*** This bug is a security vulnerability *** Public security bug reported:
The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. Break-Fix: - bceaa90240b6019ed73b49965eac7d167610be69 ** Affects: linux (Ubuntu) Importance: Low Status: New ** Affects: linux-armadaxp (Ubuntu) Importance: Low Status: Invalid ** Affects: linux-ec2 (Ubuntu) Importance: Low Status: Invalid ** Affects: linux-fsl-imx51 (Ubuntu) Importance: Low Status: Invalid ** Affects: linux-lts-backport-maverick (Ubuntu) Importance: Undecided Status: New ** Affects: linux-lts-backport-natty (Ubuntu) Importance: Undecided Status: New ** Affects: linux-lts-quantal (Ubuntu) Importance: Low Status: Invalid ** Affects: linux-lts-raring (Ubuntu) Importance: Low Status: Invalid ** Affects: linux-lts-saucy (Ubuntu) Importance: Low Status: Invalid ** Affects: linux-mvl-dove (Ubuntu) Importance: Low Status: Invalid ** Affects: linux-ti-omap4 (Ubuntu) Importance: Low Status: New ** Affects: linux (Ubuntu Lucid) Importance: Low Status: New ** Affects: linux-armadaxp (Ubuntu Lucid) Importance: Low Status: Invalid ** Affects: linux-ec2 (Ubuntu Lucid) Importance: Low Status: New ** Affects: linux-fsl-imx51 (Ubuntu Lucid) Importance: Low Status: Invalid ** Affects: linux-lts-backport-maverick (Ubuntu Lucid) Importance: Undecided Status: New ** Affects: linux-lts-backport-natty (Ubuntu Lucid) Importance: Undecided Status: New ** Affects: linux-lts-quantal (Ubuntu Lucid) Importance: Low Status: Invalid ** Affects: linux-lts-raring (Ubuntu Lucid) Importance: Low Status: Invalid ** Affects: linux-lts-saucy (Ubuntu Lucid) Importance: Low Status: Invalid ** Affects: linux-mvl-dove (Ubuntu Lucid) Importance: Low Status: Invalid ** Affects: linux-ti-omap4 (Ubuntu Lucid) Importance: Low Status: Invalid ** Affects: linux (Ubuntu Precise) Importance: Low Status: New ** Affects: linux-armadaxp (Ubuntu Precise) Importance: Low Status: New ** Affects: linux-ec2 (Ubuntu Precise) Importance: Low Status: Invalid ** Affects: linux-fsl-imx51 (Ubuntu Precise) Importance: Low Status: Invalid ** Affects: linux-lts-backport-maverick (Ubuntu Precise) Importance: Undecided Status: New ** Affects: linux-lts-backport-natty (Ubuntu Precise) Importance: Undecided Status: New ** Affects: linux-lts-quantal (Ubuntu Precise) Importance: Low Status: New ** Affects: linux-lts-raring (Ubuntu Precise) Importance: Low Status: New ** Affects: linux-lts-saucy (Ubuntu Precise) Importance: Low Status: New ** Affects: linux-mvl-dove (Ubuntu Precise) Importance: Low Status: Invalid ** Affects: linux-ti-omap4 (Ubuntu Precise) Importance: Low Status: New ** Affects: linux (Ubuntu Quantal) Importance: Low Status: New ** Affects: linux-armadaxp (Ubuntu Quantal) Importance: Low Status: New ** Affects: linux-ec2 (Ubuntu Quantal) Importance: Low Status: Invalid ** Affects: linux-fsl-imx51 (Ubuntu Quantal) Importance: Low Status: Invalid ** Affects: linux-lts-backport-maverick (Ubuntu Quantal) Importance: Undecided Status: New ** Affects: linux-lts-backport-natty (Ubuntu Quantal) Importance: Undecided Status: New ** Affects: linux-lts-quantal (Ubuntu Quantal) Importance: Low Status: Invalid ** Affects: linux-lts-raring (Ubuntu Quantal) Importance: Low Status: Invalid ** Affects: linux-lts-saucy (Ubuntu Quantal) Importance: Low Status: Invalid ** Affects: linux-mvl-dove (Ubuntu Quantal) Importance: Low Status: Invalid ** Affects: linux-ti-omap4 (Ubuntu Quantal) Importance: Low Status: New ** Affects: linux (Ubuntu Raring) Importance: Low Status: New ** Affects: linux-armadaxp (Ubuntu Raring) Importance: Low Status: Invalid ** Affects: linux-ec2 (Ubuntu Raring) Importance: Low Status: Invalid ** Affects: linux-fsl-imx51 (Ubuntu Raring) Importance: Low Status: Invalid ** Affects: linux-lts-backport-maverick (Ubuntu Raring) Importance: Undecided Status: New ** Affects: linux-lts-backport-natty (Ubuntu Raring) Importance: Undecided Status: New ** Affects: linux-lts-quantal (Ubuntu Raring) Importance: Low Status: Invalid ** Affects: linux-lts-raring (Ubuntu Raring) Importance: Low Status: Invalid ** Affects: linux-lts-saucy (Ubuntu Raring) Importance: Low Status: Invalid ** Affects: linux-mvl-dove (Ubuntu Raring) Importance: Low Status: Invalid ** Affects: linux-ti-omap4 (Ubuntu Raring) Importance: Low Status: New ** Affects: linux (Ubuntu Saucy) Importance: Low Status: New ** Affects: linux-armadaxp (Ubuntu Saucy) Importance: Low Status: Invalid ** Affects: linux-ec2 (Ubuntu Saucy) Importance: Low Status: Invalid ** Affects: linux-fsl-imx51 (Ubuntu Saucy) Importance: Low Status: Invalid ** Affects: linux-lts-backport-maverick (Ubuntu Saucy) Importance: Undecided Status: New ** Affects: linux-lts-backport-natty (Ubuntu Saucy) Importance: Undecided Status: New ** Affects: linux-lts-quantal (Ubuntu Saucy) Importance: Low Status: Invalid ** Affects: linux-lts-raring (Ubuntu Saucy) Importance: Low Status: Invalid ** Affects: linux-lts-saucy (Ubuntu Saucy) Importance: Low Status: Invalid ** Affects: linux-mvl-dove (Ubuntu Saucy) Importance: Low Status: Invalid ** Affects: linux-ti-omap4 (Ubuntu Saucy) Importance: Low Status: New ** Affects: linux (Ubuntu Trusty) Importance: Low Status: New ** Affects: linux-armadaxp (Ubuntu Trusty) Importance: Low Status: Invalid ** Affects: linux-ec2 (Ubuntu Trusty) Importance: Low Status: Invalid ** Affects: linux-fsl-imx51 (Ubuntu Trusty) Importance: Low Status: Invalid ** Affects: linux-lts-backport-maverick (Ubuntu Trusty) Importance: Undecided Status: New ** Affects: linux-lts-backport-natty (Ubuntu Trusty) Importance: Undecided Status: New ** Affects: linux-lts-quantal (Ubuntu Trusty) Importance: Low Status: Invalid ** Affects: linux-lts-raring (Ubuntu Trusty) Importance: Low Status: Invalid ** Affects: linux-lts-saucy (Ubuntu Trusty) Importance: Low Status: Invalid ** Affects: linux-mvl-dove (Ubuntu Trusty) Importance: Low Status: Invalid ** Affects: linux-ti-omap4 (Ubuntu Trusty) Importance: Low Status: New ** Tags: kernel-cve-tracking-bug ** Tags added: kernel-cve-tracking-bug ** Information type changed from Public to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-7263 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1267075 Title: CVE-2013-7263 Status in “linux” package in Ubuntu: New Status in “linux-armadaxp” package in Ubuntu: Invalid Status in “linux-ec2” package in Ubuntu: Invalid Status in “linux-fsl-imx51” package in Ubuntu: Invalid Status in “linux-lts-backport-maverick” package in Ubuntu: New Status in “linux-lts-backport-natty” package in Ubuntu: New Status in “linux-lts-quantal” package in Ubuntu: Invalid Status in “linux-lts-raring” package in Ubuntu: Invalid Status in “linux-lts-saucy” package in Ubuntu: Invalid Status in “linux-mvl-dove” package in Ubuntu: Invalid Status in “linux-ti-omap4” package in Ubuntu: New Status in “linux” source package in Lucid: New Status in “linux-armadaxp” source package in Lucid: Invalid Status in “linux-ec2” source package in Lucid: New Status in “linux-fsl-imx51” source package in Lucid: Invalid Status in “linux-lts-backport-maverick” source package in Lucid: New Status in “linux-lts-backport-natty” source package in Lucid: New Status in “linux-lts-quantal” source package in Lucid: Invalid Status in “linux-lts-raring” source package in Lucid: Invalid Status in “linux-lts-saucy” source package in Lucid: Invalid Status in “linux-mvl-dove” source package in Lucid: Invalid Status in “linux-ti-omap4” source package in Lucid: Invalid Status in “linux” source package in Precise: New Status in “linux-armadaxp” source package in Precise: New Status in “linux-ec2” source package in Precise: Invalid Status in “linux-fsl-imx51” source package in Precise: Invalid Status in “linux-lts-backport-maverick” source package in Precise: New Status in “linux-lts-backport-natty” source package in Precise: New Status in “linux-lts-quantal” source package in Precise: New Status in “linux-lts-raring” source package in Precise: New Status in “linux-lts-saucy” source package in Precise: New Status in “linux-mvl-dove” source package in Precise: Invalid Status in “linux-ti-omap4” source package in Precise: New Status in “linux” source package in Quantal: New Status in “linux-armadaxp” source package in Quantal: New Status in “linux-ec2” source package in Quantal: Invalid Status in “linux-fsl-imx51” source package in Quantal: Invalid Status in “linux-lts-backport-maverick” source package in Quantal: New Status in “linux-lts-backport-natty” source package in Quantal: New Status in “linux-lts-quantal” source package in Quantal: Invalid Status in “linux-lts-raring” source package in Quantal: Invalid Status in “linux-lts-saucy” source package in Quantal: Invalid Status in “linux-mvl-dove” source package in Quantal: Invalid Status in “linux-ti-omap4” source package in Quantal: New Status in “linux” source package in Raring: New Status in “linux-armadaxp” source package in Raring: Invalid Status in “linux-ec2” source package in Raring: Invalid Status in “linux-fsl-imx51” source package in Raring: Invalid Status in “linux-lts-backport-maverick” source package in Raring: New Status in “linux-lts-backport-natty” source package in Raring: New Status in “linux-lts-quantal” source package in Raring: Invalid Status in “linux-lts-raring” source package in Raring: Invalid Status in “linux-lts-saucy” source package in Raring: Invalid Status in “linux-mvl-dove” source package in Raring: Invalid Status in “linux-ti-omap4” source package in Raring: New Status in “linux” source package in Saucy: New Status in “linux-armadaxp” source package in Saucy: Invalid Status in “linux-ec2” source package in Saucy: Invalid Status in “linux-fsl-imx51” source package in Saucy: Invalid Status in “linux-lts-backport-maverick” source package in Saucy: New Status in “linux-lts-backport-natty” source package in Saucy: New Status in “linux-lts-quantal” source package in Saucy: Invalid Status in “linux-lts-raring” source package in Saucy: Invalid Status in “linux-lts-saucy” source package in Saucy: Invalid Status in “linux-mvl-dove” source package in Saucy: Invalid Status in “linux-ti-omap4” source package in Saucy: New Status in “linux” source package in Trusty: New Status in “linux-armadaxp” source package in Trusty: Invalid Status in “linux-ec2” source package in Trusty: Invalid Status in “linux-fsl-imx51” source package in Trusty: Invalid Status in “linux-lts-backport-maverick” source package in Trusty: New Status in “linux-lts-backport-natty” source package in Trusty: New Status in “linux-lts-quantal” source package in Trusty: Invalid Status in “linux-lts-raring” source package in Trusty: Invalid Status in “linux-lts-saucy” source package in Trusty: Invalid Status in “linux-mvl-dove” source package in Trusty: Invalid Status in “linux-ti-omap4” source package in Trusty: New Bug description: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. Break-Fix: - bceaa90240b6019ed73b49965eac7d167610be69 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1267075/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp