** Changed in: linux-snapdragon (Ubuntu Precise) Status: New => Invalid
** Changed in: linux-snapdragon (Ubuntu Precise) Importance: Undecided => Low ** Changed in: linux-snapdragon (Ubuntu Wily) Status: New => Invalid ** Changed in: linux-snapdragon (Ubuntu Wily) Importance: Undecided => Low ** Changed in: linux-snapdragon (Ubuntu Xenial) Status: New => Fix Committed ** Changed in: linux-snapdragon (Ubuntu Xenial) Importance: Undecided => Low ** Changed in: linux-snapdragon (Ubuntu Yakkety) Importance: Undecided => Low ** Changed in: linux-snapdragon (Ubuntu Trusty) Status: New => Invalid ** Changed in: linux-snapdragon (Ubuntu Trusty) Importance: Undecided => Low ** Description changed: - [Unlimiting the stack not longer disables ASLR] + The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux + kernel through 4.5.2 does not properly randomize the legacy base + address, which makes it easier for local users to defeat the intended + restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR + protection mechanism for a setuid or setgid program, by disabling stack- + consumption resource limits. Break-Fix: - 8b8addf891de8a00e4d39fc32f93f7c5eb8feceb -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1568523 Title: CVE-2016-3672 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1568523/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs