Launchpad.net

CVE 2007-4849

JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access restricted files or directories after a remount of a filesystem, related to "legacy modes" and an inconsistency between dentry permissions and inode permissions.

Related bugs and status

CVE-2007-4849 (Candidate) is related to these bugs:

Bug #125816: linux-image postinst matches header_postinst_hook for postinst_hook incorrectly

		In	Importance	Status
125816	linux-image postinst matches header_postinst_hook for postinst_hook incorrectly	linux-source-2.6.22 (Ubuntu)	Medium	Fix Released
125816	linux-image postinst matches header_postinst_hook for postinst_hook incorrectly	linux-source-2.6.20 (Ubuntu)	High	Fix Released
125816	linux-image postinst matches header_postinst_hook for postinst_hook incorrectly	kernel-package (Ubuntu)	High	Fix Released
125816	linux-image postinst matches header_postinst_hook for postinst_hook incorrectly	kernel-package (Ubuntu Feisty)	Undecided	Won't Fix
125816	linux-image postinst matches header_postinst_hook for postinst_hook incorrectly	linux-source-2.6.20 (Ubuntu Feisty)	Undecided	Invalid
125816	linux-image postinst matches header_postinst_hook for postinst_hook incorrectly	linux-source-2.6.22 (Ubuntu Feisty)	Undecided	Invalid

Bug #153096: [sata_sil][sata->ide-bridg] failed to set xfermode

		In	Importance	Status
153096	[sata_sil][sata->ide-bridg] failed to set xfermode	linux-source-2.6.22 (Ubuntu)	High	Fix Released
153096	[sata_sil][sata->ide-bridg] failed to set xfermode	linux (Ubuntu)	High	Fix Released
153096	[sata_sil][sata->ide-bridg] failed to set xfermode	Linux	Medium	Fix Released

Bug #164231: NFS regression causes subsequent mounts from same superblock to silently use previous mount options

		In	Importance	Status
164231	NFS regression causes subsequent mounts from same superblock to silently use previous mount options	linux-source-2.6.22 (Ubuntu)	High	Invalid
164231	NFS regression causes subsequent mounts from same superblock to silently use previous mount options	linux-source-2.6.22 (Ubuntu Hardy)	High	Invalid
164231	NFS regression causes subsequent mounts from same superblock to silently use previous mount options	linux-source-2.6.22 (Ubuntu Gutsy)	High	Fix Released
164231	NFS regression causes subsequent mounts from same superblock to silently use previous mount options	linux-source-2.6.22 (Ubuntu Feisty)	Undecided	Invalid
164231	NFS regression causes subsequent mounts from same superblock to silently use previous mount options	linux (Ubuntu)	High	Fix Released
164231	NFS regression causes subsequent mounts from same superblock to silently use previous mount options	linux (Ubuntu Feisty)	High	Invalid
164231	NFS regression causes subsequent mounts from same superblock to silently use previous mount options	linux (Ubuntu Gutsy)	High	Invalid
164231	NFS regression causes subsequent mounts from same superblock to silently use previous mount options	linux (Ubuntu Hardy)	High	Fix Released
164231	NFS regression causes subsequent mounts from same superblock to silently use previous mount options	linux-source-2.6.20 (Ubuntu)	Undecided	Invalid
164231	NFS regression causes subsequent mounts from same superblock to silently use previous mount options	linux-source-2.6.20 (Ubuntu Feisty)	High	Fix Released
164231	NFS regression causes subsequent mounts from same superblock to silently use previous mount options	linux-source-2.6.20 (Ubuntu Gutsy)	Undecided	Invalid
164231	NFS regression causes subsequent mounts from same superblock to silently use previous mount options	linux-source-2.6.20 (Ubuntu Hardy)	Undecided	Invalid

Bug #185649: 7.10 support of new AMD PowerNow! (family 0x11 and beyond)

Summary				In	Importance	Status
	185649	7.10 support of new AMD PowerNow! (family 0x11 and beyond)		linux-source-2.6.22 (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [linux-mtd] 20070822 [...
CONFIRM: http://dev.laptop.org/...
CONFIRM: http://git.infradead.o...
BID: 25838
DEBIAN: DSA-1378
SECUNIA: 26978
UBUNTU: USN-574-1
SECUNIA: 28706
UBUNTU: USN-558-1
SECUNIA: 28170