This bug was fixed in the package linux - 2.6.32-50.112 --------------- linux (2.6.32-50.112) lucid; urgency=low
[Brad Figg] * Release Tracking Bug - LP: #1199494 [ Upstream Kernel Changes ] * block: do not pass disk names as format strings - LP: #1189832 - CVE-2013-2851 * drivers/cdrom/cdrom.c: use kzalloc() for failing hardware - LP: #1191463 - CVE-2013-2164 * ipv6: ip6_sk_dst_check() must not assume ipv6 dst - LP: #1198293 - CVE-2013-2232 * af_key: fix info leaks in notify messages - LP: #1198294 - CVE-2013-2234 * af_key: initialize satype in key_notify_policy_flush() - LP: #1198296 - CVE-2013-2237 -- Brad Figg <brad.f...@canonical.com> Tue, 09 Jul 2013 13:10:40 -0700 ** Changed in: linux (Ubuntu Lucid) Status: Fix Committed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2164 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2232 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2237 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2851 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-armadaxp in Ubuntu. https://bugs.launchpad.net/bugs/1198294 Title: CVE-2013-2234 Status in “linux” package in Ubuntu: Invalid Status in “linux-armadaxp” package in Ubuntu: Invalid Status in “linux-ec2” package in Ubuntu: Invalid Status in “linux-fsl-imx51” package in Ubuntu: Invalid Status in “linux-lts-backport-maverick” package in Ubuntu: Invalid Status in “linux-lts-backport-natty” package in Ubuntu: Invalid Status in “linux-lts-quantal” package in Ubuntu: Invalid Status in “linux-lts-raring” package in Ubuntu: Invalid Status in “linux-mvl-dove” package in Ubuntu: Invalid Status in “linux-ti-omap4” package in Ubuntu: New Status in “linux” source package in Lucid: Fix Released Status in “linux-armadaxp” source package in Lucid: Invalid Status in “linux-ec2” source package in Lucid: Fix Committed Status in “linux-fsl-imx51” source package in Lucid: Invalid Status in “linux-lts-backport-maverick” source package in Lucid: Invalid Status in “linux-lts-backport-natty” source package in Lucid: Invalid Status in “linux-lts-quantal” source package in Lucid: Invalid Status in “linux-lts-raring” source package in Lucid: Invalid Status in “linux-mvl-dove” source package in Lucid: Invalid Status in “linux-ti-omap4” source package in Lucid: Invalid Status in “linux” source package in Precise: New Status in “linux-armadaxp” source package in Precise: New Status in “linux-ec2” source package in Precise: Invalid Status in “linux-fsl-imx51” source package in Precise: Invalid Status in “linux-lts-backport-maverick” source package in Precise: Invalid Status in “linux-lts-backport-natty” source package in Precise: Invalid Status in “linux-lts-quantal” source package in Precise: New Status in “linux-lts-raring” source package in Precise: New Status in “linux-mvl-dove” source package in Precise: Invalid Status in “linux-ti-omap4” source package in Precise: New Status in “linux” source package in Quantal: New Status in “linux-armadaxp” source package in Quantal: New Status in “linux-ec2” source package in Quantal: Invalid Status in “linux-fsl-imx51” source package in Quantal: Invalid Status in “linux-lts-backport-maverick” source package in Quantal: Invalid Status in “linux-lts-backport-natty” source package in Quantal: Invalid Status in “linux-lts-quantal” source package in Quantal: Invalid Status in “linux-lts-raring” source package in Quantal: Invalid Status in “linux-mvl-dove” source package in Quantal: Invalid Status in “linux-ti-omap4” source package in Quantal: New Status in “linux” source package in Raring: New Status in “linux-armadaxp” source package in Raring: Invalid Status in “linux-ec2” source package in Raring: Invalid Status in “linux-fsl-imx51” source package in Raring: Invalid Status in “linux-lts-backport-maverick” source package in Raring: Invalid Status in “linux-lts-backport-natty” source package in Raring: Invalid Status in “linux-lts-quantal” source package in Raring: Invalid Status in “linux-lts-raring” source package in Raring: Invalid Status in “linux-mvl-dove” source package in Raring: Invalid Status in “linux-ti-omap4” source package in Raring: New Status in “linux” source package in Saucy: Invalid Status in “linux-armadaxp” source package in Saucy: Invalid Status in “linux-ec2” source package in Saucy: Invalid Status in “linux-fsl-imx51” source package in Saucy: Invalid Status in “linux-lts-backport-maverick” source package in Saucy: Invalid Status in “linux-lts-backport-natty” source package in Saucy: Invalid Status in “linux-lts-quantal” source package in Saucy: Invalid Status in “linux-lts-raring” source package in Saucy: Invalid Status in “linux-mvl-dove” source package in Saucy: Invalid Status in “linux-ti-omap4” source package in Saucy: New Bug description: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. Break-Fix: - a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1198294/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp