Ubuntu
linux package

CVE-2011-1477

Hardy (8.04)
Bug #925335

Bug #925335 reported by Andy Whitcroft on 2012-02-02

258

This bug affects 1 person

Affects		Status	Importance	Assigned to
	linux (Ubuntu)	Invalid	Medium	Unassigned
Nominated for Raring by John Johansen
	Hardy	Fix Released	Medium	Andy Whitcroft
	Lucid	Fix Released	Medium	Unassigned
	Maverick	Fix Released	Medium	Unassigned
	Natty	Fix Released	Medium	Unassigned
	Oneiric	Won't Fix	Medium	Unassigned
	Precise	Invalid	Medium	Unassigned
	Quantal	Invalid	Medium	Unassigned
	linux-armadaxp (Ubuntu)	Fix Released	Medium	Unassigned
Nominated for Raring by John Johansen
	Hardy	Invalid	Medium	Unassigned
	Lucid	Invalid	Medium	Unassigned
	Maverick	Invalid	Undecided	Unassigned
	Natty	Invalid	Medium	Unassigned
	Oneiric	Invalid	Medium	Unassigned
	Precise	Fix Released	Medium	Unassigned
	Quantal	Fix Released	Medium	Unassigned
	linux-ec2 (Ubuntu)	Invalid	Medium	Unassigned
Nominated for Raring by John Johansen
	Hardy	Invalid	Medium	Unassigned
	Lucid	Fix Released	Medium	Unassigned
	Maverick	Invalid	Medium	Unassigned
	Natty	Invalid	Medium	Unassigned
	Oneiric	Invalid	Medium	Unassigned
	Precise	Invalid	Medium	Unassigned
	Quantal	Invalid	Medium	Unassigned
	linux-fsl-imx51 (Ubuntu)	Invalid	Medium	Unassigned
Nominated for Raring by John Johansen
	Hardy	Invalid	Medium	Unassigned
	Lucid	Invalid	Medium	Unassigned
	Maverick	Invalid	Medium	Unassigned
	Natty	Invalid	Medium	Unassigned
	Oneiric	Invalid	Medium	Unassigned
	Precise	Invalid	Medium	Unassigned
	Quantal	Invalid	Medium	Unassigned
	linux-lts-backport-maverick (Ubuntu)	Invalid	Medium	Unassigned
Nominated for Raring by John Johansen
	Hardy	Invalid	Medium	Unassigned
	Lucid	Fix Released	Medium	Unassigned
	Maverick	Invalid	Medium	Unassigned
	Natty	Invalid	Medium	Unassigned
	Oneiric	Invalid	Medium	Unassigned
	Precise	Invalid	Medium	Unassigned
	Quantal	Invalid	Medium	Unassigned
	linux-lts-backport-natty (Ubuntu)	Invalid	Medium	Unassigned
Nominated for Raring by John Johansen
	Hardy	Invalid	Medium	Unassigned
	Lucid	Won't Fix	Medium	Unassigned
	Maverick	Invalid	Medium	Unassigned
	Natty	Invalid	Medium	Unassigned
	Oneiric	Invalid	Medium	Unassigned
	Precise	Invalid	Medium	Unassigned
	Quantal	Invalid	Medium	Unassigned
	linux-lts-backport-oneiric (Ubuntu)	Invalid	Medium	Unassigned
Nominated for Raring by John Johansen
	Hardy	Invalid	Medium	Unassigned
	Lucid	Won't Fix	Medium	Unassigned
	Maverick	Invalid	Medium	Unassigned
	Natty	Invalid	Medium	Unassigned
	Oneiric	Invalid	Medium	Unassigned
	Precise	Invalid	Medium	Unassigned
	Quantal	Invalid	Medium	Unassigned
	linux-mvl-dove (Ubuntu)	Invalid	Medium	Unassigned
Nominated for Raring by John Johansen
	Hardy	Invalid	Medium	Unassigned
	Lucid	Fix Released	Medium	Unassigned
	Maverick	Fix Released	Medium	Unassigned
	Natty	Invalid	Medium	Unassigned
	Oneiric	Invalid	Medium	Unassigned
	Precise	Invalid	Medium	Unassigned
	Quantal	Invalid	Medium	Unassigned
	linux-ti-omap4 (Ubuntu)	Invalid	Medium	Unassigned
Nominated for Raring by John Johansen
	Hardy	Invalid	Medium	Unassigned
	Lucid	Invalid	Medium	Unassigned
	Maverick	Fix Released	Medium	Unassigned
	Natty	Fix Released	Medium	Unassigned
	Oneiric	Won't Fix	Medium	Unassigned
	Precise	Invalid	Medium	Unassigned
	Quantal	Invalid	Medium	Unassigned

Bug Description

Multiple array index errors in sound/oss/opl3.c in the Linux kernel before 2.6.39 allow local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer.

