CVE-2011-4131
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
| Lucid |
Won't Fix
|
Medium
|
Unassigned | ||
| Precise |
Fix Released
|
Medium
|
Unassigned | ||
| Trusty |
Fix Released
|
Medium
|
Unassigned | ||
| Utopic |
Fix Released
|
Medium
|
Unassigned | ||
| linux-armadaxp (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Invalid
|
Medium
|
Unassigned | ||
| Precise |
Fix Released
|
Medium
|
Unassigned | ||
| Trusty |
Invalid
|
Medium
|
Unassigned | ||
| Utopic |
Invalid
|
Medium
|
Unassigned | ||
| linux-ec2 (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Won't Fix
|
Medium
|
Unassigned | ||
| Precise |
Invalid
|
Medium
|
Unassigned | ||
| Trusty |
Invalid
|
Medium
|
Unassigned | ||
| Utopic |
Invalid
|
Medium
|
Unassigned | ||
| linux-fsl-imx51 (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Invalid
|
Medium
|
Unassigned | ||
| Precise |
Invalid
|
Medium
|
Unassigned | ||
| Trusty |
Invalid
|
Medium
|
Unassigned | ||
| Utopic |
Invalid
|
Medium
|
Unassigned | ||
| linux-lts-backport-maverick (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Invalid
|
Medium
|
Unassigned | ||
| Precise |
Invalid
|
Medium
|
Unassigned | ||
| Quantal |
Invalid
|
Medium
|
Unassigned | ||
| Raring |
Invalid
|
Medium
|
Unassigned | ||
| Saucy |
Invalid
|
Medium
|
Unassigned | ||
| Trusty |
Invalid
|
Medium
|
Unassigned | ||
| Utopic |
Invalid
|
Medium
|
Unassigned | ||
| linux-lts-backport-natty (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Fix Released
|
Medium
|
Unassigned | ||
| Precise |
Invalid
|
Medium
|
Unassigned | ||
| Quantal |
Invalid
|
Medium
|
Unassigned | ||
| Raring |
Invalid
|
Medium
|
Unassigned | ||
| Saucy |
Invalid
|
Medium
|
Unassigned | ||
| Trusty |
Invalid
|
Medium
|
Unassigned | ||
| Utopic |
Invalid
|
Medium
|
Unassigned | ||
| linux-lts-backport-oneiric (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Fix Released
|
Medium
|
Unassigned | ||
| Precise |
Invalid
|
Medium
|
Unassigned | ||
| Quantal |
Invalid
|
Medium
|
Unassigned | ||
| Raring |
Invalid
|
Medium
|
Unassigned | ||
| Saucy |
Invalid
|
Medium
|
Unassigned | ||
| Trusty |
Invalid
|
Medium
|
Unassigned | ||
| Utopic |
Invalid
|
Medium
|
Unassigned | ||
| linux-lts-quantal (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Invalid
|
Medium
|
Unassigned | ||
| Precise |
Invalid
|
Medium
|
Unassigned | ||
| Trusty |
Invalid
|
Medium
|
Unassigned | ||
| Utopic |
Invalid
|
Medium
|
Unassigned | ||
| linux-lts-raring (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Invalid
|
Medium
|
Unassigned | ||
| Precise |
Invalid
|
Medium
|
Unassigned | ||
| Trusty |
Invalid
|
Medium
|
Unassigned | ||
| Utopic |
Invalid
|
Medium
|
Unassigned | ||
| linux-lts-saucy (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Invalid
|
Medium
|
Unassigned | ||
| Precise |
Invalid
|
Medium
|
Unassigned | ||
| Trusty |
Invalid
|
Medium
|
Unassigned | ||
| Utopic |
Invalid
|
Medium
|
Unassigned | ||
| linux-mvl-dove (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Invalid
|
Medium
|
Unassigned | ||
| Precise |
Invalid
|
Medium
|
Unassigned | ||
| Trusty |
Invalid
|
Medium
|
Unassigned | ||
| Utopic |
Invalid
|
Medium
|
Unassigned | ||
| linux-ti-omap4 (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
| Lucid |
Invalid
|
Medium
|
Unassigned | ||
| Precise |
Fix Released
|
Medium
|
Unassigned | ||
| Trusty |
Invalid
|
Medium
|
Unassigned | ||
| Utopic |
Invalid
|
Medium
|
Unassigned | ||
Bug Description
The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.
