** Tags added: kernel-cve-tracking-bug ** No longer affects: linux-armadaxp (Ubuntu)
** No longer affects: linux-ec2 (Ubuntu) ** No longer affects: linux-ec2 (Ubuntu Lucid) ** No longer affects: linux-lowlatency (Ubuntu Precise) ** No longer affects: linux-lowlatency (Ubuntu Saucy) ** No longer affects: linux-lowlatency (Ubuntu) ** No longer affects: linux-lts-quantal (Ubuntu Precise) ** No longer affects: linux-lts-quantal (Ubuntu) ** No longer affects: linux-lts-raring (Ubuntu Precise) ** No longer affects: linux-lts-raring (Ubuntu) ** No longer affects: linux-lts-saucy (Ubuntu Precise) ** No longer affects: linux-lts-saucy (Ubuntu) ** No longer affects: linux-lts-trusty (Ubuntu) ** No longer affects: linux-lts-trusty (Ubuntu Precise) ** Changed in: linux (Ubuntu Precise) Importance: Undecided => High ** Changed in: linux (Ubuntu Saucy) Importance: Undecided => High ** Changed in: linux (Ubuntu Trusty) Importance: Undecided => High ** Changed in: linux (Ubuntu Lucid) Importance: Undecided => High ** Changed in: linux (Ubuntu Utopic) Importance: Undecided => High ** Description changed: - This CVE has an embargo of July 8 - - Don't allow ptrace to set RIP to a value that couldn't happen by ordinary control flow. There are CPU bugs^Wfeatures that can have - interesting effects if RIP is non-canonical. + interesting effects if RIP is non-canonical. I didn't make the + corresponding x86_32 change, since x86_32 has no concept of canonical + addresses. putreg32 doesn't need this fix: value is only 32 bits, so it + can't be non-canonical. - I didn't make the corresponding x86_32 change, since x86_32 has no - concept of canonical addresses. - - putreg32 doesn't need this fix: value is only 32 bits, so it can't - be non-canonical. - - Fixes CVE-2014-4699. There are arguably still bugs here, but this - fixes the major issue. + Break-Fix: 427abfa28afedffadfca9dd8b067eb6d36bac53f + b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a ** No longer affects: linux-ti-omap4 (Ubuntu) ** No longer affects: linux-mvl-dove (Ubuntu) ** No longer affects: linux-lts-saucy (Ubuntu) ** No longer affects: linux-lts-raring (Ubuntu) ** No longer affects: linux-lts-quantal (Ubuntu) ** No longer affects: linux-fsl-imx51 (Ubuntu) ** No longer affects: linux-ec2 (Ubuntu) ** No longer affects: linux-armadaxp (Ubuntu) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-armadaxp in Ubuntu. https://bugs.launchpad.net/bugs/1337339 Title: x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699) Status in “linux” package in Ubuntu: New Status in “linux-armadaxp” package in Ubuntu: New Status in “linux-ec2” package in Ubuntu: New Status in “linux-fsl-imx51” package in Ubuntu: New Status in “linux-lts-quantal” package in Ubuntu: New Status in “linux-lts-raring” package in Ubuntu: New Status in “linux-lts-saucy” package in Ubuntu: New Status in “linux-mvl-dove” package in Ubuntu: New Status in “linux-ti-omap4” package in Ubuntu: New Status in “linux” source package in Lucid: New Status in “linux” source package in Precise: New Status in “linux” source package in Saucy: New Status in “linux” source package in Trusty: New Status in “linux” source package in Utopic: New Bug description: Don't allow ptrace to set RIP to a value that couldn't happen by ordinary control flow. There are CPU bugs^Wfeatures that can have interesting effects if RIP is non-canonical. I didn't make the corresponding x86_32 change, since x86_32 has no concept of canonical addresses. putreg32 doesn't need this fix: value is only 32 bits, so it can't be non-canonical. Break-Fix: 427abfa28afedffadfca9dd8b067eb6d36bac53f b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1337339/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
