compiled without -fno-delete-null-pointer-checks

Bug #403647 reported by Kees Cook
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Medium
Stefan Bader
Dapper
Invalid
Undecided
Unassigned
Hardy
Fix Released
Medium
Stefan Bader
Intrepid
Fix Released
Medium
Stefan Bader
Jaunty
Fix Released
Medium
Stefan Bader
Karmic
Fix Released
Medium
Stefan Bader
linux-source-2.6.15 (Ubuntu)
Invalid
Undecided
Unassigned
Dapper
Fix Released
Medium
Stefan Bader
Hardy
Invalid
Undecided
Unassigned
Intrepid
Invalid
Undecided
Unassigned
Jaunty
Invalid
Undecided
Unassigned
Karmic
Invalid
Undecided
Unassigned

Bug Description

Please backport the following patch for the released kernels, to avoid potentially hidden NULL deref bugs which might be leveraged into security vulnerabilities:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a3ca86aea507904148870946d599e07a340b39bf

ProblemType: Bug
Architecture: amd64
Date: Thu Jul 23 10:45:53 2009
DistroRelease: Ubuntu 9.10
HibernationDevice: RESUME=/dev/md1
Package: linux-image-2.6.31-3-generic 2.6.31-3.19
ProcCmdLine: BOOT_IMAGE=/vmlinuz-2.6.31-3-generic root=/dev/mapper/systemvg-root2lv ro splash security=apparmor
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-3.19-generic
RelatedPackageVersions: linux-backports-modules-2.6.31-3-generic N/A
SourcePackage: linux
Uname: Linux 2.6.31-3-generic x86_64
dmi.bios.date: 09/22/2008
dmi.bios.vendor: Intel Corp.
dmi.bios.version: JOQ3510J.86A.0954.2008.0922.2331
dmi.board.asset.tag: Base Board Asset Tag
dmi.board.name: DQ35JO
dmi.board.vendor: Intel Corporation
dmi.board.version: AAD82085-800
dmi.chassis.type: 3
dmi.modalias: dmi:bvnIntelCorp.:bvrJOQ3510J.86A.0954.2008.0922.2331:bd09/22/2008:svn:pn:pvr:rvnIntelCorporation:rnDQ35JO:rvrAAD82085-800:cvn:ct3:cvr:

Revision history for this message
Kees Cook (kees) wrote :
visibility: private → public
Changed in linux (Ubuntu):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
importance: Undecided → Medium
status: New → Triaged
Changed in linux (Ubuntu Karmic):
status: Triaged → Fix Released
Changed in linux (Ubuntu Jaunty):
status: New → In Progress
status: In Progress → Triaged
Changed in linux (Ubuntu Intrepid):
status: New → Triaged
Changed in linux (Ubuntu Dapper):
status: New → Triaged
importance: Undecided → Medium
Changed in linux (Ubuntu Hardy):
importance: Undecided → Medium
status: New → Triaged
Changed in linux (Ubuntu Jaunty):
importance: Undecided → Medium
Changed in linux (Ubuntu Intrepid):
importance: Undecided → Medium
Changed in linux (Ubuntu Jaunty):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
Changed in linux (Ubuntu Intrepid):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
Changed in linux (Ubuntu Hardy):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
Changed in linux (Ubuntu Dapper):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.24-24.57

---------------
linux (2.6.24-24.57) hardy-security; urgency=low

  [Upstream Kernel Changes]

  * Add '-fno-delete-null-pointer-checks' to gcc CFLAGS
    - LP: #403647
  * personality: fix PER_CLEAR_ON_SETID
    - CVE-2009-1895
  * KVM: detect if VCPU triple faults
    - CVE-2009-2287
  * KVM: x86: check for cr3 validity in ioctl_set_sregs
    - CVE-2009-2287
  * r8169: fix crash when large packets are received
    - CVE-2009-1389
  * eCryptfs: Check Tag 11 literal data buffer size
    - CVE-2009-2406
  * eCryptfs: parse_tag_3_packet check tag 3 packet encrypted key size
    - CVE-2009-2407

 -- Stefan Bader <email address hidden> Thu, 23 Jul 2009 15:37:05 +0200

Changed in linux (Ubuntu Hardy):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.27-14.37

---------------
linux (2.6.27-14.37) intrepid-security; urgency=low

  [ Upstream Kernel Changes ]

  * Add '-fno-delete-null-pointer-checks' to gcc CFLAGS
    - LP: #403647
  * personality: fix PER_CLEAR_ON_SETID
    - CVE-2009-1895
  * KVM: x86: check for cr3 validity in ioctl_set_sregs
    - CVE-2009-2287
  * r8169: fix crash when large packets are received
    - CVE-2009-1389
  * eCryptfs: Check Tag 11 literal data buffer size
    - CVE-2009-2406
  * eCryptfs: parse_tag_3_packet check tag 3 packet encrypted key size
    - CVE-2009-2407

 -- Stefan Bader <email address hidden> Thu, 23 Jul 2009 15:46:29 +0200

Changed in linux (Ubuntu Intrepid):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.28-14.47

---------------
linux (2.6.28-14.47) jaunty-security; urgency=low

  [ Upstream Kernel Changes ]

  * Add '-fno-delete-null-pointer-checks' to gcc CFLAGS
    - LP: #403647
  * personality: fix PER_CLEAR_ON_SETID
    - CVE-2009-1895
  * KVM: x86: check for cr3 validity in ioctl_set_sregs
    - CVE-2009-2287
  * r8169: fix crash when large packets are received
    - CVE-2009-1389
  * eCryptfs: Check Tag 11 literal data buffer size
    - CVE-2009-2406
  * eCryptfs: parse_tag_3_packet check tag 3 packet encrypted key size
    - CVE-2009-2407

 -- Stefan Bader <email address hidden> Thu, 23 Jul 2009 15:49:09 +0200

Changed in linux (Ubuntu Jaunty):
status: Triaged → Fix Released
Kees Cook (kees)
Changed in linux (Ubuntu Dapper):
status: Triaged → Invalid
Changed in linux-source-2.6.15 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-source-2.6.15 (Ubuntu Intrepid):
status: New → Invalid
Changed in linux-source-2.6.15 (Ubuntu Jaunty):
status: New → Invalid
Changed in linux-source-2.6.15 (Ubuntu Karmic):
status: New → Invalid
Changed in linux-source-2.6.15 (Ubuntu Dapper):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
importance: Undecided → Medium
status: New → Fix Released
Changed in linux (Ubuntu Dapper):
assignee: Stefan Bader (stefan-bader-canonical) → nobody
importance: Medium → Undecided
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.