← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

PublicDate: 2008-03-17
Candidate: CVE-2008-1367
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1367
Description:
 gcc 4.3.x does not generate a cld instruction while compiling functions
 used for string manipulation such as memcpy and memmove on x86 and i386,
 which can prevent the direction flag (DF) from being reset in violation of
 ABI conventions and cause data to be copied in the wrong direction during
 signal handling in the Linux kernel, which might allow context-dependent
 attackers to trigger memory corruption. NOTE: this issue was originally
 reported for CPU consumption in SBCL.
Ubuntu-Description:
Notes:
 jdstrand> glibc part should be glibc 2.7-7 only
 jdstrand> use a low priority, since gcc-4.3 seems to be what is triggering
   it
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469567
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465583
 http://lkml.org/lkml/2008/3/5/306
Priority: low
Assigned-to:

Patches_gcc-4.3:
upstream_gcc-4.3: released (4.3.0-2)
dapper_gcc-4.3: DNE
edgy_gcc-4.3: DNE
feisty_gcc-4.3: DNE
gutsy_gcc-4.3: DNE
hardy_gcc-4.3: DNE
devel_gcc-4.3: not-affected (4.3.0-3ubuntu1)

Patches_glibc:
upstream_glibc: released (2.7-8)
dapper_glibc: not-affected (2.3.6-0ubuntu20)
edgy_glibc: not-affected (2.4-1ubuntu12)
feisty_glibc: not-affected (2.5-0ubuntu14)
gutsy_glibc: not-affected (2.6.1-1ubuntu9)
hardy_glibc: not-affected (2.7-9ubuntu2)
devel_glibc: not-affected (2.7-9ubuntu2)

Patches_linux-source-2.6.15:
 patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
upstream_linux-source-2.6.15: not-affected
dapper_linux-source-2.6.15: not-affected
edgy_linux-source-2.6.15: DNE
feisty_linux-source-2.6.15: DNE
gutsy_linux-source-2.6.15: DNE
hardy_linux-source-2.6.15: DNE
devel_linux-source-2.6.15: DNE

Patches_linux-source-2.6.17:
 patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
upstream_linux-source-2.6.17: not-affected
dapper_linux-source-2.6.17: DNE
edgy_linux-source-2.6.17: not-affected
feisty_linux-source-2.6.17: DNE
gutsy_linux-source-2.6.17: DNE
hardy_linux-source-2.6.17: DNE
devel_linux-source-2.6.17: DNE

Patches_linux-source-2.6.20:
 patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
upstream_linux-source-2.6.20: not-affected
dapper_linux-source-2.6.20: DNE
edgy_linux-source-2.6.20: DNE
feisty_linux-source-2.6.20: not-affected
gutsy_linux-source-2.6.20: DNE
hardy_linux-source-2.6.20: DNE
devel_linux-source-2.6.20: DNE

Patches_linux-source-2.6.22:
 patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
upstream_linux-source-2.6.22: not-affected
dapper_linux-source-2.6.22: DNE
edgy_linux-source-2.6.22: DNE
feisty_linux-source-2.6.22: DNE
gutsy_linux-source-2.6.22: not-affected
hardy_linux-source-2.6.22: DNE
devel_linux-source-2.6.22: DNE

Patches_linux:
 patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
upstream_linux: not-affected (2.6.24.4)
dapper_linux: DNE
edgy_linux: DNE
feisty_linux: DNE
gutsy_linux: DNE
hardy_linux: not-affected
devel_linux: not-affected