** Changed in: linux-mvl-dove (Ubuntu Lucid)
Status: In Progress => Fix Released
** Changed in: linux-mvl-dove (Ubuntu Maverick)
Status: New => Fix Released
** Changed in: linux-lts-backport-maverick (Ubuntu Lucid)
Status: New => Fix Committed
** Changed in: linux-ti-omap4 (Ubuntu Oneiric)
Status: In Progress => Fix Committed
** Changed in: linux-ti-omap4 (Ubuntu Maverick)
Status: In Progress => Fix Committed
** Changed in: linux-ti-omap4 (Ubuntu Natty)
Status: In Progress => Fix Committed
** Description changed:
- Fixed By:
+ The raw_release function in net/can/raw.c in the Linux kernel before
+ 2.6.39-rc6 does not properly validate a socket data structure, which
+ allows local users to cause a denial of service (NULL pointer
+ dereference) or possibly have unspecified other impact via a crafted
+ release operation.
- commit 10022a6c66e199d8f61d9044543f38785713cbbd
- Author: Oliver Hartkopp <[email protected]>
- Date: Wed Apr 20 01:57:15 2011 +0000
-
- can: add missing socket check in can/raw release
-
- v2: added space after 'if' according code style.
-
- We can get here with a NULL socket argument passed from userspace,
- so we need to handle it accordingly.
-
- Thanks to Dave Jones pointing at this issue in net/can/bcm.c
-
- Signed-off-by: Oliver Hartkopp <[email protected]>
- Signed-off-by: David S. Miller <[email protected]
-
- This fix has hit Oneiric, Natty, and Lucid via mainline/stable updates.
- Dapper and Hardy do not have this driver.
+ Fixed-by: 10022a6c66e199d8f61d9044543f38785713cbbd
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/788694
Title:
CVE-2011-1748
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/788694/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
