kernel-packages team mailing list archive

Thread
Date
[Bug 1335478] Re: A new instance of IBM Domino 'bindsock' cannot bind to ports <1024 Kernel 3.13.0-29 and above

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1335478@xxxxxxxxxxxxxxxxxx>
Date: Mon, 12 Jan 2015 18:13:24 -0000
Reply-to: Bug 1335478 <1335478@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package linux - 2.6.32-71.138

---------------
linux (2.6.32-71.138) lucid; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1403943

  [ Luis Henriques ]

  * [Config] updateconfigs CONFIG_X86_16BIT=y after v2.6.32.65 update

  [ Upstream Kernel Changes ]

  * KVM: x86: Check non-canonical addresses upon WRMSR
    - LP: #1384539
    - CVE-2014-3610
  * KVM: x86: Improve thread safety in pit
    - LP: #1384540
    - CVE-2014-3611
  * net:socket: set msg_namelen to 0 if msg_name is passed as NULL in
    msghdr struct from userland.
    - LP: #1335478
  * x86, 64-bit: Move K8 B step iret fixup to fault entry asm
    - LP: #1403918
  * x86-64: Adjust frame type at paranoid_exit:
    - LP: #1403918
  * x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
    - LP: #1403918
  * x86-32, espfix: Remove filter for espfix32 due to race
    - LP: #1403918
  * x86-64, espfix: Don't leak bits 31:16 of %esp returning to 16-bit stack
    - LP: #1403918
  * x86, espfix: Move espfix definitions into a separate header file
    - LP: #1403918
  * x86, espfix: Fix broken header guard
    - LP: #1403918
  * x86, espfix: Make espfix64 a Kconfig option, fix UML
    - LP: #1403918
  * x86, espfix: Make it possible to disable 16-bit support
    - LP: #1403918
  * x86_64/entry/xen: Do not invoke espfix64 on Xen
    - LP: #1403918
  * x86/espfix/xen: Fix allocation of pages for paravirt page tables
    - LP: #1403918
  * x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C
    - LP: #1403918
  * x86_64, traps: Rework bad_iret
    - LP: #1403918
 -- Luis Henriques <luis.henriques@xxxxxxxxxxxxx>   Thu, 18 Dec 2014 16:22:56 +0000

** Changed in: linux (Ubuntu Lucid)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3610

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3611

** Changed in: linux (Ubuntu Lucid)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1335478

Title:
  A new instance of IBM Domino 'bindsock' cannot bind to ports <1024
  Kernel  3.13.0-29 and above

Status in linux package in Ubuntu:
  Fix Released
Status in linux-lts-trusty package in Ubuntu:
  Invalid
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux source package in Lucid:
  Fix Released
Status in linux-lts-trusty source package in Lucid:
  Invalid
Status in linux-lts-utopic source package in Lucid:
  Invalid
Status in linux source package in Precise:
  Fix Released
Status in linux-lts-trusty source package in Precise:
  Fix Released
Status in linux-lts-utopic source package in Precise:
  Invalid
Status in linux source package in Trusty:
  Fix Released
Status in linux-lts-trusty source package in Trusty:
  Invalid
Status in linux-lts-utopic source package in Trusty:
  Fix Released
Status in linux source package in Utopic:
  Fix Released
Status in linux-lts-trusty source package in Utopic:
  Invalid
Status in linux-lts-utopic source package in Utopic:
  Invalid
Status in linux source package in Vivid:
  Fix Released
Status in linux-lts-trusty source package in Vivid:
  Invalid
Status in linux-lts-utopic source package in Vivid:
  Invalid

Bug description:
  Starting  with kernels  3.2.0-64 and 3.13.0-29  Something has changed
  to once again that prevents IBM Domino's
  "/opt/ibm/domino/notes/latest/linux/bindsock" binary that runs as root
  (setuid) to get ports lower than 1024 for it's LDAP, SMTP, IMAP, POP3,
  and HTTP processes.

  The Domino server reports  the following: :
    "Listener failure: 'bindsock' is missing, not executable, not owned by root, not setuid root or user needs net_privaddr privilege."

  This is the same behaviour that was reported and subsequently
  corrected in Bug # 1269053

  ===
  break-fix: dbb490b96584d4e958533fb637f08b557f505657 6a2a2b3ae0759843b22c929881cc184b00cc63ff

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1335478/+subscriptions