test_160_setattr_CVE_2015_1350 from qa-regression-testing/scripts/test-
kernel-security.py assumes that all Ubuntu kernels prior to 4.9 lack the
fix for CVE-2015-1350. The latest Xenial kernel in -proposed
(linux/4.4.0-208.240) has the fixes for this CVE applied, therefore the
testcase needs to be update with something like:
--- a/scripts/test-kernel-security.py
+++ b/scripts/test-kernel-security.py
@@ -1885,8 +1885,8 @@ class KernelSecurityTest(KernelSecurityBaseTest):
# chown should fail, but also should not clear fs caps
self.assertShellExitEquals(1, ['sudo', '-u', user, 'chown', user,
testbin])
- if not self.kernel_at_least('4.9'):
- self._skipped("Kernels before 4.9 need to fix CVE-2015-1350")
+ if not self.kernel_at_least('4.4'):
+ self._skipped("Kernels before 4.4 need to fix CVE-2015-1350")
exp_output = ''
self.assertShellOutputEquals(exp_output, ['sudo', '-u', user,
'getcap', testbin])
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1350
** Also affects: qa-regression-testing
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status: Confirmed => Invalid
** Changed in: qa-regression-testing
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1922596
Title:
linux ADT test failure with linux/4.4.0-208.240
To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1922596/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
