CVE-2010-4655
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
| Hardy |
Fix Released
|
Low
|
Leann Ogasawara | ||
| Karmic |
Won't Fix
|
Undecided
|
Unassigned | ||
| Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
| Maverick |
Fix Released
|
Undecided
|
Unassigned | ||
| Natty |
Fix Released
|
Undecided
|
Unassigned | ||
| linux-fsl-imx51 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| Dapper |
Invalid
|
Undecided
|
Unassigned | ||
| Hardy |
Invalid
|
Undecided
|
Unassigned | ||
| Karmic |
Won't Fix
|
Undecided
|
Unassigned | ||
| Lucid |
Fix Released
|
Undecided
|
Paolo Pisati | ||
| Maverick |
Invalid
|
Undecided
|
Unassigned | ||
| Natty |
Invalid
|
Undecided
|
Unassigned | ||
| linux-lts-backport-maverick (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
| Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
| Hardy |
Won't Fix
|
Undecided
|
Unassigned | ||
| Karmic |
Won't Fix
|
Undecided
|
Unassigned | ||
| Lucid |
Won't Fix
|
Undecided
|
Unassigned | ||
| Maverick |
Won't Fix
|
Undecided
|
Unassigned | ||
| Natty |
Won't Fix
|
Undecided
|
Unassigned | ||
| linux-mvl-dove (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| Dapper |
Invalid
|
Undecided
|
Unassigned | ||
| Hardy |
Invalid
|
Undecided
|
Unassigned | ||
| Karmic |
Invalid
|
Undecided
|
Unassigned | ||
| Lucid |
Won't Fix
|
Undecided
|
Unassigned | ||
| Maverick |
Won't Fix
|
Undecided
|
Unassigned | ||
| Natty |
Invalid
|
Undecided
|
Unassigned | ||
| linux-ti-omap4 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| Dapper |
Invalid
|
Undecided
|
Unassigned | ||
| Hardy |
Invalid
|
Undecided
|
Unassigned | ||
| Karmic |
Invalid
|
Undecided
|
Unassigned | ||
| Lucid |
Invalid
|
Undecided
|
Unassigned | ||
| Maverick |
Won't Fix
|
Undecided
|
Paolo Pisati | ||
| Natty |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Several other ethtool functions leave heap uncleared (potentially) by drivers. Some interfaces appear safe (eeprom, etc), in that the sizes are well controlled. In some situations (e.g. unchecked error conditions), the heap will remain unchanged in areas before copying back to userspace. Note that these are less of an issue since these all require CAP_NET_ADMIN.
Fix Released for Natty, Maverick, and Lucid.
karmic is EOL
fix already present
This bug was fixed in the package linux - 2.6.24-29.90
---------------
linux (2.6.24-29.90) hardy-proposed; urgency=low
[ Herton R. Krzesinski ]
* Release Tracking Bug
- LP: #788843
[Upstream Kernel Changes]
* IB/cm: Bump reference count on cm_id before invoking callback,
CVE-2011-0695
- LP: #770369
- CVE-2011-0695
* RDMA/cma: Fix crash in request handlers, CVE-2011-0695
- LP: #770369
- CVE-2011-0695
* ALSA: caiaq - Fix possible string-buffer overflow, CVE-2011-0712
- LP: #768448
- CVE-2011-0712
* Treat writes as new when holes span across page boundaries,
CVE-2011-0463
- LP: #770483
- CVE-2011-0463
* net: clear heap allocations for privileged ethtool actions,
CVE-2010-4655
- LP: #771445
- CVE-2010-4655
* usb: iowarrior: don't trust report_size for buffer size, CVE-2010-4656
- LP: #711484
- CVE-2010-4656
* fs/partitions/
CVE-2011-1017
- LP: #771382
- CVE-2011-1017
* ldm: corrupted partition table can cause kernel oops, CVE-2011-1017
- LP: #771382
- CVE-2011-1017
* next_pidmap: fix overflow condition, CVE-2011-1593
- LP: #784727
- CVE-2011-1593
* proc: do proper range check on readdir offset, CVE-2011-1593
- LP: #784727
- CVE-2011-1593
-- Herton Ronaldo Krzesinski <email address hidden> 2011年5月26日 18:15:42 -0300
This bug was fixed in the package linux-fsl-imx51 - 2.6.31-609.26
---------------
linux-fsl-imx51 (2.6.31-609.26) lucid; urgency=low
[ Paolo Pisati ]
* Tracking bug
- LP: #795219
* [Config] Disable parport_pc on fsl-imx51
- LP: #601226
[ Upstream Kernel Changes ]
* ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory
- LP: #712723, #712737
* can-bcm: fix minor heap overflow
- LP: #710680
* drivers/
- LP: #712744
* gdth: integer overflow in ioctl
- LP: #711797
* inet_diag: Make sure we actually run the same bytecode we audited, CVE-2010-3880
- LP: #711865
- CVE-2010-3880
* net: fix rds_iovec page count overflow, CVE-2010-3865
- LP: #709153
- CVE-2010-3865
* net: packet: fix information leak to userland, CVE-2010-3876
- LP: #711045
- CVE-2010-3876
* net: tipc: fix information leak to userland, CVE-2010-3877
- LP: #711291
- CVE-2010-3877
* net: Truncate recvfrom and sendto length to INT_MAX.
- LP: #708839
* posix-cpu-timers: workaround to suppress the problems with mt exec
- LP: #712609
* sys_semctl: fix kernel stack leakage
- LP: #712749
* x25: Patch to fix bug 15678 - x25 accesses fields beyond end of packet.
- LP: #709372
* memory corruption in X.25 facilities parsing
- LP: #709372
* net: ax25: fix information leak to userland, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* net: ax25: fix information leak to userland harder, CVE-2010-3875
- LP: #710714
- CVE-2010-3875
* fs/partitions/
- LP: #771382
- CVE-2011-1017
* net: clear heap allocations for privileged ethtool actions
- LP: #771445
* Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code
- LP: #772543
* Relax si_code check in rt_sigqueueinfo and rt_tgsigqueueinfo
- LP: #772543
* exec: make argv/envp memory visible to oom-killer
- LP: #768408
* next_pidmap: fix overflow condition
- LP: #784727
* proc: do proper range check on readdir offset
- LP: #784727
* mpt2sas: prevent heap overflows and unchecked reads
- LP: #787145
* agp: fix arbitrary kernel memory writes
- LP: #788684
* can: add missing socket check in can/raw release
- LP: #788694
* agp: fix OOM and buffer overflow
- LP: #788700
* do_exit(): make sure that we run with get_fs() == USER_DS - CVE-2010-4258
- LP: #723945
- CVE-2010-4258
* x25: Prevent crashing when parsing bad X.25 facilities - CVE-2010-4164
- LP: #731199
- CVE-2010-4164
* install_
- LP: #731971
- CVE-2010-4346
* econet: Fix crash in aun_incoming() - CVE-2010-4342
- LP: #736394
- CVE-2010-4342
* sound: Prevent buffer overflow in OSS load_mixer_volumes - CVE-2010-4527
- LP: #737073
- CVE-2010-4527
* irda: prevent integer underflow in IRLMP_ENUMDEVICES, CVE-2010-4529
- LP: #737823
- CVE-2010-4529
* CAN: Use inode instead of kernel address for /proc file - CVE-2010-4565
- LP: #765007...
This bug was nominated against a series that is no longer supported, ie karmic. The bug task representing the karmic nomination is being closed as Won't Fix.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.
The attachment "hardy.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-sponsors please also unsubscribe the team from this bug report.
[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]