** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4249
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/712749 Title: CVE-2010-4083 Status in linux package in Ubuntu: Fix Released Status in linux-fsl-imx51 package in Ubuntu: Invalid Status in linux-ti-omap4 package in Ubuntu: Invalid Status in linux source package in Lucid: Fix Released Status in linux-fsl-imx51 source package in Lucid: Fix Released Status in linux-ti-omap4 source package in Lucid: Invalid Status in linux source package in Maverick: Fix Released Status in linux-fsl-imx51 source package in Maverick: Invalid Status in linux-ti-omap4 source package in Maverick: Fix Released Status in linux source package in Natty: Fix Released Status in linux-fsl-imx51 source package in Natty: Invalid Status in linux-ti-omap4 source package in Natty: Fix Released Status in linux source package in Dapper: Won't Fix Status in linux-fsl-imx51 source package in Dapper: Invalid Status in linux-ti-omap4 source package in Dapper: Invalid Status in linux source package in Hardy: Fix Released Status in linux-fsl-imx51 source package in Hardy: Invalid Status in linux-ti-omap4 source package in Hardy: Invalid Status in linux source package in Karmic: Fix Released Status in linux-fsl-imx51 source package in Karmic: Won't Fix Status in linux-ti-omap4 source package in Karmic: Invalid Bug description: sys_semctl: fix kernel stack leakage The semctl syscall has several code paths that lead to the leakage of uninitialized kernel stack memory (namely the IPC_INFO, SEM_INFO, IPC_STAT, and SEM_STAT commands) during the use of the older, obsolete version of the semid_ds struct. The copy_semid_to_user() function declares a semid_ds struct on the stack and copies it back to the user without initializing or zeroing the "sem_base", "sem_pending", "sem_pending_last", and "undo" pointers, allowing the leakage of 16 bytes of kernel stack memory. The code is still reachable on 32-bit systems - when calling semctl() newer glibc's automatically OR the IPC command with the IPC_64 flag, but invoking the syscall directly allows users to use the older versions of the struct. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/712749/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
