~ubuntu-security/ubuntu-cve-tracker/master

PublicDateAtUSN: 2010-12-29
Candidate: CVE-2010-3859
PublicDate: 2010-12-29
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3859
 http://www.ubuntu.com/usn/usn-1071-1
 http://www.ubuntu.com/usn/usn-1072-1
 http://www.ubuntu.com/usn/usn-1073-1
 http://www.ubuntu.com/usn/usn-1093-1
 http://www.ubuntu.com/usn/usn-1083-1
 http://www.ubuntu.com/usn/usn-1054-1
 http://www.ubuntu.com/usn/usn-1167-1
 http://www.ubuntu.com/usn/usn-1202-1
 http://www.ubuntu.com/usn/usn-1204-1
Description:
 Multiple integer signedness errors in the TIPC implementation in the Linux
 kernel before 2.6.36.2 allow local users to gain privileges via a crafted
 sendmsg call that triggers a heap-based buffer overflow, related to the
 tipc_msg_build function in net/tipc/msg.c and the verify_iovec function in
 net/core/iovec.c.
Ubuntu-Description: 
 Dan Rosenberg discovered that the Linux kernel TIPC implementation
 contained multiple integer signedness errors. A local attacker could
 exploit this to gain root privileges.
Notes: 
 Upstream commits 8acfe468b0384e834a303f08ebc4953d72fb690a
 and 253eacc070b114c2ec1f81b067d2fed7305467b0
Bugs: 
Priority: medium
Discovered-by: Dan Rosenberg
Assigned-to: rtg

Patches_linux-source-2.6.15:
upstream_linux-source-2.6.15: released (2.6.37~rc1)
dapper_linux-source-2.6.15: released (2.6.15-55.93)
hardy_linux-source-2.6.15: DNE
jaunty_linux-source-2.6.15: DNE
karmic_linux-source-2.6.15: DNE
lucid_linux-source-2.6.15: DNE
maverick_linux-source-2.6.15: DNE
natty_linux-source-2.6.15: DNE
devel_linux-source-2.6.15: DNE

Patches_linux:
 upstream: http://git.kernel.org/linus/8acfe468b0384e834a303f08ebc4953d72fb690a
 upstream: http://git.kernel.org/linus/253eacc070b114c2ec1f81b067d2fed7305467b0
upstream_linux: released (2.6.37~rc1)
dapper_linux: DNE
hardy_linux: released (2.6.24-28.86)
jaunty_linux: ignored (reached end-of-life)
karmic_linux: released (2.6.31-22.73)
lucid_linux: released (2.6.32-28.52)
maverick_linux: released (2.6.35-25.43)
natty_linux: released (2.6.37-2.9)
devel_linux: not-affected (2.6.39-0.0)

upstream_linux-ec2: released (2.6.37~rc1)
dapper_linux-ec2: DNE
hardy_linux-ec2: DNE
jaunty_linux-ec2: DNE
karmic_linux-ec2: released (2.6.31-307.27)
lucid_linux-ec2: released (2.6.32-312.24)
maverick_linux-ec2: ignored (binary supplied by "linux" now)
natty_linux-ec2: DNE
devel_linux-ec2: DNE

Patches_linux-ti-omap4:
upstream_linux-ti-omap4: released (2.6.37~rc1)
dapper_linux-ti-omap4: DNE
hardy_linux-ti-omap4: DNE
karmic_linux-ti-omap4: DNE
lucid_linux-ti-omap4: DNE
maverick_linux-ti-omap4: released (2.6.35-903.23)
natty_linux-ti-omap4: released (2.6.38-1201.2)
devel_linux-ti-omap4: not-affected (2.6.38-1309.13)

upstream_linux-lts-backport-maverick: released (2.6.37~rc1)
dapper_linux-lts-backport-maverick: DNE
hardy_linux-lts-backport-maverick: DNE
jaunty_linux-lts-backport-maverick: DNE
karmic_linux-lts-backport-maverick: DNE
lucid_linux-lts-backport-maverick: released (2.6.35-25.44~lucid1)
maverick_linux-lts-backport-maverick: DNE
natty_linux-lts-backport-maverick: DNE
devel_linux-lts-backport-maverick: DNE

Patches_linux-mvl-dove:
upstream_linux-mvl-dove: released (2.6.37~rc1)
dapper_linux-mvl-dove: DNE
hardy_linux-mvl-dove: DNE
karmic_linux-mvl-dove: ignored (abandonded branch)
lucid_linux-mvl-dove: released (2.6.32-214.30)
maverick_linux-mvl-dove: released (2.6.32-414.30)
natty_linux-mvl-dove: DNE
devel_linux-mvl-dove: DNE

Patches_linux-fsl-imx51:
upstream_linux-fsl-imx51: released (2.6.37~rc1)
dapper_linux-fsl-imx51: DNE
hardy_linux-fsl-imx51: DNE
karmic_linux-fsl-imx51: released (2.6.31-112.30)
lucid_linux-fsl-imx51: released (2.6.31-610.27)
maverick_linux-fsl-imx51: DNE
natty_linux-fsl-imx51: DNE
devel_linux-fsl-imx51: DNE

Patches_linux-lts-backport-natty:
upstream_linux-lts-backport-natty: released (2.6.37~rc1)
hardy_linux-lts-backport-natty: DNE
lucid_linux-lts-backport-natty: not-affected (2.6.38-1.27~lucid1)
maverick_linux-lts-backport-natty: DNE
natty_linux-lts-backport-natty: DNE
devel_linux-lts-backport-natty: DNE