Break-Fix: - bf118a342f10daf
CVE-2011-4131
This bug was fixed in the package linux - 2.6.38-15.60
---------------
linux (2.6.38-15.60) natty-proposed; urgency=low
[Luis Henriques]
* Release Tracking Bug
- LP: #1002384
[ Andy Whitcroft ]
* [Config] control.stub is an intermediate product not a dependancy
- LP: #992414
[ Herton Ronaldo Krzesinski ]
* linux: add Build-Depends for libnewt-dev, to enable perf TUI support
- LP: #981717
[ Tim Gardner ]
* [Config] perarch and indep tools builds need separate build directories
[ Upstream Kernel Changes ]
* fcaps: clear the same personality flags as suid when fcaps are used
- LP: #987571
- CVE-2012-2123
* natty security: fix compile error in commoncap.c
- LP: #987571
- CVE-2012-2123
* KVM: Clean up error handling during VCPU creation
- LP: #971685
- CVE-2012-1601
* KVM: Ensure all vcpus are consistent with in-kernel irqchip settings
- LP: #971685
- CVE-2012-1601
* KVM: unmap pages from the iommu when slots are removed
- LP: #987569
- CVE-2012-2121
* NFSv4: include bitmap in nfsv4 get acl data
- LP: #893147
- CVE-2011-4131
* hugepages: fix use after free bug in "quota" handling
- LP: #990368
- CVE-2012-2133
-- Luis Henriques <email address hidden> 2012年5月21日 17:56:07 +0100
This bug was fixed in the package linux - 3.0.0-21.35
---------------
linux (3.0.0-21.35) oneiric-proposed; urgency=low
[Luis Henriques]
* Release Tracking Bug
- LP: #1004571
[ Andy Whitcroft ]
* [Config] control.stub is an intermediate product not a dependancy
- LP: #992414
[ Herton Ronaldo Krzesinski ]
* SAUCE: async_populate_
- LP: #1003417
[ Tim Gardner ]
* Revert "SAUCE: ite-cir: postpone ISR registration"
- LP: #1002880
* [Config] perarch and indep tools builds need separate build directories
[ Upstream Kernel Changes ]
* Revert "autofs: work around unhappy compat problem on x86-64"
- LP: #996109
* Revert "usb: Fix build error due to dma_mask is not at pdev_archdata at
ARM"
- LP: #996109
* KVM: unmap pages from the iommu when slots are removed
- LP: #987569
- CVE-2012-2121
* NFSv4: include bitmap in nfsv4 get acl data
- LP: #893147
- CVE-2011-4131
* hugepages: fix use after free bug in "quota" handling
- LP: #990368
- CVE-2012-2133
* nfs: Enclose hostname in brackets when needed in nfs_do_root_mount
- LP: #996109
* NFSv4: Ensure that the LOCK code sets exception->inode
- LP: #996109
* NFSv4: Ensure that we check lock exclusive/shared type against open
modes
- LP: #996109
* x86, apic: APIC code touches invalid MSR on P5 class machines
- LP: #996109
* xen: correctly check for pending events when restoring irq flags
- LP: #996109
* xen/smp: Fix crash when booting with ACPI hotplug CPUs.
- LP: #996109
* ASoC: dapm: Ensure power gets managed for line widgets
- LP: #996109
* dmaengine: at_hdmac: remove clear-on-read in atc_dostart()
- LP: #996109
* hwmon: fam15h_power: fix bogus values with current BIOSes
- LP: #996109
* hwmon: (fam15h_power) Fix pci_device_id array
- LP: #996109
* drm/i915: handle input/output sdvo timings separately in mode_set
- LP: #996109
* drm/i915: fix integer overflow in i915_gem_
- LP: #996109
* drm/i915: fix integer overflow in i915_gem_
- LP: #996109
* nl80211: ensure interface is up in various APIs
- LP: #996109
* EHCI: fix criterion for resuming the root hub
- LP: #996109
* brcm80211: smac: resume transmit fifo upon receiving frames
- LP: #996109
* Fix modpost failures in fedora 17
- LP: #996109
* mmc: unbreak sdhci-esdhc-imx on i.MX25
- LP: #996109
* nfsd: fix b0rken error value for setattr on read-only mount
- LP: #996109
* nfsd: fix error values returned by nfsd4_lockt() when nfsd_open() fails
- LP: #996109
* USB: cdc-wdm: fix race leading leading to memory corruption
- LP: #996109
* USB: EHCI: fix crash during suspend on ASUS computers
- LP: #996109
* USB: gadget: storage gadgets send wrong error code for unknown commands
- LP: #996109
* usb gadget: uvc: uvc_request_
- LP: #996109
* pipes: add a "packetized pipe" mode for writing
- LP: #996109
* autofs: make the autofsv5 packet file descriptor use a packetized pipe
- LP: #996109
* ARM: 7403/1: tls: remove covert channel via...
