CIFS: sanity check length of data to send before sending

Bug #1283101 reported by Andy Whitcroft
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Unassigned
Lucid
Won't Fix
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned
Quantal
Won't Fix
Undecided
Unassigned
Saucy
Won't Fix
Undecided
Unassigned
Trusty
Fix Released
Undecided
Unassigned
linux-armadaxp (Ubuntu)
Invalid
Undecided
Unassigned
Lucid
Invalid
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned
Quantal
Won't Fix
Undecided
Unassigned
Saucy
Invalid
Undecided
Unassigned
Trusty
Invalid
Undecided
Unassigned
linux-ec2 (Ubuntu)
Invalid
Undecided
Unassigned
Lucid
Won't Fix
Undecided
Unassigned
Precise
Invalid
Undecided
Unassigned
Quantal
Invalid
Undecided
Unassigned
Saucy
Invalid
Undecided
Unassigned
Trusty
Invalid
Undecided
Unassigned
linux-lts-quantal (Ubuntu)
Invalid
Undecided
Unassigned
Lucid
Invalid
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned
Quantal
Invalid
Undecided
Unassigned
Saucy
Invalid
Undecided
Unassigned
Trusty
Invalid
Undecided
Unassigned
linux-lts-raring (Ubuntu)
Invalid
Undecided
Unassigned
Lucid
Invalid
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned
Quantal
Invalid
Undecided
Unassigned
Saucy
Invalid
Undecided
Unassigned
Trusty
Invalid
Undecided
Unassigned
linux-lts-saucy (Ubuntu)
Invalid
Undecided
Unassigned
Lucid
Invalid
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned
Quantal
Invalid
Undecided
Unassigned
Saucy
Invalid
Undecided
Unassigned
Trusty
Invalid
Undecided
Unassigned
linux-ti-omap4 (Ubuntu)
Invalid
Undecided
Unassigned
Lucid
Invalid
Undecided
Unassigned
Precise
Won't Fix
Undecided
Unassigned
Quantal
Won't Fix
Undecided
Unassigned
Saucy
Won't Fix
Undecided
Unassigned
Trusty
Invalid
Undecided
Unassigned

Bug Description

This CVE was fixed under 5d81de8e8667da7135d3a32a964087c0faf5483f but there is a second fix which will make this much safer going forward against other bugs:

    http://article.gmane.org/gmane.linux.kernel.cifs/9402

Makes sense to put this into any release which needs it.

# As applied to linus' tree
Break-fix: - a26054d184763969a411e3939fe243516715ff59

Andy Whitcroft (apw)
Changed in linux (Ubuntu):
status: New → Triaged
tags: added: kernel-bug-break-fix
Andy Whitcroft (apw)
description: updated
Changed in linux-lts-saucy (Ubuntu Trusty):
status: New → Invalid
Andy Whitcroft (apw)
Changed in linux-lts-raring (Ubuntu):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-saucy (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ec2 (Ubuntu):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Trusty):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Saucy):
status: New → Invalid
Andy Whitcroft (apw)
Changed in linux (Ubuntu Lucid):
status: New → Confirmed
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Confirmed
Changed in linux (Ubuntu Precise):
status: New → Confirmed
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Confirmed
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Confirmed
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Confirmed
Changed in linux-lts-saucy (Ubuntu Precise):
status: New → Confirmed
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Confirmed
Changed in linux (Ubuntu Quantal):
status: New → Confirmed
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Confirmed
Changed in linux-ti-omap4 (Ubuntu Saucy):
status: New → Confirmed
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Confirmed
Changed in linux (Ubuntu Saucy):
status: New → Confirmed
Changed in linux (Ubuntu Trusty):
status: Triaged → Confirmed
Andy Whitcroft (apw)
summary: - CVE-2014-0069: add hardening patch
+ CVE-2014-0069: CIFS -- add hardening patch
description: updated
Andy Whitcroft (apw)
Changed in linux (Ubuntu):
status: Confirmed → Fix Committed
Andy Whitcroft (apw)
Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Andy Whitcroft (apw)
Changed in linux (Ubuntu Quantal):
status: Confirmed → Won't Fix
Changed in linux-lts-quantal (Ubuntu Precise):
status: Confirmed → Won't Fix
Andy Whitcroft (apw)
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: Confirmed → Won't Fix
Changed in linux-armadaxp (Ubuntu Quantal):
status: Confirmed → Won't Fix
Andy Whitcroft (apw)
Changed in linux (Ubuntu Saucy):
status: Confirmed → Won't Fix
Changed in linux-lts-raring (Ubuntu Precise):
status: Confirmed → Won't Fix
Changed in linux-lts-saucy (Ubuntu Precise):
status: Confirmed → Won't Fix
Changed in linux-ti-omap4 (Ubuntu Saucy):
status: Confirmed → Won't Fix
Changed in linux (Ubuntu Lucid):
status: Confirmed → Won't Fix
Changed in linux-ec2 (Ubuntu Lucid):
status: Confirmed → Won't Fix
Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Trusty):
status: Confirmed → Fix Committed
Revision history for this message
Brad Figg (brad-figg) wrote : Re: CVE-2014-0069: CIFS -- add hardening patch

