package in Precise:
New
Status in “linux-lts-quantal” source package in Precise:
Invalid
Status in “linux-lts-raring” source package in Precise:
Invalid
Status in “linux-lts-saucy” source package in Precise:
New
Status in “linux-mvl-dove” source package in Precise:
Invalid
Status in “linux-ti-omap4” source package in Precise:
Invalid
Status in “linux” source package in Saucy:
New
Status in “linux-armadaxp” source package in Saucy:
Invalid
Status in “linux-ec2” source package in Saucy:
Invalid
Status in “linux-fsl-imx51” source package in Saucy:
Invalid
Status in “linux-lts-backport-maverick” source package in Saucy:
New
Status in “linux-lts-backport-natty” source package in Saucy:
New
Status in “linux-lts-quantal” source package in Saucy:
Invalid
Status in “linux-lts-raring” source package in Saucy:
Invalid
Status in “linux-lts-saucy” source package in Saucy:
Invalid
Status in “linux-mvl-dove” source package in Saucy:
Invalid
Status in “linux-ti-omap4” source package in Saucy:
Invalid
Status in “linux” source package in Trusty:
New
Status in “linux-armadaxp” source package in Trusty:
Invalid
Status in “linux-ec2” source package in Trusty:
Invalid
Status in “linux-fsl-imx51” source package in Trusty:
Invalid
Status in “linux-lts-backport-maverick” source package in Trusty:
New
Status in “linux-lts-backport-natty” source package in Trusty:
New
Status in “linux-lts-quantal” source package in Trusty:
Invalid
Status in “linux-lts-raring” source package in Trusty:
Invalid
Status in “linux-lts-saucy” source package in Trusty:
Invalid
Status in “linux-mvl-dove” source package in Trusty:
Invalid
Status in “linux-ti-omap4” source package in Trusty:
Invalid
Status in “linux” source package in Utopic:
Fix Committed
Status in “linux-armadaxp” source package in Utopic:
Invalid
Status in “linux-ec2” source package in Utopic:
Invalid
Status in “linux-fsl-imx51” source package in Utopic:
Invalid
Status in “linux-lts-backport-maverick” source package in Utopic:
New
Status in “linux-lts-backport-natty” source package in Utopic:
New
Status in “linux-lts-quantal” source package in Utopic:
Invalid
Status in “linux-lts-raring” source package in Utopic:
Invalid
Status in “linux-lts-saucy” source package in Utopic:
Invalid
Status in “linux-mvl-dove” source package in Utopic:
Invalid
Status in “linux-ti-omap4” source package in Utopic:
Invalid
Bug description:
All versions of the LZ4 software:https://code.google.com/p/lz4
Functions Affected: lz4.c:LZ4_decompress_generic Criticality
Reasoning --------------------- Due to the design of the algorithm, an
attacker can specify any desired offset to a write pointer. The
attacker can instrument the write in such a way as to only write four
bytes at a specified offset. Subsequent code will allow the attacker
to escape from the decompression algorithm without further memory
corruption. This may allow the attacker to overwrite critical
structures in memory that affect flow of execution. White DoS and OOW
are obvious side effects of this flaw, RCE with respect to this flaw
is untested. Vulnerability Description ------------------------- An
integer overflow can occur when processing any variant of a "literal
run" in the affected function.
Break-Fix: cffb78b0e0b3a30b059b27a1d97500cf6464efa9
206204a1162b995e2185275167b22468c00d6b36
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1335314/+subscriptions
References