Break-Fix: - 4d00135a680727f6c3be78f8befaac009030e4df

See original description

Tags:

Related branches

lp://staging/ubuntu/maverick-proposed/linux-ti-omap4

CVE References

Revision history for this message

Andy Whitcroft (apw) wrote on 2012-02-02:

CVE-2011-1477

tags:	added: kernel-cve-tracking-bug
security vulnerability:	no → yes
security vulnerability:	no → yes

Andy Whitcroft (apw) on 2012-02-02

Changed in linux (Ubuntu Hardy):
assignee:	nobody → Andy Whitcroft (apw)
status:	New → In Progress

John Johansen (jjohansen) on 2012-02-03

Changed in linux-ec2 (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Lucid):
status:	New → Fix Committed
Changed in linux-ec2 (Ubuntu Precise):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status:	New → Fix Committed
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Maverick):
status:	New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status:	New → Fix Committed
Changed in linux-lts-backport-natty (Ubuntu Precise):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Maverick):
status:	New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Lucid):
status:	New → Fix Committed
Changed in linux-mvl-dove (Ubuntu Precise):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-mvl-dove (Ubuntu Maverick):
status:	New → Fix Committed
Changed in linux-mvl-dove (Ubuntu Natty):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status:	New → Fix Committed
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
status:	New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status:	New → Invalid
Changed in linux (Ubuntu Oneiric):
status:	New → Fix Committed
Changed in linux (Ubuntu Lucid):
status:	New → Fix Committed
Changed in linux (Ubuntu Precise):
status:	New → Invalid
Changed in linux (Ubuntu Maverick):
status:	New → Fix Committed
Changed in linux (Ubuntu Natty):
status:	New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status:	New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Lucid):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Natty):
status:	New → Fix Committed
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Maverick):
status:	New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status:	New → Invalid
description:	updated
Changed in linux-ec2 (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Hardy):
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Maverick):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-ec2 (Ubuntu Natty):
importance:	Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
importance:	Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Maverick):
importance:	Undecided → Medium
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
importance:	Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance:	Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Maverick):
importance:	Undecided → Medium
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Hardy):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Maverick):
importance:	Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Natty):
importance:	Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance:	Undecided → Medium

John Johansen (jjohansen) on 2012-02-03

Changed in linux-lts-backport-maverick (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance:	Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Maverick):
importance:	Undecided → Medium
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance:	Undecided → Medium
Changed in linux (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux (Ubuntu Hardy):
importance:	Undecided → Medium
Changed in linux (Ubuntu Maverick):
importance:	Undecided → Medium
Changed in linux (Ubuntu Natty):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Maverick):
importance:	Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Natty):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Maverick):
importance:	Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance:	Undecided → Medium

John Johansen (jjohansen) on 2012-02-03

Changed in linux-ec2 (Ubuntu Lucid):
status:	Fix Committed → Fix Released
Changed in linux-mvl-dove (Ubuntu Lucid):
status:	Fix Committed → Fix Released
Changed in linux-mvl-dove (Ubuntu Maverick):
status:	Fix Committed → Fix Released
Changed in linux (Ubuntu Lucid):
status:	Fix Committed → Fix Released
Changed in linux (Ubuntu Maverick):
status:	Fix Committed → Fix Released
Changed in linux (Ubuntu Natty):
status:	Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Natty):
status:	Fix Committed → Fix Released

John Johansen (jjohansen) on 2012-02-06

Changed in linux (Ubuntu Hardy):
status:	In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Maverick):
status:	New → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-03-05:

This bug was fixed in the package linux - 2.6.24-31.99

---------------
linux (2.6.24-31.99) hardy-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #931627

[Andy Whitcroft]

* debian -- validate patches are applied to openvz etc

[Stefan Bader]

  * SAUCE: Return deny all as default in encode_share_access
    - LP: #917829
    - CVE-2011-4324

[Tim Gardner]

  * [Config] Generate patch set from flattened sources
  * [Config] Added apply-patch-to-binary-custom
  * [Config] Flattened openvz
  * [Config] Flattened xen

[Upstream Kernel Changes]

  * sound/oss: remove offset from load_patch callbacks
    - LP: #925337
    - CVE-2011-1476
  * sound/oss/opl3: validate voice and channel indexes
    - LP: #925335
    - CVE-2011-1477
  * Fix for buffer overflow in ldm_frag_add not sufficient
    - LP: #922371
    - CVE-2011-2182
  * Move "exit_robust_list" into mm_release()
    - LP: #927889
    - CVE-2012-0028
  * futex: Nullify robust lists after cleanup
    - LP: #927889
    - CVE-2012-0028
-- Herton Ronaldo Krzesinski <email address hidden> Mon, 13 Feb 2012 17:25:53 -0200

