linux: 2.6.24-29.92 -proposed tracker
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Kernel SRU Workflow |
Fix Released
|
Undecided
|
Unassigned | ||
| Certification-testing |
Invalid
|
Undecided
|
Canonical Hardware Certification | ||
| Prepare-package |
Fix Released
|
Undecided
|
Herton R. Krzesinski | ||
| Promote-to-proposed |
Fix Released
|
Undecided
|
Ubuntu Stable Release Updates Team | ||
| Promote-to-security |
Fix Released
|
Undecided
|
Ubuntu Stable Release Updates Team | ||
| Promote-to-updates |
Fix Released
|
Undecided
|
Ubuntu Stable Release Updates Team | ||
| Regression-testing |
Fix Released
|
Undecided
|
C de-Avillez | ||
| Security-signoff |
Fix Released
|
Undecided
|
Kees Cook | ||
| Verification-testing |
Fix Released
|
Undecided
|
Canonical Kernel Team | ||
| linux (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
This bug is for tracking the 2.6.24-29.92 upload package. This bug will contain status and testing results releated to that upload.
For an explanation of the tasks and the associated workflow see: https:/
kernel-
kernel-
This kernel contains only CVE fixes and therefore has no bugs to be verified
Looks good, thanks!
This bug was fixed in the package linux - 2.6.24-29.92
---------------
linux (2.6.24-29.92) hardy-proposed; urgency=low
[Herton R. Krzesinski]
* Release Tracking Bug
- LP: #812360
[Upstream Kernel Changes]
* af_unix: limit unix_tot_inflight CVE-2010-4249
- LP: #769182
- CVE-2010-4249
* xfs: zero proper structure size for geometry calls CVE-2011-0711
- LP: #767740
- CVE-2011-0711
* netfilter: ip_tables: fix infoleak to userspace CVE-2011-1171
- LP: #801482
- CVE-2011-1171
* econet: 4 byte infoleak to the network CVE-2011-1173
- LP: #801484
- CVE-2011-1173
* netfilter: arp_tables: fix infoleak to userspace CVE-2011-1170
- LP: #801480
* ipv6: netfilter: ip6_tables: fix infoleak to userspace CVE-2011-1172
- LP: #801483
- CVE-2011-1172
* xen: don't allow blkback virtual CDROM device, CVE-2010-4238
- LP: #803931
- CVE-2010-4238
* IB/uverbs: Handle large number of entries in poll CQ CVE-2010-4649
- LP: #805512
* ipc: initialize structure memory to zero for compat functions
CVE-2010-4073
- LP: #806366
- CVE-2010-4073
* tcp: Increase TCP_MAXSEG socket option minimum CVE-2010-4165
- LP: #806374
- CVE-2010-4165
* taskstats: don't allow duplicate entries in listener mode,
CVE-2011-2484
- LP: #806390
- CVE-2011-2484
* netfilter: ipt_CLUSTERIP: fix buffer overflow, CVE-2011-2534
- LP: #801473
- CVE-2011-2534
* nfs4: Ensure that ACL pages sent over NFS were not allocated from the
slab (v3), CVE-2011-1090
- LP: #800775
- CVE-2011-1090
* fs/partitions: Validate map_count in Mac partition tables
- LP: #804225
- CVE-2011-1010
-- Herton Ronaldo Krzesinski <email address hidden> 2011年7月18日 12:36:01 -0300
Copied to -security/-updates
The package has been published and the bug is being set to Fix Released
Still need to run KVM on i386. Nevertheless, I got an unexpected failure on the QRT test 'test-kernel.py'. As such, I am failing QA. Bug 822967 has been opened for this error.
I do not see the issue on KVM i386.
For completeness, on all tests I also saw this error -- which I assumed to be a coding error on QRT:
/proc/$pid/ DAC bypass on setuid (CVE-2011-1020) ... (skipped: not fixed before Oneiric yet) FAIL
=======
FAIL: /proc/$pid/ DAC bypass on setuid (CVE-2011-1020)
-------
Traceback (most recent call last):
File "./test-
self.
File "/home/
self.
AssertionError: Got exit code 10. Looking for text " 0x"
Command: 'sudo', '-u', 'ubuntu', 'sh', '-c', 'echo '' | ./dac-bypass.py syscall'
Output:
Traceback (most recent call last):
File "./dac-bypass.py", line 37, in <module>
files[name] = file('/proc/%d/%s' % (target, name))
IOError: [Errno 2] No such file or directory: '/proc/
(current) UNIX password: passwd: Authentication failure
passwd: password unchanged
Changing password for ubuntu.
-------
Ran 49 tests in 28.108s
FAILED (failures=1)
Confirmed that the "/proc/$pid/ DAC bypass on setuid" test is broken on Hardy. I have corrected this.
There were false positives and have been fixed now.