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-trusty
Brad Figg (brad-figg)
tags: added: verification-done-trusty
removed: verification-needed-trusty
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (5.8 KiB)

This bug was fixed in the package linux - 3.13.0-36.63

---------------
linux (3.13.0-36.63) trusty; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1365052

  [ Feng Kan ]

  * SAUCE: (no-up) irqchip:gic: change access of gicc_ctrl register to read
    modify write.
    - LP: #1357527
  * SAUCE: (no-up) arm64: optimized copy_to_user and copy_from_user
    assembly code
    - LP: #1358949

  [ Ming Lei ]

  * SAUCE: (no-up) Drop APM X-Gene SoC Ethernet driver
    - LP: #1360140
  * [Config] Drop XGENE entries
    - LP: #1360140
  * [Config] CONFIG_NET_XGENE=m for arm64
    - LP: #1360140

  [ Stefan Bader ]

  * SAUCE: Add compat macro for skb_get_hash
    - LP: #1358162
  * SAUCE: bcache: prevent crash on changing writeback_running
    - LP: #1357295

  [ Suman Tripathi ]

  * SAUCE: (no-up) arm64: Fix the csr-mask for APM X-Gene SoC AHCI SATA PHY
    clock DTS node.
    - LP: #1359489
  * SAUCE: (no-up) ahci_xgene: Skip the PHY and clock initialization if
    already configured by the firmware.
    - LP: #1359501
  * SAUCE: (no-up) ahci_xgene: Fix the link down in first attempt for the
    APM X-Gene SoC AHCI SATA host controller driver.
    - LP: #1359507

  [ Tuan Phan ]

  * SAUCE: (no-up) pci-xgene-msi: fixed deadlock in irq_set_affinity
    - LP: #1359514

  [ Upstream Kernel Changes ]

  * iwlwifi: mvm: Add a missed beacons threshold
    - LP: #1349572
  * mac80211: reset probe_send_count also in HW_CONNECTION_MONITOR case
    - LP: #1349572
  * genirq: Add an accessor for IRQ_PER_CPU flag
    - LP: #1357527
  * arm64: perf: add support for percpu pmu interrupt
    - LP: #1357527
  * cifs: sanity check length of data to send before sending
    - LP: #1283101
  * KVM: nVMX: Pass vmexit parameters to nested_vmx_vmexit
    - LP: #1329434
  * KVM: nVMX: Rework interception of IRQs and NMIs
    - LP: #1329434
  * KVM: vmx: disable APIC virtualization in nested guests
    - LP: #1329434
  * HID: Add transport-driver functions to the USB HID interface.
    - LP: #1353021
  * ahci_xgene: Removing NCQ support from the APM X-Gene SoC AHCI SATA Host
    Controller driver.
    - LP: #1358498
  * fold d_kill() and d_free()
    - LP: #1354234
  * fold try_prune_one_dentry()
    - LP: #1354234
  * new helper: dentry_free()
    - LP: #1354234
  * expand the call of dentry_lru_del() in dentry_kill()
    - LP: #1354234
  * dentry_kill(): don't try to remove from shrink list
    - LP: #1354234
  * don't remove from shrink list in select_collect()
    - LP: #1354234
  * more graceful recovery in umount_collect()
    - LP: #1354234
  * dcache: don't need rcu in shrink_dentry_list()
    - LP: #1354234
  * lift the "already marked killed" case into shrink_dentry_list()
  * split dentry_kill()
    - LP: #1354234
  * expand dentry_kill(dentry, 0) in shrink_dentry_list()
    - LP: #1354234
  * shrink_dentry_list(): take parent's ->d_lock earlier
    - LP: #1354234
  * dealing with the rest of shrink_dentry_list() livelock
    - LP: #1354234
  * dentry_kill() doesn't need the second argument now
    - LP: #1354234
  * dcache: add missing lockdep annotation
    - LP: #1354234
  * fs: convert use of typedef ctl_table to struct ctl_table
 ...

Read more...

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
Andy Whitcroft (apw)
Changed in linux (Ubuntu):
status: Fix Released → Invalid
Andy Whitcroft (apw)
Changed in linux (Ubuntu):
status: Invalid → Fix Released
Mathew Hodson (mhodson)
information type: Public → Public Security
summary: - CVE-2014-0069: CIFS -- add hardening patch
+ CIFS: sanity check length of data to send before sending
Revision history for this message
Steve Langasek (vorlon) wrote :

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in linux (Ubuntu Precise):
status: Confirmed → Won't Fix
Changed in linux-ti-omap4 (Ubuntu Precise):
status: Confirmed → Won't Fix
Changed in linux-armadaxp (Ubuntu Precise):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.