Changed in linux (Ubuntu Hardy):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-03-06:

This bug was fixed in the package linux-ti-omap4 - 2.6.35-903.32

---------------
linux-ti-omap4 (2.6.35-903.32) maverick-proposed; urgency=low

[Herton R. Krzesinski]

* Release Tracking Bug
- LP: #942766

[ Paolo Pisati ]

* [Config] Move to a 3G/1G memory split
- LP: #861296

linux-ti-omap4 (2.6.35-903.31) maverick-proposed; urgency=low

* Release Tracking Bug
- LP: #932237

[ Upstream Kernel Changes ]

  * net: ip_expire() must revalidate route
    - LP: #922051
    - CVE-2011-1927
  * inotify: stop kernel memory leak on file creation failure
    - LP: #917797
    - CVE-2010-4250
  * inotify: fix double free/corruption of stuct user
    - LP: #869203
    - CVE-2011-1479
  * fuse: verify ioctl retries
    - LP: #917804
    - CVE-2010-4650
  * ima: fix add LSM rule bug
    - LP: #917808
    - CVE-2011-0006
  * bridge: Fix mglist corruption that leads to memory corruption
    - LP: #917813
    - CVE-2011-0716
  * sound/oss: remove offset from load_patch callbacks
    - LP: #925337
    - CVE-2011-1476
  * ARM: 6891/1: prevent heap corruption in OABI semtimedop
    - LP: #925373
    - CVE-2011-1759
  * sound/oss/opl3: validate voice and channel indexes
    - LP: #925335
    - CVE-2011-1477
  * Fix for buffer overflow in ldm_frag_add not sufficient
    - LP: #922371
    - CVE-2011-2182
  * AppArmor: fix oops in apparmor_setprocattr
    - LP: #789409
    - CVE-2011-3619
-- Herton Ronaldo Krzesinski <email address hidden> Tue, 28 Feb 2012 14:33:28 -0300

Changed in linux-ti-omap4 (Ubuntu Maverick):
status:	Fix Committed → Fix Released

John Johansen (jjohansen) on 2012-04-17

Changed in linux-mvl-dove (Ubuntu Maverick):
status:	Fix Released → Invalid
Changed in linux (Ubuntu Maverick):
status:	Fix Released → Invalid
Changed in linux-ti-omap4 (Ubuntu Maverick):
status:	Fix Released → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status:	Fix Committed → Fix Released

Revision history for this message

John Johansen (jjohansen) wrote on 2012-04-23:

revert scripting error

Changed in linux (Ubuntu Maverick):
status:	Invalid → Fix Released
Changed in linux-mvl-dove (Ubuntu Maverick):
status:	Invalid → Fix Released
Changed in linux-ti-omap4 (Ubuntu Maverick):
status:	Invalid → Fix Released

John Johansen (jjohansen) on 2012-05-01

Changed in linux-armadaxp (Ubuntu Maverick):
status:	New → Invalid

John Johansen (jjohansen) on 2012-05-01

Changed in linux-armadaxp (Ubuntu Precise):
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Oneiric):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Lucid):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Hardy):
status:	New → Invalid
importance:	Undecided → Medium
Changed in linux-armadaxp (Ubuntu Natty):
status:	New → Invalid
importance:	Undecided → Medium

John Johansen (jjohansen) on 2012-05-03

Changed in linux-armadaxp (Ubuntu Precise):
status:	New → Fix Committed

John Johansen (jjohansen) on 2012-05-04

Changed in linux-armadaxp (Ubuntu Quantal):
status:	New → Fix Committed
importance:	Undecided → Medium

John Johansen (jjohansen) on 2012-06-29

description:

updated

Ike Panhc (ikepanhc) on 2012-09-20

Changed in linux-armadaxp (Ubuntu Precise):
status:	Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Quantal):
status:	Fix Committed → Fix Released

Jamie Strandboge (jdstrand) on 2013-05-21

Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status:	Fix Committed → Won't Fix
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status:	Fix Committed → Won't Fix

Jamie Strandboge (jdstrand) on 2013-05-22

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status:	Fix Committed → Won't Fix

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2013-07-12:

Thank you for reporting this bug to Ubuntu. oneiric has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against oneiric is being marked "Won't Fix".
Please see https://wiki.ubuntu.com/Releases for currently
supported Ubuntu releases.

Please feel free to report any other bugs you may find.

Changed in linux (Ubuntu Oneiric):
status:	Fix Committed → Won't Fix

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

CVE-2011-1477

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package