This bug was fixed in the package linux-lts-
---------------
linux-lts-
[Luis Henriques]
* Release Tracking Bug
- LP: #1005456
[ Andy Whitcroft ]
* [Config] control.stub is an intermediate product not a dependancy
- LP: #992414
[ Herton Ronaldo Krzesinski ]
* SAUCE: async_populate_
- LP: #1003417
[ Tim Gardner ]
* Revert "SAUCE: ite-cir: postpone ISR registration"
- LP: #1002880
* [Config] perarch and indep tools builds need separate build directories
[ Upstream Kernel Changes ]
* Revert "autofs: work around unhappy compat problem on x86-64"
- LP: #996109
* Revert "usb: Fix build error due to dma_mask is not at pdev_archdata at
ARM"
- LP: #996109
* KVM: unmap pages from the iommu when slots are removed
- LP: #987569
- CVE-2012-2121
* NFSv4: include bitmap in nfsv4 get acl data
- LP: #893147
- CVE-2011-4131
* hugepages: fix use after free bug in "quota" handling
- LP: #990368
- CVE-2012-2133
* nfs: Enclose hostname in brackets when needed in nfs_do_root_mount
- LP: #996109
* NFSv4: Ensure that the LOCK code sets exception->inode
- LP: #996109
* NFSv4: Ensure that we check lock exclusive/shared type against open
modes
- LP: #996109
* x86, apic: APIC code touches invalid MSR on P5 class machines
- LP: #996109
* xen: correctly check for pending events when restoring irq flags
- LP: #996109
* xen/smp: Fix crash when booting with ACPI hotplug CPUs.
- LP: #996109
* ASoC: dapm: Ensure power gets managed for line widgets
- LP: #996109
* dmaengine: at_hdmac: remove clear-on-read in atc_dostart()
- LP: #996109
* hwmon: fam15h_power: fix bogus values with current BIOSes
- LP: #996109
* hwmon: (fam15h_power) Fix pci_device_id array
- LP: #996109
* drm/i915: handle input/output sdvo timings separately in mode_set
- LP: #996109
* drm/i915: fix integer overflow in i915_gem_
- LP: #996109
* drm/i915: fix integer overflow in i915_gem_
- LP: #996109
* nl80211: ensure interface is up in various APIs
- LP: #996109
* EHCI: fix criterion for resuming the root hub
- LP: #996109
* brcm80211: smac: resume transmit fifo upon receiving frames
- LP: #996109
* Fix modpost failures in fedora 17
- LP: #996109
* mmc: unbreak sdhci-esdhc-imx on i.MX25
- LP: #996109
* nfsd: fix b0rken error value for setattr on read-only mount
- LP: #996109
* nfsd: fix error values returned by nfsd4_lockt() when nfsd_open() fails
- LP: #996109
* USB: cdc-wdm: fix race leading leading to memory corruption
- LP: #996109
* USB: EHCI: fix crash during suspend on ASUS computers
- LP: #996109
* USB: gadget: storage gadgets send wrong error code for unknown commands
- LP: #996109
* usb gadget: uvc: uvc_request_
- LP: #996109
* pipes: add a "packetized pipe" mode for writing
- LP: #996109
* autofs: make the autofsv5 packet file descriptor use a packetized pipe
- LP: #...
This bug was fixed in the package linux-lts-
---------------
linux-lts-
[Luis Henriques]
* Release Tracking Bug
- LP: #1003079
[ Andy Whitcroft ]
* [Config] control.stub is an intermediate product not a dependancy
- LP: #992414
[ Herton Ronaldo Krzesinski ]
* linux: add Build-Depends for libnewt-dev, to enable perf TUI support
- LP: #981717
[ Tim Gardner ]
* [Config] perarch and indep tools builds need separate build directories
[ Upstream Kernel Changes ]
* fcaps: clear the same personality flags as suid when fcaps are used
- LP: #987571
- CVE-2012-2123
* natty security: fix compile error in commoncap.c
- LP: #987571
- CVE-2012-2123
* KVM: Clean up error handling during VCPU creation
- LP: #971685
- CVE-2012-1601
* KVM: Ensure all vcpus are consistent with in-kernel irqchip settings
- LP: #971685
- CVE-2012-1601
* KVM: unmap pages from the iommu when slots are removed
- LP: #987569
- CVE-2012-2121
* NFSv4: include bitmap in nfsv4 get acl data
- LP: #893147
- CVE-2011-4131
* hugepages: fix use after free bug in "quota" handling
- LP: #990368
- CVE-2012-2133
-- Luis Henriques <email address hidden> 2012年5月23日 09:43:28 +0100
This bug was fixed in the package linux-ti-omap4 - 3.0.0-1211.23
---------------
linux-ti-omap4 (3.0.0-1211.23) oneiric-proposed; urgency=low
* Release Tracking Bug
- LP: #1005455
[ Paolo Pisati ]
* rebased on Ubuntu-3.0.0-21.35
[ Ubuntu: 3.0.0-21.35 ]
* Release Tracking Bug
- LP: #1004571
* [Config] control.stub is an intermediate product not a dependancy
- LP: #992414
* SAUCE: async_populate_
- LP: #1003417
* Revert "SAUCE: ite-cir: postpone ISR registration"
- LP: #1002880
* [Config] perarch and indep tools builds need separate build directories
* Revert "autofs: work around unhappy compat problem on x86-64"
- LP: #996109
* Revert "usb: Fix build error due to dma_mask is not at pdev_archdata at
ARM"
- LP: #996109
* KVM: unmap pages from the iommu when slots are removed
- LP: #987569
- CVE-2012-2121
* NFSv4: include bitmap in nfsv4 get acl data
- LP: #893147
- CVE-2011-4131
* hugepages: fix use after free bug in "quota" handling
- LP: #990368
- CVE-2012-2133
* nfs: Enclose hostname in brackets when needed in nfs_do_root_mount
- LP: #996109
* NFSv4: Ensure that the LOCK code sets exception->inode
- LP: #996109
* NFSv4: Ensure that we check lock exclusive/shared type against open
modes
- LP: #996109
* x86, apic: APIC code touches invalid MSR on P5 class machines
- LP: #996109
* xen: correctly check for pending events when restoring irq flags
- LP: #996109
* xen/smp: Fix crash when booting with ACPI hotplug CPUs.
- LP: #996109
* ASoC: dapm: Ensure power gets managed for line widgets
- LP: #996109
* dmaengine: at_hdmac: remove clear-on-read in atc_dostart()
- LP: #996109
* hwmon: fam15h_power: fix bogus values with current BIOSes
- LP: #996109
* hwmon: (fam15h_power) Fix pci_device_id array
- LP: #996109
* drm/i915: handle input/output sdvo timings separately in mode_set
- LP: #996109
* drm/i915: fix integer overflow in i915_gem_
- LP: #996109
* drm/i915: fix integer overflow in i915_gem_
- LP: #996109
* nl80211: ensure interface is up in various APIs
- LP: #996109
* EHCI: fix criterion for resuming the root hub
- LP: #996109
* brcm80211: smac: resume transmit fifo upon receiving frames
- LP: #996109
* Fix modpost failures in fedora 17
- LP: #996109
* mmc: unbreak sdhci-esdhc-imx on i.MX25
- LP: #996109
* nfsd: fix b0rken error value for setattr on read-only mount
- LP: #996109
* nfsd: fix error values returned by nfsd4_lockt() when nfsd_open() fails
- LP: #996109
* USB: cdc-wdm: fix race leading leading to memory corruption
- LP: #996109
* USB: EHCI: fix crash during suspend on ASUS computers
- LP: #996109
* USB: gadget: storage gadgets send wrong error code for unknown commands
- LP: #996109
* usb gadget: uvc: uvc_request_
- LP: #996109
* pipes: add a "packetized pipe" mode for writing
- LP: #996109
* autofs: make the autofsv5 packet file descriptor use a packetized pipe
- LP: #996109
* ARM: 7403/1: tls: remov...
The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.
This bug was fixed in the package linux-ti-omap4 - 2.6.38-1209.25
---------------
linux-ti-omap4 (2.6.38-1209.25) natty-proposed; urgency=low
* Release Tracking Bug
- LP: #1029784
[ Andy Whitcroft ]
* SAUCE: rds_ib_send() -- prevent local pings triggering BUG_ON()
- LP: #1016299
- CVE-2012-2372
[ Upstream Kernel Changes ]
* fcaps: clear the same personality flags as suid when fcaps are used
- LP: #987571
- CVE-2012-2123
* security: fix compile error in commoncap.c
- LP: #987571
- CVE-2012-2123
* net: sock: validate data_len before allocating skb in
sock_
- LP: #1006622
- CVE-2012-2136
* dl2k: Clean up rio_ioctl
- CVE-2012-2313
* hfsplus: Fix potential buffer overflows
- CVE-2012-2319
* nfs: don't lose MS_SYNCHRONOUS on remount of noac mount
- LP: #775809
* NFSv4.1: Ensure state manager thread dies on last umount
- LP: #775809
* NFSv4: Handle expired stateids when the lease is still valid
- LP: #793702
* NFSv4.1: Fix the handling of NFS4ERR_
- LP: #793702
* NFSv4: include bitmap in nfsv4 get acl data
- LP: #893147
- CVE-2011-4131
* Avoid reading past buffer when calling GETACL
- LP: #1002505
- CVE-2012-2375
* Avoid beyond bounds copy while caching ACL
- LP: #1002505
- CVE-2012-2375
* Fix length of buffer copied in __nfs4_
- LP: #1002505
- CVE-2012-2375
-- Paolo Pisati <email address hidden> 2012年7月27日 15:54:18 +0200
The NFS code for 2.6.32 is substantially different then the code fixed by bf118a342f10daf
Can not find bf118a342f10daf
Patch bf118a342f10daf
Patch bf118a342f10daf
lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".