** Changed in: linux-armadaxp (Ubuntu Precise)
Status: New => Fix Committed
** Changed in: linux-armadaxp (Ubuntu Raring)
Status: New => Fix Committed
** Changed in: linux-armadaxp (Ubuntu Quantal)
Status: New => Fix Committed
** Changed in: linux-lts-quantal (Ubuntu Precise)
Status: New => Fix Committed
** Changed in: linux (Ubuntu Precise)
Status: New => Fix Committed
** Changed in: linux (Ubuntu Raring)
Status: New => Fix Committed
** Changed in: linux (Ubuntu Quantal)
Status: New => Fix Committed
** Changed in: linux-ti-omap4 (Ubuntu Precise)
Status: New => Fix Committed
** Changed in: linux-ti-omap4 (Ubuntu Raring)
Status: New => Fix Committed
** Changed in: linux-ti-omap4 (Ubuntu Quantal)
Status: New => Fix Committed
** Description changed:
- Linux kernel built with Extended Verification Module(EVM) and configured
- properly, is vulnerable to a NULL pointer de-reference flaw, caused by
- accessing extended attribute routines of sockfs inode object. An
- unprivileged user/program could use this to crash the kernel, resulting
- in DoS.
+ The evm_update_evmxattr function in security/integrity/evm/evm_crypto.c
+ in the Linux kernel before 3.7.5, when the Extended Verification Module
+ (EVM) is enabled, allows local users to cause a denial of service (NULL
+ pointer dereference and system crash) or possibly have unspecified other
+ impact via an attempted removexattr operation on an inode of a sockfs
+ filesystem.
Break-Fix: - a67adb997419fb53540d4a4f79c6471c60bc69b6
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1131340
Title:
CVE-2013-0313
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1131340/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
