1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
PublicDate: 2008-03-17
Candidate: CVE-2008-1367
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1367
Description:
gcc 4.3.x does not generate a cld instruction while compiling functions
used for string manipulation such as memcpy and memmove on x86 and i386,
which can prevent the direction flag (DF) from being reset in violation of
ABI conventions and cause data to be copied in the wrong direction during
signal handling in the Linux kernel, which might allow context-dependent
attackers to trigger memory corruption. NOTE: this issue was originally
reported for CPU consumption in SBCL.
Ubuntu-Description:
Notes:
jdstrand> glibc part should be glibc 2.7-7 only
jdstrand> use a low priority, since gcc-4.3 seems to be what is triggering
it
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469567
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465583
http://lkml.org/lkml/2008/3/5/306
Priority: low
Assigned-to:
Patches_gcc-4.3:
upstream_gcc-4.3: released (4.3.0-2)
dapper_gcc-4.3: DNE
edgy_gcc-4.3: DNE
feisty_gcc-4.3: DNE
gutsy_gcc-4.3: DNE
hardy_gcc-4.3: DNE
devel_gcc-4.3: not-affected (4.3.0-3ubuntu1)
Patches_glibc:
upstream_glibc: released (2.7-8)
dapper_glibc: not-affected (2.3.6-0ubuntu20)
edgy_glibc: not-affected (2.4-1ubuntu12)
feisty_glibc: not-affected (2.5-0ubuntu14)
gutsy_glibc: not-affected (2.6.1-1ubuntu9)
hardy_glibc: not-affected (2.7-9ubuntu2)
devel_glibc: not-affected (2.7-9ubuntu2)
Patches_linux-source-2.6.15:
patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
upstream_linux-source-2.6.15: not-affected
dapper_linux-source-2.6.15: not-affected
edgy_linux-source-2.6.15: DNE
feisty_linux-source-2.6.15: DNE
gutsy_linux-source-2.6.15: DNE
hardy_linux-source-2.6.15: DNE
devel_linux-source-2.6.15: DNE
Patches_linux-source-2.6.17:
patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
upstream_linux-source-2.6.17: not-affected
dapper_linux-source-2.6.17: DNE
edgy_linux-source-2.6.17: not-affected
feisty_linux-source-2.6.17: DNE
gutsy_linux-source-2.6.17: DNE
hardy_linux-source-2.6.17: DNE
devel_linux-source-2.6.17: DNE
Patches_linux-source-2.6.20:
patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
upstream_linux-source-2.6.20: not-affected
dapper_linux-source-2.6.20: DNE
edgy_linux-source-2.6.20: DNE
feisty_linux-source-2.6.20: not-affected
gutsy_linux-source-2.6.20: DNE
hardy_linux-source-2.6.20: DNE
devel_linux-source-2.6.20: DNE
Patches_linux-source-2.6.22:
patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
upstream_linux-source-2.6.22: not-affected
dapper_linux-source-2.6.22: DNE
edgy_linux-source-2.6.22: DNE
feisty_linux-source-2.6.22: DNE
gutsy_linux-source-2.6.22: not-affected
hardy_linux-source-2.6.22: DNE
devel_linux-source-2.6.22: DNE
Patches_linux:
patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
upstream_linux: not-affected (2.6.24.4)
dapper_linux: DNE
edgy_linux: DNE
feisty_linux: DNE
gutsy_linux: DNE
hardy_linux: not-affected
devel_linux: not-affected
|